Althubiti, Ebtihal Abdulmaeen (2025) Formalising privacy regulations with bigraphs. PhD thesis, University of Glasgow.
Full text available as:![[thumbnail of 2025althubitiphd.pdf]](https://theses.gla.ac.uk/style/images/fileicons/other.png) |
PDF
Download (3MB) |
Abstract
With many governments regulating the handling of user data—the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Saudi Arabian Personal Data Protection Law (PDPL)—ensuring system compliance with data privacy legislation is critically important. Organisations’ failure to comply with these regulations can result in severe financial penalties. Checking compliance is a complex process, and often includes manual procedures. We propose that formal methods, that model systems mathematically, can provide strong guarantees to help organisations prove their adherence to legislation.
This thesis introduces a formal privacy framework based on Milner’s Bigraphical Reactive Systems (BRSs), a universal formalism that captures both spatial (placement) and non-spatial (connectivity) relationships between entities. BRSs evolve over time via user-specified rewriting rules that can be defined algebraically and diagrammatically. The rewrite rules describe system behaviour and allow flexibility in integrating privacy policies with user defined systems. To increase usability, we advocate a diagrammatic approach, where privacy experts can explicitly visualise the systems and describe updates. We focus on modelling the following privacy concepts: cross-border data transfer constraints, providing consent, withdrawing consent, purpose limitations, the right to access and sharing data with third parties.
For formal verification, the framework combines static analysis (via inductive reasoning and sorting) with automated model checking, which uses predefined properties expressed in Computation Tree Logic (CTL). To support practical adoption, user interfaces (UIs) are developed to automatically generate well-formed initial states (the starting configurations of a system model) for the framework. The effectiveness and generality of the framework are demonstrated through real-world systems deployed by WhatsApp, Monzo Bank, and Fitbit.
| Item Type: | Thesis (PhD) |
|---|---|
| Qualification Level: | Doctoral |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software |
| Colleges/Schools: | College of Science and Engineering > School of Computing Science |
| Supervisor's Name: | Sevegnani, Dr. Michele |
| Date of Award: | 2025 |
| Depositing User: | Theses Team |
| Unique ID: | glathesis:2025-85505 |
| Copyright: | Copyright of this thesis is held by the author. |
| Date Deposited: | 07 Oct 2025 13:28 |
| Last Modified: | 07 Oct 2025 13:32 |
| Thesis DOI: | 10.5525/gla.thesis.85505 |
| URI: | https://theses.gla.ac.uk/id/eprint/85505 |
| Related URLs: |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year
Tools
Tools
