Abstract
This chapter addresses the problem of managing private data in service based applications ensuring end-to-end quality of service(QoS) capabilities. The proposed approach is processed through monitoring the compliance of privacy agreement that spells out a consumer’s privacy rights and how consumer private information must be handled by the service provider. A state machine based model is proposed to describe the Private Data Use Flow (PDUF) toward monitoring which can be used by privacy analyst to observe the flow and capture privacy vulnerabilities that may lead to non-compliance. The model is built on top of (i) properties and timed-related privacy requirements to be monitored that are specified using LTL (Linear Temporal Logic) (ii) a set of identified privacy misuses.
The research leading to these results has received funding from the European Community’s Seventh Framework Programme FP7/2007-2013 under grant agreement 215483 (S-Cube).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Yee, G.: Visual analysis of privacy risks in web services. In: 2007 IEEE International Conference on Web Services (ICWS 2007), Salt Lake City, Utah, USA, July 9-13, pp. 671–678. IEEE Computer Society, Los Alamitos (2007)
Barbon, F., Traverso, P., Pistore, M., Trainotti, M.: Run-time monitoring of instances and classes of web service compositions. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2006), pp. 63–71 (2006)
Baresi, L., Ghezzi, C., Guinea, S.: Smart monitors for composed services. In ICSOC 2004. In: Proceedings of the 2nd international conference on Service oriented computing, pp. 193–202. ACM Press, New York (2004)
Baresi, L., Guinea, S.: Towards dynamic monitoring of ws-bpel processes. In: Benatallah, B., Casati, F., Traverso, P. (eds.) ICSOC 2005. LNCS, vol. 3826, pp. 269–282. Springer, Heidelberg (2005)
Benbernou, S., Meziane, H., Li, Y.H., Hacid, M.: A privacy agreement model for web services. In: IEEE International Conference on Service Computing SCC 2007 (2007)
Milo, T., Pilberg, A., Beeri, C., Eyal, A.: Monitoring business processes with queries. In: Proceedings of the 33rd International Conference on Very Large Data Bases, University of Vienna, Austria, September 23-27, pp. 603–614 (2007)
Guermouche, N., Benbernou, S., Coquery, C.E., Hacid, M.: Privacy-aware web service protocol replaceability. In: IEEE International Conference on Web Services ICWS 2007 (July 2007)
Yee, G., Korba, L.: Privacy policy compliance for web services. In: Proc. of the IEEE International Conference on Web Services (ICWS 2004), Washington, USA, pp. 158–166 (2004)
Kazhamiakin, R., Pandya, P., Pistore, M.: Representation, verification, and computation of timed properties in web. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2006), Washington, USA, pp. 497–504. IEEE Computer Society, Los Alamitos (2006)
Korba, L., Wang, Y., Geng, L., Song, R., Yee, G., Patrick, A.S., Buffett, S., Liu, H., You, Y.: Private data discovery for privacy compliance in collaborative environments. In: 5th International Conference on Cooperative Design, Visualization, and Engineering, CSVE 2008, Calvi‘a, Mallorca, Spain, September 21-25, pp. 142–150. Springer, Heidelberg (2008)
Lazovik, A., Aiello, M., Papazoglou, M.: Associating assertions with business processes and monitoring their execution. In: ICSOC 2004 Proceedings of the 2nd international conference on Service oriented computing, New York, USA, pp. 94–104 (2004)
Mahbub, K., Spanoudakis, G.: Run-time monitoring of requirements for systems composed of web-services: Initial implementation and evaluation experience. In: 2005 IEEE International Conference on Web Services (ICWS), December 2005, pp. 257–265 (2005)
Mahbub, K., Spanoudakis, G.: Monitoring ws-agreement: An event calculus-based approach. In: Test and Analysis of Web Services, pp. 265–306. Springer, Heidelberg (2007)
Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer, Heidelberg (1992)
Casassa Mont, M., Pearson, S., Thyne, R.: A systematic approach to privacy enforcement and policy compliance checking in enterprises. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 91–102. Springer, Heidelberg (2006)
Peyton, L., Nozin, M.: Tracking privacy compliance in b2b networks. In: Proceedings of the 6th International Conference on Electronic Commerce, ICEC 2004, Delft, The Netherlands, October 25-27, pp. 376–381 (2004)
Pistore, M., Traverso, P.: Assumption-based composition and monitoring of web services. In: Test and Analysis of Web Services, pp. 307–335 (2007)
Song, R., Korba, L., Yee, G.: Privacy rights management for privacy compliance systems. In: 21st International Conference on Advanced Information Networking and Applications (AINA 2007), Workshops Proceedings, Niagara Falls, Canada, May 21-23, vol. 1, pp. 620–625. IEEE Computer Society, Los Alamitos (2007)
Spanoudakis, G., Mahbub, K.: Non intrusive monitoring of service based systems. International Journal of Cooperative Information Systems (2006)
Squicciarini, A.C., Casassa Mont, M., Spantzel, A.B., Bertino, E.: Automatic compliance of privacy policies in federated digital identity management. In: 9th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2008), Palisades, New York, USA, June 2-4, pp. 89–92. IEEE Computer Society, Los Alamitos (2008)
Yee, G.: Visualization for privacy compliance. In: VizSEC 2006: Proceedings of the 3rd international workshop on Visualization for computer security, pp. 117–122. ACM Press, New York (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Meziane, H., Benbernou, S., Leymann, F., Papazoglou, M.P. (2009). Monitoring-Based Approach for Privacy Data Management. In: Ras, Z.W., Dardzinska, A. (eds) Advances in Data Management. Studies in Computational Intelligence, vol 223. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02190-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-02190-9_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02189-3
Online ISBN: 978-3-642-02190-9
eBook Packages: EngineeringEngineering (R0)