Publication Date


Date of Final Oral Examination (Defense)


Type of Culminating Activity


Degree Title

Master of Science in Computer Science


Computer Science

Major Advisor

Hoda Mehrpouyan, Ph.D.


Dianxiang Xu, Ph.D.


Elena Sherman, Ph.D.


In the development of complex systems, such as user-centric privacy management systems with multiple components and attributes, it is important to formalize the process and develop mathematical models that can be utilized to automatically make decisions on the information sharing actions of users. While valuable, the current state-of-the-art models are mostly based on enterprise/organizational privacy perspectives and leave the main actor, i.e., the user, uninvolved or with limited ability to control information sharing actions. These approaches cannot be applied to a user-centric environment since user privacy policies are dynamic because they change based on the information sharing context and environment. In this thesis, we focused on developing the main core of the framework which is the privacy formalization and verification engine that allows for the guided and flexible specification of user’s privacy policies. The formalization and verification engine reasons about the user’s privacy rules to find privacy violating information sharing actions and ensure that the privacy norms are unambiguous and consistent. Utilizing these privacy norms, the framework monitors user’s information sharing actions to detect privacy violations. In cases that an action is not compliant with the privacy norms, the framework utilizes a game theoretic approach to generate a privacy decision model. This model enables the users to proceed with the violating action without compromising their privacy by suggesting an information negotiation protocol based on the information sensitivity, users trust, and the reward of information sharing action.