Monitoring Data Minimisation

01/05/2018
by   Srinivas Pinisetty, et al.
0

Data minimisation is a privacy enhancing principle, stating that personal data collected should be no more than necessary for the specific purpose consented by the user. Checking that a program satisfies the data minimisation principle is not easy, even for the simple case when considering deterministic programs-as-functions. In this paper we prove (im)possibility results concerning runtime monitoring of (non-)minimality for deterministic programs both when the program has one input source (monolithic) and for the more general case when inputs come from independent sources (distributed case). We propose monitoring mechanisms where a monitor observes the inputs and the outputs of a program, to detect violation of data minimisation policies. We show that monitorability of (non) minimality is decidable only for specific cases, and detection of satisfaction of different notions of minimality in undecidable in general. That said, we show that under certain conditions monitorability is decidable and we provide an algorithm and a bound to check such properties in a pre-deployment controlled environment, also being able to compute a minimiser for the given program. Finally, we provide a proof-of-concept implementation for both offline and online monitoring and apply that to some case studies.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/20/2019

Gray-box Monitoring of Hyperproperties (Extended Version)

Many important system properties, particularly in security and privacy, ...
research
05/22/2017

Imperative Functional Programs that Explain their Work

Program slicing provides explanations that illustrate how program output...
research
08/27/2019

Who is to Blame? Runtime Verification of Distributed Objects with Active Monitors

Since distributed software systems are ubiquitous, their correct functio...
research
05/28/2017

Extending programs with debug-related features, with application to hardware development

The capacity and programmability of reconfigurable hardware such as FPGA...
research
12/23/2019

Automated Deductive Verification for Ladder Programming

Ladder Logics is a programming language standardized in IEC 61131-3 and ...
research
09/09/2019

CISE3: Verificação de aplicações com consistência fraca em Why3

In this article we present a tool for the verification of programs built...
research
11/30/2021

A framework to measure the robustness of programs in the unpredictable environment

Due to the diffusion of IoT, modern software systems are often thought t...

Please sign up or login with your details

Forgot password? Click here to reset