Abstract
Data services have almost become a standard way for data publishing and sharing on top of the Web. In this paper, we present a secure and privacy-preserving execution model for data services. Our model controls the information returned during service execution based on the identity of the data consumer and the purpose of the invocation. We implemented and evaluated the proposed model in the healthcare application domain. The obtained results are promising.
Chapter PDF
Similar content being viewed by others
References
Rindfleisch, T.C.: Privacy, Information Technology, and Health Care. Communications of the ACM 40(8), 92–100 (1997)
US Department of Health and Human Services: Standards for privacy of individually identifiable health information; Final rule (August 2002), http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/privrulepd.pdf
Abou El Kalam, A., Benferhat, S., Miege, A., El Baida, R., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003). IEEE Computer Society (2003) ISBN 0-7695-1933-4
Agrawal, D., El Abbadi, A., Wang, S.: Secure and privacy-preserving data services in the cloud: A data centric view. In: PVLDB, vol. 5(12), pp. 2028–2029 (2012)
Agrawal, D., El Abbadi, A., Antony, S., Das, S.: Data management challenges in cloud computing infrastructures. In: Kikuchi, S., Sachdeva, S., Bhalla, S. (eds.) DNIS 2010. LNCS, vol. 5999, pp. 1–10. Springer, Heidelberg (2010)
Ajam, N., Cuppens-Boulahia, N., Cuppens, F.: Contextual privacy management in extended role based access control model. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939, pp. 121–135. Springer, Heidelberg (2010)
Ashley, P., Moore, D.: Enforcing privacy within an enterprise using IBM Tivoli privacy manager for e-business. In: IBM Developer Domain (May 2003)
Carey, M.J.: Declarative data services: This is your data on SOA. In: IEEE International Conference on Service-Oriented Computing and Applications, SOCA 2007, California, USA, p. 4. IEEE Computer Society (2007)
Carey, M.J., Onose, N., Petropoulos, M.: Data services. Communications of the ACM 55(6), 86–97 (2012)
Damiani, E.: Web service security. In: Encyclopedia of Cryptography and Security, 2nd edn., pp. 1375–1377. Springer (2011)
Dogac, A.: Interoperability in ehealth systems (tutorial). In: PVLDB, vol. 5(12), pp. 2026–2027 (2012)
Durbeck, S., Fritsch, C., Pernul, G., Schillinger, R.: A semantic security architecture for Web services. In: Fifth International Conference on Availability, Reliability and Security (ARES 2010), Poland, pp. 222–227. IEEE Computer Society (2010)
Dustdar, S., Pichler, R., Savenkov, V., Truong, H.L.: Quality-aware service-oriented data integration: requirements, state of the art and open challenges. SIGMOD Record 41(1), 11–19 (2012)
Gilpin, M., Yuhanna, N., Smillie, K., Leganza, G., Heffner, R., Hoppermann, J.: Information-as-a-service: What’s behind this hot new trend? Forrester Research, Research Report (March 22, 2007)
Hamadi, R., Paik, H.-Y., Benatallah, B.: Conceptual modeling of privacy-aware web service protocols. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007. LNCS, vol. 4495, pp. 233–248. Springer, Heidelberg (2007)
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.J.: Limiting disclosure in hippocratic databases. In: The Thirtieth International Conference on Very Large Data Bases, VLDB 2004, pp. 8–19 (2004)
Malik, Z., Bouguettaya, A.: RATEWeb: Reputation assessment for trust establishment among Web services. VLDB Journal 18(4), 885–911 (2009)
Meziane, H., Benbernou, S., Zerdali, A.K., Hacid, M.S., Papazoglou, M.P.: A view-based monitoring for privacy-aware web services. In: The 26th International Conference on Data Engineering (ICDE 2010), pp. 1129–1132. IEEE (2010)
Vu, Q.H., Pham, T.V., Truong, H.L., Dustdar, S., Asal, R.: DEMODS: A description model for data-as-a-service. In: IEEE 26th International Conference on Advanced Information Networking and Applications (AINA 2012), pp. 5–12. IEEE (2012)
Yau, S.S., Yin, Y.: A privacy preserving repository for data integration across data sharing services. IEEE Transactions on Services Computing 1(3), 130–140 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barhamgi, M. et al. (2013). Secure and Privacy-Preserving Execution Model for Data Services. In: Salinesi, C., Norrie, M.C., Pastor, Ó. (eds) Advanced Information Systems Engineering. CAiSE 2013. Lecture Notes in Computer Science, vol 7908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38709-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-38709-8_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38708-1
Online ISBN: 978-3-642-38709-8
eBook Packages: Computer ScienceComputer Science (R0)