Configuring Private Data Management as Access Restrictions: From Design to Enforcement

  • Aurélien Faravelon
  • Stéphanie Chollet
  • Christine Verdier
  • Agnès Front
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7636)


Service-Oriented Computing (SOC) is a major trend in designing and implementing distributed computer-based applications. Dynamic late biding makes SOC a very promising way to realize pervasive computing, which promotes the integration of computerized artifacts into the fabric of our daily lives. However, pervasive computing raises new challenges which SOC has not addressed yet. Pervasive application relies on highly dynamic and heterogeneous entities. They also necessitate an important data collection to compute the context of users and process sensitive data. Such data collection and processing raise well-known concerns about data disclosure and use. They are a brake to the development of widely accepted pervasive applications. SOC already permits to impose constraints on the bindings of services. We propose to add a new range of constraints to allow data privatization, i.e. the restriction of their disclosure. We extend the traditional design and binding phases of a Service-Oriented Architecture with the expression and the enforcement of privatization constraints. We express and enforce these constraints according to a two phases model-driven approach. Our work is validated on real-world services.


Access restriction SOA workflow private data 


  1. 1.
    Barker, S.: The next 700 access control models or a unifying meta-model? In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 187–196. ACM, New York (2009)CrossRefGoogle Scholar
  2. 2.
    Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: from UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology 15, 39–91 (2006)CrossRefGoogle Scholar
  3. 3.
    Carminati, B., Ferrari, E., Hung, P.: Security Conscious Web Service Composition. In: International Conference on Web Services (ICWS), pp. 489–496. IEEE Computer Society, Los Alamitos (2006)CrossRefGoogle Scholar
  4. 4.
    Chollet, S., Lalanda, P.: Security specifcation at process level. In: SCC 2008: Proceedings of the 2008 IEEE International Conference on Services Computing, pp. 165–172. IEEE Computer Society, Washington, DC (2008)CrossRefGoogle Scholar
  5. 5.
    Dami, S., Estublier, J., Amiour, M.: APEL: A Graphical Yet Executable Formalism for Process Modeling. Automated Software Engg. 5(1), 61–96 (1998)CrossRefGoogle Scholar
  6. 6.
    Emerson, E.A.: Temporal and modal logic. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science, vol. B, pp. 995–1072. MIT Press (1990)Google Scholar
  7. 7.
    Ferraiolo, D.F., Kuhn, D.R.: Role-based access controls. In: Proceedings of the 15th National Computer Security Conference, pp. 554–563 (1992)Google Scholar
  8. 8.
    Garcia, D.Z.G., de Toledo, M.B.F.: Ontology-based security policies for supporting the management of web service business processes. In: ICSC, pp. 331–338 (2008)Google Scholar
  9. 9.
    Laroussinie, F., Schnoebelen, P.: Specification in ctl + past for verification in ctl. Inf. Comput. 156, 236–263 (2000)MathSciNetzbMATHCrossRefGoogle Scholar
  10. 10.
    Orriëns, B., Yang, J., Papazoglou, M.P.: Model Driven Service Composition. In: Orlowska, M.E., Weerawarana, S., Papazoglou, M.P., Yang, J. (eds.) ICSOC 2003. LNCS, vol. 2910, pp. 75–90. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Pnueli, A.: The temporal logic of programs. In: Proceedings of the 18th Annual Symposium on Foundations of Computer Science, pp. 46–57. IEEE Computer Society, Washington, DC (1977)Google Scholar
  12. 12.
    Rodríguez, A., Fernández-Medina, E., Piattini, M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Transactions on Information and Systems E90-D(4), 745–752 (2007)CrossRefGoogle Scholar
  13. 13.
    Samarati, P., de Capitani di Vimercati, S.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Souza, A.R.R., Silva, B.L.B., Lins, F.A.A., Damasceno, J.C., Rosa, N.S., Maciel, P.R.M., Medeiros, R.W.A., Stephenson, B., Motahari-Nezhad, H.R., Li, J., Northfleet, C.: Incorporating Security Requirements into Service Composition: From Modelling to Execution. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 373–388. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Srivatsa, M., Iyengar, A., Mikalsen, T.A., Rouvellou, I., Yin, J.: An Access Control System for Web Service Compositions. In: International Conference on Web Services (ICWS), pp. 1–8. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar
  16. 16.
    Vallecillo, A.: On the Combination of Domain Specific Modeling Languages. In: Kühne, T., Selic, B., Gervais, M.-P., Terrier, F. (eds.) ECMFA 2010. LNCS, vol. 6138, pp. 305–320. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Wolter, C., Schaad, A., Meinel, C.: Deriving XACML Policies from Business Process Models. In: Weske, M., Hacid, M.-S., Godart, C. (eds.) WISE Workshops 2007. LNCS, vol. 4832, pp. 142–153. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Aurélien Faravelon
    • 1
  • Stéphanie Chollet
    • 2
  • Christine Verdier
    • 1
  • Agnès Front
    • 1
  1. 1.Laboratoire d’ Informatique de GrenobleGrenoble Cedex 9France
  2. 2.Laboratoire de Conception et d’Intégration des SystèmesValence cedex 9France

Personalised recommendations