I-Corps: Privacy aware information systems using contextual integrity principle

I-Corps：使用上下文完整性原则的隐私意识信息系统

• 批准号: 1650769
• 负责人: Lakshminarayan Subramanian
• 金额: $ 5万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-12-01 至 2018-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1650769&HistoricalAwards=false
• 关键词: Corps; Privacy; aware; information; systems

The broader impact/commercial potential of this I-Corps project is to provide a privacy design framework that leverages contextual integrity (CI) principles combined with formal logic methods to enable organizations and end users to build new forms of privacy aware information systems. The privacy design framework addresses a fundamental privacy gap in existing information systems in large organizations between system level privacy guarantees and privacy expectations of end users. It is envisioned that the privacy design framework will be a service that enables ordinary users to express complex privacy rules in an organization based on CI principles. It will also leverage formal logic methods to convert contextual integrity rules to logic programs that verify the privacy properties of information flows within the organization. This privacy framework aims to ease the development of new privacy aware information systems that support the full spectrum of stakeholders in organizations including end users, administrators, system designers and regulators. It can enable greater transparency for regulators, data protection authorities, administrators and end users.This I-Corps project will evaluate privacy as a service design framework using the principles of contextual integrity theory that offers system designers the tools to clearly articulate, design and implement privacy policies in large scale information systems, where the privacy policies clearly match the privacy expectations of end users. The privacy framework makes three fundamental research contributions: (i) The framework uses the theory of contextual integrity to formalize informational norms as logical rules that constitute a privacy logic of the system, thereby providing the ability to reason about privacy in complex information systems; (ii) The framework is modular and domain agnostic where it decouples specification of privacy logic from the enforcement of privacy checks on information flows within the system while requiring minimal modifications to the underlying system; (iii) The system leverages formal logic methods to ensure the correctness of privacy policy specifications and ensures that information exchange within the system strictly follows the established privacy norms of a given context.

这个I-Corps项目的更广泛的影响/商业潜力是提供一个隐私设计框架，该框架利用上下文完整性（CI）原则与形式逻辑方法相结合，使组织和最终用户能够构建新形式的隐私感知信息系统。隐私设计框架解决了大型组织现有信息系统中系统级隐私保证和最终用户隐私期望之间的根本隐私差距。据设想，隐私设计框架将是一个服务，使普通用户能够表达复杂的隐私规则的组织的基础上CI原则。 它还将利用形式逻辑方法将上下文完整性规则转换为逻辑程序，以验证组织内信息流的隐私属性。该隐私框架旨在简化新的隐私感知信息系统的开发，以支持组织中的所有利益相关者，包括最终用户，管理员，系统设计师和监管机构。这个I-Corps项目将使用上下文完整性理论的原则来评估隐私作为一个服务设计框架，该理论为系统设计人员提供了在大型信息系统中明确阐述、设计和实施隐私政策的工具，其中隐私政策明确符合最终用户的隐私期望。隐私框架做出了三个基本的研究贡献：（i）该框架使用上下文完整性理论将信息规范形式化为构成系统的隐私逻辑的逻辑规则，从而提供了在复杂信息系统中推理隐私的能力;（二）该框架是模块化的和领域不可知的，其中它将隐私逻辑的规范与对内部信息流的隐私检查的执行相结合。该系统利用形式逻辑方法来确保隐私政策规范的正确性，并确保系统内的信息交换严格遵循给定上下文的既定隐私规范。