Abstract
After a composite service is deployed, user privacy requirements and trust levels of component services are subject to variation. When the changes occur, it is critical to preserve privacy information flow security. We propose an approach to preserve privacy information flow security in composite service evolution. First, a privacy data item dependency analysis method based on a Petri net model is presented. Then the set of privacy data items collected by each component service is derived through a privacy data item dependency graph, and the security scope of each component service is calculated. Finally, the evolution operations that preserve privacy information flow security are defined. By applying these evolution operations, the re-verification process is avoided and the evolution efficiency is improved. To illustrate the effectiveness of our approach, a case study is presented. The experimental results indicate that our approach has high evolution efficiency and can greatly reduce the cost of evolution compared with re-verifying the entire composite service.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Accorsi R, Lehmann A, Lohmann N, 2015. Information leak detection in business process models: theory, application, and tool support. Inform Syst, 47:244–257. https://doi.org/10.1016/j.is.2013.12.006
Alam KA, Ahmad R, Akhunzada A, et al., 2015. Impact analysis and change propagation in service-oriented enterprises: a systematic review. Inform Syst, 54:43–73. https://doi.org/10.1016/j.is.2015.06.003
Andrikopoulos V, Benbernou S, Papazoglou MP, 2012. On the evolution of services. IEEE Trans Softw Eng, 38(3):609–628. https://doi.org/10.1109/TSE.2011.22
Bacon J, Eyers D, Pasquier TFJM, et al., 2014. Information flow control for secure cloud computing. IEEE Trans Netw Serv Manag, 11(1):76–89. https://doi.org/10.1109/TNSM.2013.122313.130423
Bell DE, LaPadula LJ, 1973. Secure computer systems: mathematical foundations. Technical Report, No. 2547. MITRE Corporation, Massachusetts, USA.
Bishop M, 2002. Computer Security: Art and Science. Addison Wesley, New Jersey, USA.
Denning DE, 1976. A lattice model of secure information flow. Commun ACM, 19(5):236–243. https://doi.org/10.1145/360051.360056
Fokaefs M, Mikhaiel R, Tsantalis N, et al., 2011. An empirical study on web service evolution. 9th IEEE Int Conf on Web Services, p.49–56. https://doi.org/10.1109/ICWS.2011.114
Knorr K, 2001. Multilevel security and information flow in Petri net workflows. 9th Int Conf on Telecommunication Systems, p.613–615.
Liu C, Duan H, Zeng Q, et al., 2016. Towards comprehensive support for privacy preservation cross-organization business process mining. IEEE Trans Serv Comput, in press. https://doi.org/10.1109/TSC.2016.2617331
Liu G, Reisig W, Jiang C, et al., 2016. A branching-processbased method to check soundness of workflow systems. IEEE Access, 4:4104–4118. https://doi.org/10.1109/ACCESS.2016.2597061
Liu L, Zhu H, Huang Z, 2011. Analysis of the minimal privacy disclosure for web services collaborations with role mechanisms. Expert Syst Appl, 38(4):4540–4549. https://doi.org/10.1016/j.eswa.2010.09.128
Lohmann N, Massuthe P, Stahl C, et al., 2006. Analyzing interacting BPEL processes. 4th Int Conf on Business Process Management, p.17–32. https://doi.org/10.1007/11841760_3
Peng HF, Huang ZQ, Liu LY, et al., 2017. Static analysis method of secure privacy information flow for service composition. J Softw, in press.
Qi SS, Li BX, Liu CC, et al., 2012. A trust impact analysis model for composite service evolution. 19th IEEE Asia-Pacific Software Engineering Conf, p.73–78. https://doi.org/10.1109/APSEC.2012.30
She W, Yen IL, Thuraisingham B, et al., 2011. Rule-based run-time information flow control in service cloud. 9th IEEE Int Conf on Web Services, p.524–531. https://doi.org/10.1109/ICWS.2011.35
Song W, Ma XX, Cheung SC, et al., 2010. Preserving data flow correctness in process adaptation. 7th IEEE Int Conf on Services Computing, p.9–16. https://doi.org/10.1109/SCC.2010.24
Tan W, Fan YS, Zhou MC, 2009. A Petri net-based method for compatibility analysis and composition of web services in business process execution language. IEEE Trans Autom Sci, 6(1):94–106. https://doi.org/10.1109/TASE.2008.916747
van der Aalst WMP, 1997. Verification of workflow nets. 18th Int Conf on Application and Theory of Petri Nets, p.407–426. https://doi.org/10.1007/3-540-63139-9_48
Wang SY, Capretz MAM, 2009. A dependency impact analysis model for web services evolution. 7th IEEE Int Conf on Web Services, p.359–365. https://doi.org/10.1109/ICWS.2009.62
Wang SY,Capretz MAM, 2011. Dependency and entropy based impact analysis for service-oriented system evolution. 10th IEEE/WIC/ACM Int Conf on Web Intelligence and Intelligent Agent Technology, p.412–417. https://doi.org/10.1109/WI-IAT.2011.196
Wang Y, Wang Y, 2013. A survey of change management in service-based environments. Serv Orient Comput Appl, 7(4):259–273. https://doi.org/10.1007/s11761-013-0128-4
Wang Y, Yang J, Zhao WL, et al., 2012. Change impact analysis in service-based business processes. Serv Orient Comput Appl, 6(2):131–149. https://doi.org/10.1007/s11761-011-0093-8
Xi N, Sun C, Ma JF, et al., 2015. Secure service composition with information flow control in service clouds. Fut Gener Comput Syst, 49:142–148. https://doi.org/10.1016/j.future.2014.12.009
Yu WY, Yan CG, Ding ZJ, et al., 2014. Modeling and validating e-commerce business process based on Petri nets. IEEE Trans Syst Man Cybern Syst, 44(3):327–341. https://doi.org/10.1109/TSMC.2013.2248358
Yu WY, Yan CG, Ding ZJ, et al., 2016. Modeling and verification of online shopping business processes by considering malicious behavior patterns. IEEE Trans Autom Sci Eng, 13(2):647–662. https://doi.org/10.1109/TASE.2014.2362819
Zeng J, Sun HL, Liu XD, et al., 2010. PRV: an approach to process model refactoring in evolving process-aware information systems. 7th IEEE Int Conf on Services Computing, p.441–448. https://doi.org/10.1109/SCC.2010.19
Zeng W, Koutny M, Watson P, et al., 2016. Formal verification of secure information flow in cloud computing. J Inform Secur Appl, 27:103–116. https://doi.org/10.1016/j.jisa.2016.03.002
Author information
Authors and Affiliations
Corresponding author
Additional information
Project supported by the National Natural Science Foundation of China (Nos. 61562087 and 61772270), the National High-Tech Ramp;D Program (863) of China (No. 2015AA015303), the Natural Science Foundation of Jiangsu Province, China (No. BK20130735), the Universities Natural Science Foundation of Jiangsu Province, China (No. 13KJB520011), and the Science Foundation of Nanjing Institute of Technology, China (No. YKJ201420)
Rights and permissions
About this article
Cite this article
Peng, Hf., Huang, Zq., Liu, Ly. et al. Preserving privacy information flow security in composite service evolution. Frontiers Inf Technol Electronic Eng 19, 626–638 (2018). https://doi.org/10.1631/FITEE.1700359
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/FITEE.1700359