Configuring Private Data Management as Access Restrictions: From Design to Enforcement
Service-Oriented Computing (SOC) is a major trend in designing and implementing distributed computer-based applications. Dynamic late biding makes SOC a very promising way to realize pervasive computing, which promotes the integration of computerized artifacts into the fabric of our daily lives. However, pervasive computing raises new challenges which SOC has not addressed yet. Pervasive application relies on highly dynamic and heterogeneous entities. They also necessitate an important data collection to compute the context of users and process sensitive data. Such data collection and processing raise well-known concerns about data disclosure and use. They are a brake to the development of widely accepted pervasive applications. SOC already permits to impose constraints on the bindings of services. We propose to add a new range of constraints to allow data privatization, i.e. the restriction of their disclosure. We extend the traditional design and binding phases of a Service-Oriented Architecture with the expression and the enforcement of privatization constraints. We express and enforce these constraints according to a two phases model-driven approach. Our work is validated on real-world services.
KeywordsAccess restriction SOA workflow private data
- 6.Emerson, E.A.: Temporal and modal logic. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science, vol. B, pp. 995–1072. MIT Press (1990)Google Scholar
- 7.Ferraiolo, D.F., Kuhn, D.R.: Role-based access controls. In: Proceedings of the 15th National Computer Security Conference, pp. 554–563 (1992)Google Scholar
- 8.Garcia, D.Z.G., de Toledo, M.B.F.: Ontology-based security policies for supporting the management of web service business processes. In: ICSC, pp. 331–338 (2008)Google Scholar
- 11.Pnueli, A.: The temporal logic of programs. In: Proceedings of the 18th Annual Symposium on Foundations of Computer Science, pp. 46–57. IEEE Computer Society, Washington, DC (1977)Google Scholar
- 14.Souza, A.R.R., Silva, B.L.B., Lins, F.A.A., Damasceno, J.C., Rosa, N.S., Maciel, P.R.M., Medeiros, R.W.A., Stephenson, B., Motahari-Nezhad, H.R., Li, J., Northfleet, C.: Incorporating Security Requirements into Service Composition: From Modelling to Execution. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 373–388. Springer, Heidelberg (2009)CrossRefGoogle Scholar