Similar articles

Abstract: After a composite service is deployed, user privacy requirements and trust levels of component services are supject to variation. When the changes occur, it is critical to preserve privacy information flow security. We propose an approach to preserve privacy information flow security in composite service evolution. First, a privacy data item dependency analysis method based on a petri net model is presented. Then the set of privacy data items collected by each component service is derived through a privacy data item dependency graph, and the security scope of each component service is calculated. Finally, the evolution operations that preserve privacy information flow security are defined. By applying these evolution operations, the re-verification process is avoided and the evolution efficiency is improved. To illustrate the effectiveness of our approach, a case study is presented. The experimental results indicate that our approach has high evolution efficiency and can greatly reduce the cost of evolution compared with re-verifying the entire composite service.

保持隐私信息流安全性的服务组合演化方法

[1]Accorsi R, Lehmann A, Lohmann N, 2015. Information leak detection in business process models: theory, application, and tool support. Inform Syst, 47:244-257.

[2]Alam KA, Ahmad R, Akhunzada A, et al., 2015. Impact analysis and change propagation in service-oriented enterprises: a systematic review. Inform Syst, 54:43-73.

[3]Andrikopoulos V, Benbernou S, Papazoglou MP, 2012. On the evolution of services. IEEE Trans Softw Eng, 38(3):609-628.

[4]Bacon J, Eyers D, Pasquier TFJM, et al., 2014. Information flow control for secure cloud computing. IEEE Trans Netw Serv Manag, 11(1):76-89.

[5]Bell DE, LaPadula LJ, 1973. Secure computer systems: mathematical foundations. Technical Report, No. 2547. MITRE Corporation, Massachusetts, USA.

[6]Bishop M, 2002. Computer Security: Art and Science. Addison Wesley, New Jersey, USA.

[7]Denning DE, 1976. A lattice model of secure information flow. Commun ACM, 19(5):236-243.

[8]Fokaefs M, Mikhaiel R, Tsantalis N, et al., 2011. An empirical study on web service evolution. 9^th IEEE Int Conf on Web Services, p.49-56.

[9]Knorr K, 2001. Multilevel security and information flow in Petri net workflows. 9^th Int Conf on Telecommunication Systems, p.613-615.

[10]Liu C, Duan H, Zeng Q, et al., 2016. Towards comprehensive support for privacy preservation cross-organization business process mining. IEEE Trans Serv Comput, in press.

[11]Liu G, Reisig W, Jiang C, et al., 2016. A branching-process-based method to check soundness of workflow systems. IEEE Access, 4:4104-4118.

[12]Liu L, Zhu H, Huang Z, 2011. Analysis of the minimal privacy disclosure for web services collaborations with role mechanisms. Expert Syst Appl, 38(4):4540-4549.

[13]Lohmann N, Massuthe P, Stahl C, et al., 2006. Analyzing interacting BPEL processes. 4^th Int Conf on Business Process Management, p.17-32.

[14]Peng HF, Huang ZQ, Liu LY, et al., 2017. Static analysis method of secure privacy information flow for service composition. J Softw, in press.

[15]Qi SS, Li BX, Liu CC, et al., 2012. A trust impact analysis model for composite service evolution. 19^th IEEE Asia-Pacific Software Engineering Conf, p.73-78.

[16]She W, Yen IL, Thuraisingham B, et al., 2011. Rule-based run-time information flow control in service cloud. 9^th IEEE Int Conf on Web Services, p.524-531.

[17]Song W, Ma XX, Cheung SC, et al., 2010. Preserving data flow correctness in process adaptation. 7^th IEEE Int Conf on Services Computing, p.9-16.

[18]Tan W, Fan YS, Zhou MC, 2009. A Petri net-based method for compatibility analysis and composition of web services in business process execution language. IEEE Trans Autom Sci, 6(1):94-106.

[19]van der Aalst WMP, 1997. Verification of workflow nets. 18^th Int Conf on Application and Theory of Petri Nets, p.407-426.

[20]Wang SY, Capretz MAM, 2009. A dependency impact analysis model for web services evolution. 7^th IEEE Int Conf on Web Services, p.359-365.

[21]Wang SY, Capretz MAM, 2011. Dependency and entropy based impact analysis for service-oriented system evolution. 10^th IEEE/WIC/ACM Int Conf on Web Intelligence and Intelligent Agent Technology, p.412-417.

[22]Wang Y, Wang Y, 2013. A survey of change management in service-based environments. Serv Orient Comput Appl, 7(4):259-273.

[23]Wang Y, Yang J, Zhao WL, et al., 2012. Change impact analysis in service-based business processes. Serv Orient Comput Appl, 6(2):131-149.

[24]Xi N, Sun C, Ma JF, et al., 2015. Secure service composition with information flow control in service clouds. Fut Gener Comput Syst, 49:142-148.

[25]Yu WY, Yan CG, Ding ZJ, et al., 2014. Modeling and validating e-commerce business process based on Petri nets. IEEE Trans Syst Man Cybern Syst, 44(3):327-341.

[26]Yu WY, Yan CG, Ding ZJ, et al., 2016. Modeling and verification of online shopping business processes by considering malicious behavior patterns. IEEE Trans Autom Sci Eng, 13(2):647-662.

[27]Zeng J, Sun HL, Liu XD, et al., 2010. PRV: an approach to process model refactoring in evolving process-aware information systems. 7^th IEEE Int Conf on Services Computing, p.441-448.

[28]Zeng W, Koutny M, Watson P, et al., 2016. Formal verification of secure information flow in cloud computing. J Inform Secur Appl, 27:103-116.