Application of formal modelling to mitigate metadata driven privacy violation

Thesis

In this current Data Economy, the increasing value of data, in addition to the lack of ownership afforded to users, has brought about a plethora of digital privacy issues. These issues can be seen as a result of the rate at which data generated by users absconds to exist in the databases of data aggregators and brokers, often occurring without user awareness, conscious input, or reasoned consent. As it relates to passive data, which is mostly in the form of metadata, such data collection risks exposing users to inferential predictions made by sophisticated data algorithms on these aggregated data sets that reside in companies’ databases.

n this dissertation, we have dissected the various challenging and, at times, conflicting issues in this area leading us to draft consequent subsidiary research questions to address these issues. From this, in this dissertation we consider the following question: “How can we leverage a decentralised approach to data ownership, together with formal models of data. access, to aid in the protection of data subjects’ privacy so as to mitigate inference-driven identity exposures from metadata collection?”

Thus, our contributions are as follows. First, we explicitly outline our understanding of privacy. We then explore a formal model for the Solid ecosystem, which serves to provide a decentralised web architecture offering user-determined access control. Whereupon, we decided to build upon this decentralisation structure via the dynamic Category-Based Access Control (CBAC) framework.

Finally, we present a formal model that has the potential to underpin models to mitigate inference-driven identity exposures from metadata collection through compounding the prior research contributions in a cohesive manner that meets our intended privacy objectives.

Authors: Eviette, M

• DOI: 10.5287/ora-eokmwgk9p
• Type of award: DPhil
• Level of award: Doctoral
• Awarding institution: University of Oxford
• Language: English
• Keywords: data economy; formal methods; data privacy; propositional logic; access control
• Subjects: Formal methods (Computer science)--Congresses; Data protection; Online identities; Logic, Symbolic and mathematical