A Formal Framework for Joint Privacy and Security Modeling and Analysis in Data and Communication Networks

We develop a formal framework to model and analyze combined security and privacy requirements in data and communication networks. The network is modeled by two interacting multigraphs: one representing the logical (social, organizational) relationships between nodes (users, servers), and a second one representing the physical interconnections between nodes. Nodes and links in both multigraphs are annotated by weights (numerical, logical, rules) that represent security and privacy requirements. Our recent theory of multiple semiring optimization and tradeoff analysis in networks forms the foundation. Automatic theorem proving and satisfiability methodologies are also employed. Extensions to dynamic networks, privacy and security, are described.