A Model-oriented Reasoning Framework for Privacy Analysis of Complex Systems

This paper proposes a reasoning framework for privacy properties of systems and their environments that can capture any knowledge leaks on different logical levels of the system to answer the question: which entity can learn what? With the term knowledge we refer to any kind of data, meta-data or interpretation of those that might be relevant. To achieve this, we present a modeling framework that forces the developers to explicitly describe which knowledge is available at which entity, which knowledge flows between entities and which knowledge can be inferred from other knowledge. In addition, privacy requirements are specified as rules describing forbidden knowledge for entities. Our modeling approach is incremental, starting from an abstract view of the system and adding details through well-defined transformations. This work is intended to complement existing approaches and introduces steps towards more formal foundations for privacy oriented analyses while keeping them as accessible as possible. It is designed to be extensible through schemata and vocabulary to enable compatibility with external requirements and standards.