Abstract
With the development of the Internet of Things (IoT) and the Internet, new kinds of services based on IoT devices will benefit everyone. As a key step in achieving a complex business structure based on a massive number of IoT devices, establishing an effective service composition is extremely important. The emerging architecture of composition is related to process management and is subject to security risks, such as privacy leaks. Traditional service composition methods have difficulty verifying the timed privacy requirements of an IoT service composition. Therefore, this paper proposes an automatic method of transforming Business Process Execution Language (BPEL) into timed automata for formal verification, with the aim of formalizing timed privacy requirements for the IoT service composition and verifying the formal model returned to the UPPAAL supporting tool. First, a privacy requirement template is introduced to analyze the structure of the IoT service composition. Then, a timed computation tree logic (TCTL) property formula template is used to describe the privacy requirements, especially time constraints. Second, an extended timed I/O automata model, namely, the Sensitive Data Timed I/O Automata (SDTIOA) model, is proposed to formalize communication behavior, sensitive data treatment, and service time. Third, the corresponding transformation rules and algorithms are designed for BPEL and SDTIOA. These models can be adjusted through user interaction. Next, as a practical engineering application, we develop a prototype to show how to work with UPPAAL and generate UPPAAL code from SDTIOA code. Finally, a case study is discussed to illustrate the processes of modeling and timed verification for an IoT service composition.
Similar content being viewed by others
References
Lemoine F, Aubonnet t, Simoni N (2020) IoT composition based on self-controlled services. Journal of Ambient Intelligence and Humanized Computing 11: 5167–5186
LeeI J, LeeK (2015) The Internet of Things (IoT): applications, investments, and challenges for enterprises. Business Horizons 58(4):431–440
Jangjaccard J, Nepal S (2014) A survey of emerging threats in cybersecurity. J Comput Syst Sci 80(5):973–993
Constante E, Paci F, Zannone N et al (2013) Privacy-aware web service composition and ranking. International Conference on Web Services 10(3):131–138
Labda W, Mehandjiev N, Sampaio P et al (2014) Modeling of privacy-aware business processes in BPMN to protect personal data. ACM Symposium on Applied Computing, pp 1399–1405
Roman R, Najera P, Lopez J et al (2011) Securing the internet of things. IEEE Computer 44(9):51–58
Bertino E (2016) Data privacy for IoT systems: concepts, approaches, and research directions. International Conference on Big Data, pp 3645–3647
Butun I (2017) Privacy and trust relations in Internet of Things from the user point of view. IEEE Annual Computing and Communication Workshop and Conference, pp 1–5
Weber RH (2010) Internet of things: new security and privacy challenges. The Internet of Things 26(1):23–30
Bhatia R, Gujral MS (2017) Privacy aware access control: a literature survey and novel framework. International Journal of Information Technologies and Systems Approach 10(2):17–30
OASIS WS-BPEL Technical Committee, Web Services Business Process Execution Language Version 2.0 (2007). http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html
Erl T (2008) SOA Principles of Service Design (Prentice Hall)
UPPALL (2019) UPPAAL web help. https://www.it.uu.se/research/group/darts/uppaal/help.php?file=WebHelp
David A, Larsen KG, Legay A et al (2010) Timed I/O automata: a complete specification theory for real-time systems. ACM International Conference Hybrid Systems Computation and Control, pp 91–100
Felten EW, Schneider MA (2000) Timing attacks on Web privacy. Computer and Communications Security, pp 25–32
Alur R, Courcoubetis C, Dill D (1990) Model-checking for real-time systems. Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science, Philadelphia, PA, USA, pp 414– 425
Focardi R, Gorrieri R, Lanotte R et al (2002) Formal models of timing attacks on web privacy. Electronic Notes in Theoretical Computer Science, pp 229–243
Song D, Wagner D, Tian X et al (2001) Timing analysis of keystrokes and timing attacks on SSH. Usenix Security Symposium, pp 25–25
Honghao G, Huaikou M, Hongwei Z (2013) Predictive web service monitoring using probabilistic model checking. Applied Mathematics & Information Sciences 7(1L):139–148
Gao H, Chu D, Duan Y (2017) The probabilistic model checking based service selection method for business process modeling. Journal of Software Engineering and Knowledge Engineering 27(6):897–923
Gao H, Huang W, Duan Y, Yang X, Zou Q (2019) Research on cost-driven services composition in an uncertain environment. Journal of Internet Technology (JIT) 20(3):755–769
Joshaghani R, Black S, Sherman E et al (2019) Formal specification and verification of user-centric privacy policies for ubiquitous systems. International Database Engineering and Applications Symposium
Li YH, Paik H, Benatallah B et al (2006) Formal consistency verification between BPEL process and privacy policy. Conference on Privacy, Security and Trust
Liu L, Huang Z, Xiao F et al (2010) Verification of privacy requirements in web services composition. International Symposium on Data, Privacy, and E-Commerce, pp 117–122
Lu J, Huang Z, Ke C et al (2014) Verification of behavior-aware privacy requirements in web services composition. Journal of Software 9(4):944–951
Mateescu R, Rampacek S (2008) Formal modeling and discrete-time analysis of BPEL web services. In: Dietzj LG, Albani A, Barjis J (eds) Advances in enterprise engineering i. CIAO! 2008, EOMAS 2008. Lecture notes in business information processing, vol 10. Springer, Berlin
Fares E, Bodeveix JP, Filali M et al (2011) Verification of timed BPEL 2.0 models. In: Halpin T (ed) Enterprise, business-process and information systems modeling. BPMDS 2011, EMMSAD 2011. Lecture notes in business information processing, vol 81. Springer, Berlin
Song W, Ma X, Ye C et al (2009) Timed modeling and verification of BPEL processes using time petri nets. International Conference on Quality Software, pp 92–97
Chama IE, Belala N, Saidouni DE et al (2014) Formalization and analysis of timed BPEL. Information Reuse and Integration, pp 483–491
Chama IE, Belala N, Saidouni DE et al (2017) A timed semantics for web services composition. International Journal of Business Process Integration and Management 8(1):64–79
Gao H, Miao H, Liu L et al (2018) Automated quantitative verification for service-based system design: a visualization transform tool perspective. International Journal of Software Engineering and Knowledge Engineering 28(10):1369–1397
Acknowledgements
This work was supported in part by the National Natural Science Foundation of China (NSFC) under Grant No. 61902236 and National Key Research and Development Program of China under Grant 2020YFB1006003.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Gao, H., Zhang, Y., Miao, H. et al. SDTIOA: Modeling the Timed Privacy Requirements of IoT Service Composition: A User Interaction Perspective for Automatic Transformation from BPEL to Timed Automata. Mobile Netw Appl 26, 2272–2297 (2021). https://doi.org/10.1007/s11036-021-01846-x
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-021-01846-x