Danfeng Yan,Yuan Tian

DOI: https://doi.org/10.1109/ICBNMT.2013.6823964

2013-01-01

Abstract:Privacy has been acknowledged to be a critical requirement for composite services. In the previous research, we have introduced a privacy-preserving access model, but have no chance to detail the specifying of privacy policies for a composite service. However, the privacy policies in the services should be consistent with each other, and it decides the feasibility and effectiveness of the model. Therefore, this paper proposes a privacy policy composition mechanism that uses the existing policies of the atomic services. Through the definition of policies in the model, the rules to create the user profile and data profile have been derived and the profile samples are given. In the end, an application example is shown to explain that how to use the profiles in the composition engine of the model and then give the implementation of the approach.

Dan-feng YAN,Yuan TIAN,Jun-lin HUANG,Fang-chun YANG

DOI: https://doi.org/10.1016/s1005-8885(13)60253-8

2013-01-01

Abstract:Web services collaborative environments are highly automatic, dynamic, and heterogeneous. These characteristics always lead to high risks of services for interaction participants. Hence, it becomes one of the most important things to guarantee that the private information in cross-domain services is not illegally collected, used, disclosed or stored when the Web services are required to combine secure composition. This paper proposes the privacy-aware role based access control model for Web services composition (WSC-PRBAC), which provides protection for private data of users in composite service. The element services are divided into local services and outside services. Because the local service is authorized by users, it is exactly different from other services in the composition. To avoid sending private information to other outside services directly, we define global roles to help access these data in local service. Using global roles can realize a more strict control of the private data. In the end, the experiment and analysis of the proposed model show its and efficiency.

Sven Hartmann,Hui Ma,Panrawee Vechsamutvaree

DOI: https://doi.org/10.1007/978-3-662-54054-1_5

2016-01-01

Abstract:Web services have emerged as an open standard-based means for publishing and sharing data through the Internet. Whenever web services disclose sensitive data to service consumers, data privacy becomes a fundamental concern for service providers. In many applications, sensitive data may only be disclosed to particular users for specific purposes. That is, access to sensitive data is often restricted, and web services must be aware of these restrictions such that the required privacy of sensitive data can be guaranteed. Privacy preservation is a major challenge that has attracted much attention by researchers and practitioners. Hippocratic databases have recently emerged to protect privacy in relational database systems where the access decisions, allowed or denied, are based on privacy policies and authorization tables. In particular, the specific purpose of a data access has been considered. Ontologies has been used to represent classification hierarchies, which can be efficiently accessed via ontology query languages. In this paper, we propose an ontology-based data access model so that different levels of data access can be provided to web service users with different roles for different purposes. For this, we utilize ontologies to represent purpose hierarchies and data generalization hierarchies. For more complex service requests that require composite web services we discuss the privacy-aware composition of web services. To demonstrate the usefulness of our access control model we have implemented prototypes of financial web services, and used them to evaluate the performance of the proposed approach.

Yang Zhang,Jun-Liang Chen

DOI: https://doi.org/10.1109/SCC.2011.75

2011-01-01

Abstract:Privacy becomes an increasing concern in modern society because personal information is being collected by more and more online services on the Internet. Although many privacy-aware models and methods were proposed, the protection technology of privacy is underway. This paper aims at addressing privacy-aware access control in composite services. We introduce an automaton-based monitoring solution for privacy-vital information flow for a single execution of a composite service. In addition, this paper also gives a policy consolidation algorithm based on orchestration structures and attribute composition, which can also be used to combine privacy policies.

Mudhakar Srivatsa,Arun Iyengar,Thomas Mikalsen,Isabelle Rouvellou,Jian Yin

DOI: https://doi.org/10.1109/ICWS.2007.31

2007-01-01

Abstract:Service composition has emerged as a fundamental technique for developing Web applications. Multiple services, often from different organizations or trust domains, may be dynamically composed to satisfy a user's request. Access control in the presence of service compositions is a challenging security problem. In this paper, we present an access control model and techniques for specifying and enforcing access control rules on Web service compositions. A key advantage of our approach is that past histories of service invocations can be used to make access control decisions. Our approach allows role hierarchies and separation of duty constraints. Access controls rules may be parameterized by one or more arguments. We have implemented our access control model via a declarative policy specification language which uses pure-past linear temporal logic (PPLTL). We describe an implementation of our approach using a supply chain management (SCM) application. Our experiments show that our approach can enforce expressive and flexible access control policies while incurring reasonable performance overhead on the application.

Wuhui Chen,Incheon Paik,Patrick C. K. Hung

DOI: https://doi.org/10.3233/FI-2015-1178

2015-01-01

Fundamenta Informaticae

Abstract:A Web service is defined as an autonomous unit of application logic that provides either some business functionality or information to other applications through an Internet connection. Web services are based on a set of eXtensible Markup Language XML standards such as Universal Description, Discovery and Integration UDDI, Web Services Description Language WSDL, and Simple Object Access Protocol SOAP. Nowadays Web services are becoming more and more popular for supporting different social applications, thus there are also increasing demands and discussions about Web services privacy protection in information. In general, privacy policies describe an organization's data practices on what information they collect from individuals e.g., consumers and what e.g., purposes they do with it. To enable privacy protection for Web service consumers across multiple domains and services, the World Wide Web Consortium W3C published a document called “Web Services Architecture WSA Requirements” that defines some specific privacy requirements for Web services as a future research topic. This paper presents a mathematical model to construct the privacy policies in SOAP Message Exchange Patterns MEP for social services. Further, this paper also presents the privacy policies in security tokens with SOAP messages.

Shu Yi,Huang Linpeng

DOI: https://doi.org/10.3969/j.issn.1000-386x.2012.11.028

2012-01-01

Abstract:With the development of Web services technology,privacy protection issue in Web services invocation and composition has become a matter of concern.In this paper a Web services model based on decentralised label model(LWSM) is proposed,which can support the message transferring between mutually distrusted services without privacy leakage.On the basis of LWSM,a solution for security issue of information flow in WS-BPEL using static check is given and studied.

Li Lin,Tingting Liu,Jian Hu,Jian-biao Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097878

2014-01-01

Abstract:Recent years have witnessed the rapid development of cloud computing, which leverages its unique services to cloud customers in a pay-as-you-go, anytime, anywhere manner. However, a significant barrier to the adoption of cloud services is that users fear data leakage and loss of privacy if their sensitive data is processed in the cloud. Hence, the cloud customer must be able to select appropriate services according to his or her privacy and security needs. In this paper, we propose a novel cloud service selection method called PCSS, where a cloud service is estimated based on its capability of privacy protection (CoPP) covering the entire life-cycle of users' data. A scalable assessment index system with a 2-level hierarchy structure is constructed to analyze and quantify the CoPP of cloud service. The first-level index is composed of all stages of data life-cycle and the second-level index involves privacy-aware security mechanisms at each stage. We employ a fuzzy comprehensive evaluation technique to count the privacy-preserving value of security mechanism. An AHP- based approach is exploited to decide the impact weight of different security mechanisms to the CoPP of each stage. By calculating a comprehensive CoPP metric of all life-cycle stages, all cloud services can be sorted and recommended to users. An example analysis is given, and the reasonableness of the proposed method is proved. Comprehensive experiments have been conducted, which demonstrate the effectiveness of the proposed method by the comparison with the baseline method at the service selection performance.

Linyuan Liu,Haibin Zhu,Zhiqiu Huang,Dongqing Xie

DOI: https://doi.org/10.1016/j.csi.2010.09.001

2011-03-01

Abstract:With the popularity of Internet technology, web services are becoming the most promising paradigm for distributed computing. This increased use of web services has meant that more and more personal information of consumers is being shared with web service providers, leading to the need to guarantee that the private data of consumers are not illegitimate collected, used and disclosed in services collaboration. This paper studies how to realize the minimal privacy authorization while achieving the functional goals. Initially, this paper uses authorization policies to specify the privacy privileges of the services collaboration, and utilizes the trust relationships among services to make authorization decision. Next, it models the interface behaviors of services by extending the interface automata to support privacy semantics. Furthermore, it quantitatively analyzes the minimum set of privacy privileges which are required by the services to achieve the functional goals, and presents the minimal authorization algorithm, which helps us to automatically derive optimal authorization policies for a services collaboration. Finally, it verifies the correctness and efficiency of the approach proposed by this paper through a case study.

computer science, software engineering, hardware & architecture

Jun Han,Yanbo Han,Yan Jin,Jianwu Wang,Jian Yu

DOI: https://doi.org/10.1109/SCC.2006.80

2006-01-01

Abstract:End-user service composition is a promising way to ensure flexible, quick and personalized information provision and utilization, and consequently to better cope with spontaneous business requirements. For end-users to compose services directly, issues like service granularity, service organization and businesslevel semantics are critical. End-users will certainly be at loss if they have to select from a long list of available Web services expressed in IT jargons. This article introduces the concept of personalized active service spaces and focuses on the use of business services, service dependency rules, and service personalization rules to support end-user service composition. It addresses two key issues in end-user composition: how to utilize the user preference and context to restrict the scope of applicable services for selection, and how to capture and utilize dependencies or usage patterns between services in order to provide guidance and enforce temporal/sequential restrictions on service invocations for end-user service compositions.

Fei Xu,Jingsha He,Xu Wu,Jing Xu

DOI: https://doi.org/10.1109/NSWCTC.2009.125

2009-01-01

Abstract:Privacy is one of the most important issues in providing high-quality ubiquitous network services to users over the Internet. Although several privacy aware access control models have been proposed in recent years, these models still rely mostly on the traditional access control models designed primarily for security. When privacy becomes a main concern, these models are no longer adequate. In this paper, we propose a three-dimensional access control model enhanced with privacy and show that our model can be used as a general method for defining privacy requirements in systems that respect and protect user privacy. By introducing the notions of privacy-concerning subjects and privacy access rights and enhancing the traditional two-dimensional access control models with a third dimension, we demonstrate that our privacy-enhanced access control model can better describe and support user requirements for protecting private information when access control is used for making access decisions to user information.

PengWei Wang,ZhiJun Ding,ChangJun Jiang,MengChu Zhou

DOI: https://doi.org/10.1109/tsmc.2013.2280559

2013-01-01

IEEE Transactions on Systems Man and Cybernetics Systems

Abstract:The creation of value-added services by automatic composition of existing ones is gaining significant momentum as the potential silver bullet in service-oriented computing. A large number of composition methods have been proposed, and most of them are based on the matching of input and output parameters of services only. However, most services in the real world are not universally applicable, and some applicable conditions or restrictions are imposed on them by their providers. Such constraints have a great impact on service composition, but have been largely ignored by the existing methods. In this paper, they are discussed and defined, and a simple formal expression is adopted to describe them. Two novel concepts, called service intension and service extension, are presented, which allow one to divide the basic elements of a web service definition into two parts. Consequently, their use allows us to propose a constraint-aware service composition method in which service constraints are well taken care. The proposed solution includes a graph search-based algorithm and two novel preprocessing methods. A publicly available test set from ICEBE05 is used to evaluate and analyze the proposed methodology.

Zengzhi Li

2007-01-01

Abstract:Pragmatic-context information acts as an important role in providing PWS. First of all, a pragmatic-context information using model is proposed for pragmatic Web service composition. Then a model for context-aware PWS composition is given. Using this model, services composition systems can handle pragmatic-context information in a common way satisfying the pragmatic-context aware. Finally, pragmatic-context information parameters are translated to presumed value on QoS for deciding of which service to be selected.

Aiqiang Gao,Dongqing Yang,Shiwei Tang,Ming Zhang

DOI: https://doi.org/10.1109/icpca.2008.4783602

2008-01-01

Abstract:The emerging paradigm of pervasive computing and web services needs a flexible service discovery and composition infrastructure. The widespread use of Web services in pervasive environments is hindered by the lack of adequate security and privacy support. In this paper, we discuss an access control protocol for conversation-based (composite) Web services. This approach takes into account the conversational nature of composite web services and differentiates two types of web service: goal-driven and interaction-intensive. The former is goal driven and the client cares about the final goal and participates the conversation at only a few steps. While the interaction-intensive composite web service is interaction heavy, and the service and the client need to interact with each other frequently to exchange access control credentials.

Yi-qiang Li,Zhiliang Zhu

DOI: https://doi.org/10.4304/jsw.7.4.878-883

2012-01-01

Abstract:The creation of value-added composite web services provides an opportunity to B2B collaborations. The process of composing services is also a process of making services cooperative with each other in order to achieve the composing goal. This paper researches on how to compose web Services in order to implement personalizing application. And a users-oriented composing approach is proposed in this paper which implements the virtualization of web Services through 3-level mappings in order to map the user-familiar business services to physical web services, implements the transformation from composite business service process to composite web service process through planning techniques and through service selection makes the composite web service meets users’ requirements. The research shows that the prototype system of this approach is used well by normal business users and can also improve the effectiveness of formalization of composite web service.

Shahedeh Khani,Cristina Gacek,Peter Popov

DOI: https://doi.org/10.48550/arXiv.1510.02391

2015-10-07

Abstract:Dependability is an important characteristic that a trustworthy computer system should have. It is a measure of Availability, Reliability, Maintainability, Safety and Security. The focus of our research is on security of web services. Web services enable the composition of independent services with complementary functionalities to produce value-added services, which allows organizations to implement their core business only and outsource other service components over the Internet, either pre-selected or on-the-fly. The selected third party web services may have security vulnerabilities. Vulnerable web services are of limited practical use. We propose to use an intrusion-tolerant composite web service for each functionality that should be fulfilled by a third party web service. The third party services employed in this approach should be selected based on their security vulnerabilities in addition to their performance. The security vulnerabilities of the third party services are assessed using a penetration testing tool. In this paper we present our preliminary research work.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Information Theory,Software Engineering

Feng Gao,Jingsha He,Shunan Ma

DOI: https://doi.org/10.1109/SOCA.2010.5707176

2010-01-01

Abstract:Nowadays, abundance of Web applications offers flexible and convenient services for users. Although almost all Web sites have their own privacy policies and declare that they won't disclose users' privacy without their consent, users may still receive spam messages after they register or interact with some sites. Obviously, commercial interests can drive some sites to disclose users' privacy such as email addresses to third parties. In this paper, we propose a collaborative method to identify Web sites that disclose users' privacy by using a privacy disclosure finding protocol inspired from secure multiparty computation (SMC). The advantages of our method are that the method can identify privacy disclosure sites while preserving volunteers' privacy and that the method uses a collaborative approach without relying on a trusted third party which makes it practical in the reality of Web based services.

Taiqi Wang,Ting He,Fu-Jun Shi,Tianyang Li

DOI: https://doi.org/10.1109/icss.2016.11

2016-01-01

Abstract:An appropriate selection is of great importance to Web service composition. Current approaches normally focus on the average performance of quality of service (QoS) of Web services while not paying more attention to the performance such as stability considering the changing environments. In addition, Web services are differentiated from others with same functions which are provided by various physical origins of service requesters and service providers, which will lead to unexpected QoS of Web service system. To solve the two issues, this paper presents a QoS-aware strategy for Web service composition based on cloud model, and correspondingly designs a multi-objective Web service composition algorithm based on quantum genetic algorithm. The simulation based on a typical dataset validates the proposed approach finally.

XuanZhe Liu

DOI: https://doi.org/10.1007/s11432-010-0013-0

2010-01-01

Science China Information Sciences

Abstract:In the recent years, the web has kept growing rapidly and undergone tremendous changes towards a user-centric environment. With the proliferation of services available on the Internet, millions of users are able to voluntarily participate in and collaborate for their own interests and benefits by means of service composition. However, due to the ever increasing number of services, it then becomes a challenging issue to enable the users to rapidly select and compose the proper services. In this paper, we propose an approach which utilizes service communities for automated service composition. This paper makes three contributions. Firstly, we propose the service community architecture and identify two key components to facilitate service discovery and composition. Secondly, assisted by the service community, we provide two composition types to help users explore the space of potential composition opportunities without having to understand too many details of individual candidate services. Finally, we evaluate our approach by performance analysis and provide a web-based prototype that lowers the entry barrier for the users.

Hongbing Wang,Bin Zou,Guibing Guo,Danrong Yang,Jie Zhang

DOI: https://doi.org/10.1109/TSC.2015.2491926

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:Web service composition is a process to compose homogenous or heterogeneous services together in order to create value-added services. Many non-functional features including QoS and user preferences have been adopted to guide such a process. However, two issues are observed: (1) the expressiveness of user preference is subject to quantitative preferences without proper use of qualitative preferenc...