Configuring private data management as access restrictions: from design to enforcement

Authors:
Aurélien Faravelon;Stéphanie Chollet;Christine Verdier;Agnès Front
Affiliations:
Laboratoire d' Informatique de Grenoble, Grenoble Cedex 9, France;Laboratoire de Conception et d'Intégration des Systèmes, Valence cedex 9, France;Laboratoire d' Informatique de Grenoble, Grenoble Cedex 9, France;Laboratoire d' Informatique de Grenoble, Grenoble Cedex 9, France
Venue:
ICSOC'12 Proceedings of the 10th international conference on Service-Oriented Computing
Year:
2012

Citing 14
Cited 0

Temporal and modal logic

Handbook of theoretical computer science (vol. B)
Specification in CTL + Past for verification in CTL

Information and Computation - Special issue on EXPRESS 1997
Apel: A Graphical Yet Executable Formalism forProcess Modeling

Automated Software Engineering
Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
Security Conscious Web Service Composition

ICWS '06 Proceedings of the IEEE International Conference on Web Services
A BPMN Extension for the Modeling of Security Requirements in Business Processes

IEICE - Transactions on Information and Systems
The temporal logic of programs

SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Ontology-Based Security Policies for Supporting the Management of Web Service Business Processes

ICSC '08 Proceedings of the 2008 IEEE International Conference on Semantic Computing
Security Specification at Process Level

SCC '08 Proceedings of the 2008 IEEE International Conference on Services Computing - Volume 1
The next 700 access control models or a unifying meta-model?

Proceedings of the 14th ACM symposium on Access control models and technologies
Incorporating Security Requirements into Service Composition: From Modelling to Execution

ICSOC-ServiceWave '09 Proceedings of the 7th International Joint Conference on Service-Oriented Computing
Deriving XACML policies from business process models

WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
On the combination of domain specific modeling languages

ECMFA'10 Proceedings of the 6th European conference on Modelling Foundations and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Service-Oriented Computing (SOC) is a major trend in designing and implementing distributed computer-based applications. Dynamic late biding makes SOC a very promising way to realize pervasive computing, which promotes the integration of computerized artifacts into the fabric of our daily lives. However, pervasive computing raises new challenges which SOC has not addressed yet. Pervasive application relies on highly dynamic and heterogeneous entities. They also necessitate an important data collection to compute the context of users and process sensitive data. Such data collection and processing raise well-known concerns about data disclosure and use. They are a brake to the development of widely accepted pervasive applications. SOC already permits to impose constraints on the bindings of services. We propose to add a new range of constraints to allow data privatization, i.e. the restriction of their disclosure. We extend the traditional design and binding phases of a Service-Oriented Architecture with the expression and the enforcement of privatization constraints. We express and enforce these constraints according to a two phases model-driven approach. Our work is validated on real-world services.