Secure and Privacy-Preserving Execution Model for Data Services

  • Mahmoud Barhamgi
  • Djamal Benslimane
  • Said Oulmakhzoune
  • Nora Cuppens-Boulahia
  • Frederic Cuppens
  • Michael Mrissa
  • Hajer Taktak
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7908)


Data services have almost become a standard way for data publishing and sharing on top of the Web. In this paper, we present a secure and privacy-preserving execution model for data services. Our model controls the information returned during service execution based on the identity of the data consumer and the purpose of the invocation. We implemented and evaluated the proposed model in the healthcare application domain. The obtained results are promising.


Data Services Privacy Preservation RDF Views 


  1. 1.
    Rindfleisch, T.C.: Privacy, Information Technology, and Health Care. Communications of the ACM 40(8), 92–100 (1997)CrossRefGoogle Scholar
  2. 2.
    US Department of Health and Human Services: Standards for privacy of individually identifiable health information; Final rule (August 2002),
  3. 3.
    Abou El Kalam, A., Benferhat, S., Miege, A., El Baida, R., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003). IEEE Computer Society (2003) ISBN 0-7695-1933-4Google Scholar
  4. 4.
    Agrawal, D., El Abbadi, A., Wang, S.: Secure and privacy-preserving data services in the cloud: A data centric view. In: PVLDB, vol. 5(12), pp. 2028–2029 (2012)Google Scholar
  5. 5.
    Agrawal, D., El Abbadi, A., Antony, S., Das, S.: Data management challenges in cloud computing infrastructures. In: Kikuchi, S., Sachdeva, S., Bhalla, S. (eds.) DNIS 2010. LNCS, vol. 5999, pp. 1–10. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Ajam, N., Cuppens-Boulahia, N., Cuppens, F.: Contextual privacy management in extended role based access control model. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939, pp. 121–135. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Ashley, P., Moore, D.: Enforcing privacy within an enterprise using IBM Tivoli privacy manager for e-business. In: IBM Developer Domain (May 2003)Google Scholar
  8. 8.
    Carey, M.J.: Declarative data services: This is your data on SOA. In: IEEE International Conference on Service-Oriented Computing and Applications, SOCA 2007, California, USA, p. 4. IEEE Computer Society (2007)Google Scholar
  9. 9.
    Carey, M.J., Onose, N., Petropoulos, M.: Data services. Communications of the ACM 55(6), 86–97 (2012)CrossRefGoogle Scholar
  10. 10.
    Damiani, E.: Web service security. In: Encyclopedia of Cryptography and Security, 2nd edn., pp. 1375–1377. Springer (2011)Google Scholar
  11. 11.
    Dogac, A.: Interoperability in ehealth systems (tutorial). In: PVLDB, vol. 5(12), pp. 2026–2027 (2012)Google Scholar
  12. 12.
    Durbeck, S., Fritsch, C., Pernul, G., Schillinger, R.: A semantic security architecture for Web services. In: Fifth International Conference on Availability, Reliability and Security (ARES 2010), Poland, pp. 222–227. IEEE Computer Society (2010)Google Scholar
  13. 13.
    Dustdar, S., Pichler, R., Savenkov, V., Truong, H.L.: Quality-aware service-oriented data integration: requirements, state of the art and open challenges. SIGMOD Record 41(1), 11–19 (2012)CrossRefGoogle Scholar
  14. 14.
    Gilpin, M., Yuhanna, N., Smillie, K., Leganza, G., Heffner, R., Hoppermann, J.: Information-as-a-service: What’s behind this hot new trend? Forrester Research, Research Report (March 22, 2007)Google Scholar
  15. 15.
    Hamadi, R., Paik, H.-Y., Benatallah, B.: Conceptual modeling of privacy-aware web service protocols. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007. LNCS, vol. 4495, pp. 233–248. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.J.: Limiting disclosure in hippocratic databases. In: The Thirtieth International Conference on Very Large Data Bases, VLDB 2004, pp. 8–19 (2004)Google Scholar
  17. 17.
    Malik, Z., Bouguettaya, A.: RATEWeb: Reputation assessment for trust establishment among Web services. VLDB Journal 18(4), 885–911 (2009)CrossRefGoogle Scholar
  18. 18.
    Meziane, H., Benbernou, S., Zerdali, A.K., Hacid, M.S., Papazoglou, M.P.: A view-based monitoring for privacy-aware web services. In: The 26th International Conference on Data Engineering (ICDE 2010), pp. 1129–1132. IEEE (2010)Google Scholar
  19. 19.
    Vu, Q.H., Pham, T.V., Truong, H.L., Dustdar, S., Asal, R.: DEMODS: A description model for data-as-a-service. In: IEEE 26th International Conference on Advanced Information Networking and Applications (AINA 2012), pp. 5–12. IEEE (2012)Google Scholar
  20. 20.
    Yau, S.S., Yin, Y.: A privacy preserving repository for data integration across data sharing services. IEEE Transactions on Services Computing 1(3), 130–140 (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Mahmoud Barhamgi
    • 1
  • Djamal Benslimane
    • 1
  • Said Oulmakhzoune
    • 2
  • Nora Cuppens-Boulahia
    • 2
  • Frederic Cuppens
    • 2
  • Michael Mrissa
    • 1
  • Hajer Taktak
    • 1
  1. 1.LIRIS LaboratoryClaude Bernard Lyon1 UniversityVilleurbanneFrance
  2. 2.IT/Telecom-BretagneCesson SevigneFrance

Personalised recommendations