An Epistemic Approach to Compositional Reasoning about Anonymity and Privacy

TL;DR

This paper introduces an epistemic logic framework to analyze the compositionality of privacy properties like anonymity and privacy, highlighting conditions under which these properties are preserved in complex systems.

Contribution

It develops a formal epistemic approach to ensure compositionality of privacy properties, identifying independence assumptions necessary for preserving anonymity and privacy in system compositions.

Findings

Sequential compositionality is not guaranteed without independence assumptions.

Independence assumptions can ensure the preservation of privacy properties.

Parallel composition results are also discussed.

Abstract

In this paper, we present an epistemic logic approach to the compositionality of several privacy-related informationhiding/ disclosure properties. The properties considered here are anonymity, privacy, onymity, and identity. Our initial observation reveals that anonymity and privacy are not necessarily sequentially compositional; this means that even though a system comprising several sequential phases satisfies a certain unlinkability property in each phase, the entire system does not always enjoy a desired unlinkability property. We show that the compositionality can be guaranteed provided that the phases of the system satisfy what we call the independence assumptions. More specifically, we develop a series of theoretical case studies of what assumptions are sufficient to guarantee the sequential compositionality of various degrees of anonymity, privacy, onymity, and/or identity properties. Similar results for parallel composition are also discussed.