Static Analysis Method of Secure Privacy Information Flow for Service Composition

被引：0

作者：

Peng H.-F. ^{[1
,2
]}

Huang Z.-Q. ^{[1
]}

Liu L.-Y. ^{[3
]}

Li Y. ^{[1
]}

Ke C.-B. ^{[4
]}

机构：

[1] College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing

[2] College of Computer Engineering, Nanjing Institute of Technology, Nanjing

[3] Department of E-Commerce, Nanjing Audit University, Nanjing

[4] College of Computer, Nanjing University of Posts and Telecommunications, Nanjing

来源：

Huang, Zhi-Qiu (zqhuang@nuaa.edu.cn) | 1739年 / Chinese Academy of Sciences卷 / 29期

基金：

中国国家自然科学基金;

关键词：

Information flow security; Privacy protection; Security model; Service composition; Static analysis; Workflow net;

D O I：

10.13328/j.cnki.jos.005276

中图分类号：

学科分类号：

摘要：

Many service composition scenarios involve the sharing of user's privacy data. Due to the transparency of composition's business logic and lack of privacy protocol between user and member service, how to prevent the leakage of user privacy information has become a hot research topic in the field of service-oriented computing. A static analysis method of secure privacy information flow for service composition is proposed in this article according to the characteristics of privacy protection. Firstly, a security model is developed to formalize the security policy of privacy information flow on three aspects: service reputation, retention and purpose. Then, the composition is modeled with privacy workflow net, which gives support to the analysis of privacy information flow, and the detection of privacy information leakage is performed by analyzing execution paths of composition. Finally, a case study is included to demonstrate the effectiveness of the proposed method, and the performance experiment is also presented. Compared with the existing relevant works, the security model proposed reflects the characteristics of privacy protection, and the analysis method is able to deal with issues caused by the aggregation of privacy data items. Therefore, the application of this method can prevent the information leakage more efficiently. © Copyright 2018, Institute of Software, the Chinese Academy of Sciences. All rights reserved.

引用

页码：1739 / 1755

页数：16

共 26 条

[1] Pearson S., Taking account of privacy when designing cloud computing services, Proc. of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 44-52, (2009)
[2] Warren S.D., Brandeis L.D., The right to privacy, Harvard Law Review, 4, 5, pp. 193-220, (1890)
[3] Westin A., Privacy and Freedom, (1967)
[4] Goldberg I., Wagner D., Brewer E., Privacy-Enhancing technologies for the Internet, Proc. of the 42nd IEEE Int'l Computer Conf., pp. 103-109, (1997)
[5] Ke C.B., Huang Z.Q., Tang M., Supporting negotiation mechanism privacy authority method in cloud computing, Knowledge-Based Systems, 51, pp. 48-59, (2013)
[6] Allison D.S., El Yamany H.F., Capretz M., Meta model for privacy policies within SOA, Proc. of the 2009 Int'l Conf. on Software Engineering (ICSE) Workshop on Software Engineering for Secure Systems, pp. 40-46, (2009)
[7] OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, (2013)
[8] Liu L.Y., Li Q., Zhu Y., Zhou H., Xiao F.X., Huang Z.Q., Specification and verification of privacy requirements in Web service compositions, Journal of PLA University of Science and Technology (Natural Science Edition), 13, 1, pp. 27-33, (2012)
[9] Li Y.H., Paik H.Y., Benatallah B., Formal consistency verification between BPEL process and privacy policy, Proc. of the 2006 Int'l Conf. on Privacy, Security and Trust (PST): Bridge the Gap Between PST Technologies and Business Services, pp. 1-10, (2006)
[10] Yan D., Tian Y., Huang J., Yang F., Privacy-Aware RBAC model for Web services composition, The Journal of China Universities of Posts and Telecommunications, 20, 1, pp. 30-34, (2013)

← 1 2 3 →