SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Information and Software Technology
Privacy-Aware Web Services in Smart Homes
ICOST '09 Proceedings of the 7th International Conference on Smart Homes and Health Telematics: Ambient Assistive Health and Wellness Management in the Heart of the City
RunTest: assuring integrity of dataflow processing in cloud computing infrastructures
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Minimal privacy authorization in web services collaboration
Computer Standards & Interfaces
Analysis of the minimal privacy disclosure for web services collaborations with role mechanisms
Expert Systems with Applications: An International Journal
Policy-based attestation of service behavior for establishing rigorous trust
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Adaptive data-driven service integrity attestation for multi-tenant cloud systems
Proceedings of the Nineteenth International Workshop on Quality of Service
SCUTA: a server-side access control system for web applications
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Hi-index | 0.00 |
The rapid growth of web applications has prompted increasing interest in the area of composite web services that involve several service providers. The potential for such composite web services can be realized only if consumer privacy concerns are satisfactorily addressed. In this paper, we propose a framework that addresses consumer privacy concerns in the context of highly customizable composite web services. Our approach involves service producers exchanging their terms-of-use with consumers in the form of "models". Our framework provides automated techniques for checking these models at the consumer site for compliance of consumer privacy policies. In the event of a policy violation, our framework supports automatic generation of "obligations" that the consumer generates for the composite service. These obligations are automatically enforced through a dynamic program analysis approach on the web service composition code. We illustrate our approach with the implementation of two example services.