Privacy, Information Disclosure, and Authorization from a Logical Perspective
What is privacy? Once we have a definition, how do we enforce adherence to privacy policies? And, finally, how do we circumscribe the consequences of policy definitions in a rigorous manner?
These questions are the subject of much current research, but we are still far away from a grand unifying theory of privacy and information flow. One of the problems is that these questions have many social and psychological components that are difficult to reconcile with their mathematical and computational aspects. Yet even on the foundational side our understanding of privacy and limited information disclosure is still highly incomplete, despite recent advances.
The logical approach has several advantages over current attempts that are more operational in flavor. Perhaps most importantly, logic is endowed with an internal notion of justification, namely proof. This provides the link between policy specification, policy enforcement, and reasoning about policies in a scalable and flexible way. Secondly, modern logical systems are constructed in an inherently open-ended way, which means that we can add and subtract logical operators to respond to the demands of the application in a modular way. It also allows both developers and users to understand the logical connectives largely independently instead of as complex web of tightly interconnected pieces.