Constrained PET Composition for Measuring Enforced Privacy

Abstract

Privacy Enhancing Technologies (PETs) are well-defined, domain-specific means to preserve information privacy in computerized systems, i.e., by protecting Personally Identifiable Information (PII). We believe that increasing privacy awareness and governance will lead to wider adoption of PETs in service infrastructures. To support that, a better understanding of privacy-enhanced services composed out of multiple PETs is necessary. To the best of the authors’ knowledge, there is no general domain-independent and formal PET model and research about their composition is missing. The work at hand presents a formal, set-based and domain-independent taxonomy model for PETs, along with an algebra for constrained composition of PETs. The measurement of enforced privacy in service infrastructures with deployed PETs is one of many use cases for such a PET algebra and is demonstrated subsequently in a scenario with two exemplary privacy-enhanced services.

Publication
Proceedings of the 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy, August 29 - September 01, 2017