College of Engineering
In the age of the internet, the ways in which peoples’ personal information can be shared, both knowingly and unknowingly, have expanded greatly, and many people are worried about this disclosure. This research project aims to create a system that allows the user to define rules for with whom and under what circumstances they wish their private information to be shared, and determines if certain information-sharing actions the user enacts violate previously-defined rules. Rules can be simple access rules that grant access to information at any time, rules that depend on it being a certain time or day, and rules that rely on previous information-sharing events. When the user attempts to share information with a group of people, the program determines if the action is valid by using an SMT solver (a program that solves logical formulas) to evaluate all applicable rules to the given information-sharing action. The program also uses a DFA (a model composed of states which accepts a string of symbols) runtime monitor to keep track of the history of information sharing. If a rule specifies that certain information-sharing events must have occurred before sharing, the program checks the DFA. If it is in a valid state, the action will be allowed; if it is not in a valid state, it will be rejected.