Specification and Verification of User Privacy Requirements for Service Composition
Author:
Affiliation:

Fund Project:

National Natural Science Foundation of China (61272083); National High-Tech R&D Program of China (863) (2015AA015303); China Postdoctoral Science Foundation (20110491411); Jiangsu Planned Projects for Postdoctoral Research Funds (1101092C)

  • Article
  • | |
  • Metrics
  • |
  • Reference [36]
  • |
  • Related [20]
  • | | |
  • Comments
    Abstract:

    Users have different privacy information disclosure requirements when they submit private data to service composition, and the composition should support the verification of users' privacy requirements. This paper puts forward a flexible method for users to produce privacy requirement specifications. Users can define the sensitivity of private data and its usage in different situations, and restrict the member services that can use private data with sensitivity-reputation function. The simplification and universality of the privacy requirements can be improved by using this method. The process first establishes privacy data item relations by using the privacy data item dependency graph (PDIDG), then models the service composition with privacy open workflow net (POWFN), and at last, makes sure whether service composition meets the user's privacy requirements by privacy requirements verification algorithm. An example is provided to illustrate the effectiveness of the method, and experiment analysis on the performance of the verification algorithm is carried out at the end of paper.

    Reference
    [1] Papazoglou MP, Van Den Heuvel WJ. Service oriented architectures: Approaches, technologies and research issues. The Int'l Journal on Very Large Data Bases, 2007,16(3):389-415. [doi: 10.1007/s00778-007-0044-3]
    [2] Ke CB. Research on privacy analysis and protection method of service composition in cloud computing [Ph.D. Thesis]. Nanjing: Nanjing University of Aeronautics and Astronautics, 2014 (in Chinese with English abstract).
    [3] Fan GS, Yu HQ, Chen LQ, Liu DM. Fault diagnosis and handling for service composition based on petri nets. Ruan Jian Xue Bao/ Journal of Software, 2010,21(2):231-247 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3790.htm [doi: 10.3724/SP.J.1001.2010.03790]
    [4] Meziane H, Benbernou S. A dynamic privacy model for Web services. Computer Standards & Interfaces, 2010,32(5):288-304. [doi: 10.1016/j.csi.2010.02.001]
    [5] Ke CB, Huang ZQ, Tang M. Supporting negotiation mechanism privacy authority method in cloud computing. Knowledge-Based Systems, 2013,51:48-59. [doi: 10.1016/j.knosys.2013.07.001]
    [6] Cranor L, Langheinrich M, Marchiori M, Presler-Marshall M, Reagle J. The platform for privacy preferences 1.0 (P3P1.0) specification. W3C Recommendation. 2002.
    [7] Cranor L, Langheinrich M, Marchiori M. A P3P preference exchange language 1.0 (APPEL1.0). W3C Working Draft, 2002.
    [8] Parducci B, Lockhart H. eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS, 2013.
    [9] Allison DS, EL Yamany HF, Capretz M. Meta model for privacy policies within SOA. In: Proc. of the 2009 Int'l Conf. on Software Engineering (ICSE) Workshop on Software Engineering for Secure Systems. New York: IEEE Press, 2009. 40-46. [doi: 10.1109/ IWSESS.2009.5068457]
    [10] Hewett R, Kijsanayothin P. On securing privacy in composite Web service transactions. In: Proc. of the 2009 Int'l Conf. for Internet Technology and Secured Transactions. New York: IEEE Press, 2009. 1-6. [doi: 10.1109/ICITST.2009.5402545]
    [11] Li YH, Paik HY, Benatallah B. Formal consistency verification between BPEL process and privacy policy. In: Proc. of the 2006 Int'l Conf. on Privacy, Security and Trust (PST): Bridge the Gap Between PST Technologies and Business Services. New York: ACM Press, 2006. 1-10. [doi: 10.1145/1501434.1501466]
    [12] Ma Z, Mangler J, Wagner C, Bleier T. Enhance data privacy in service compositions through a privacy proxy. In: Proc. of 2011 the 6th Int'l Conf. on Availability, Reliability and Security. New York: IEEE Press, 2011. 615-620. [doi: 10.1109/ARES.2011.94]
    [13] Nakajima S. Model-Checking of safety and security aspects in Web service flows. In: Koch N, Fraternali P, Wirsing M, eds. Proc. of the Web Engineering. Berlin: Springer-Verlag, 2004. 488-501. [doi: 10.1007/978-3-540-27834-4_60]
    [14] Hutter D, Volkamer M. Information flow control to secure dynamic Web service composition. In: Clark J, Paige RF, Polack F, Brooke PJ, eds. Proc. of the Security in Pervasive Computing. Berlin: Springer-Verlag, 2006. 196-210. [doi: 10.1007/11734666_ 15]
    [15] Wei J, Singaravelu L, Pu C. A secure information flow architecture for Web service platforms. IEEE Trans. on Services Computing, 2008,1(2):75-87. [doi: 10.1109/TSC.2008.10]
    [16] Demongeot T, Totel E, Traon YL. Preventing data leakage in service orchestration. In: Proc. of the 2011 Int'l Conf. on Information Assurance and Security. New York: IEEE Press, 2011. 122-127. [doi: 10.1109/ISIAS.2011.6122806]
    [17] Wang H, Qin KF. Research on internet users' personal information sensitivity. Journal of Intelligence, 2013,31(12):171-175 (in Chinese with English abstract).
    [18] Hayes CM, Kesan JP, Bashir M, Hoff K, Jeon G. Knowledge, behavior, and opinions regarding online privacy. In: Proc. of the 2014 Research Conf. on Communications, Information and Internet Policy. Washington: SSRN, 2014. 1-34.
    [19] Zheng J, Huang Z, Hu J, Wei O, Liu L. Trust-Based privacy authorization model for Web service composition. In: Wu YW, ed. Proc. of the Software Engineering and Knowledge Engineering: Theory and Practice. Berlin: Springer-Verlag, 2012. 307-313. [doi: 10.1007/978-3-642-25349-2_41]
    [20] Liu LY, Li Q, Zhu Y, Zhou H, Xiao FX, Huang ZQ. Specification and verification of privacy requirements in Web service compositions. Journal of PLA University of Science and Technology (Natural Science Edition), 2012,13(1):27-33 (in Chinese with English abstract). [doi: 10.3969/j.issn.1009-3443.2012.01.006]
    [21] Xu W, Venkatakrishnan VN, Sekar R, Ramakrishnan IV. A framework for building privacy-conscious composite Web services. In: Proc. of the 2006 Int'l Conf. on Web Services. New York: IEEE Press, 2006. 655-662. [doi: 10.1109/ICWS.2006.4]
    [22] Yee GOM. Estimating the privacy protection capability of a Web service provider. Int'l Journal of Web Services Research, 2009, 6(2):20-41. [doi: 10.4018/jwsr.2009092202]
    [23] Weible RJ. Privacy and data: An empirical study of the influence of types of data and situational context upon privacy perceptions [Ph.D. Thesis]. Mississippi State: Mississippi State University, 1993.
    [24] Li YH. A framework to enforce privacy in business processes [Ph.D. Thesis]. Sydney: University of New South Wales Sydney, 2008.
    [25] Lohmann N, Massuthe P, Stahl C, Weinberg D. Analyzing interacting BPEL processes. In: Dustdar S, Fiadeiro JL, Sheth AP, eds. Proc. of the Business Process Management. Berlin: Springer-Verlag, 2006. 17-32. [doi: 10.1007/11841760_3]
    [26] Lohmann N, Massuthe P, Stahl C, Weinberg D. Analyzing interacting WS-BPEL processes using flexible model generation. Data & Knowledge Engineering, 2008,64(1):38-54. [doi: 10.1016/j.datak.2007.06.006]
    [27] Lohmann N. A feature-complete petri net semantics for WS-BPEL 2.0. In: Dumas M, Heckel R, eds. Proc. of the Web Services and Formal Methods. Berlin: Springer-Verlag, 2008. 77-91. [doi: 10.1007/978-3-540-79230-7_6]
    [28] bpel2owfn. 2007. http://www.gnu.org/software/bpel2owfn/index.html
    [29] fiona. 2006. http://www2.informatik.hu-berlin.de/top/tools4bpel/fiona
    [30] ctrip open API platform. 2013 (in Chinese). http://u.ctrip.com/union/Default.aspx
    附中文参考文献:
    [2] 柯昌博.云服务组合隐私分析与保护方法研究[博士学位论文].南京:南京航空航天大学,2014.
    [3] 范贵生,虞慧群,陈丽琼,刘冬梅.基于Petri网的服务组合故障诊断与处理.软件学报,2010,21(2):231-247. http://www.jos.org.cn/ 1000-9825/3790.htm [doi: 10.3724/SP.J.1001.2010.03790]
    [17] 王晗,秦克飞.网络用户个人信息的敏感度研究.情报杂志,2013,31(12):171-175.
    [20] 刘林源,李清,祝义,周航,肖芳雄,黄志球.Web服务组合中的隐私需求规约与验证.解放军理工大学学报(自然科学版),2012, 13(1):27-33. [doi: 10.3969/j.issn.1009-3443.2012.01.006]
    [30] 携程开放平台.2013. http://u.ctrip.com/union/Default.aspx
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

彭焕峰,黄志球,范大娟,章永龙.面向服务组合的用户隐私需求规约与验证方法.软件学报,2016,27(8):1948-1963

Copy
Share
Article Metrics
  • Abstract:3922
  • PDF: 5120
  • HTML: 2066
  • Cited by: 0
History
  • Received:September 21,2014
  • Revised:November 21,2015
  • Online: December 25,2015
You are the first2033331Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063