Skip to main content
SpringerLink
Log in

A view-based monitoring for usage control in web services

  • Published:
Distributed and Parallel Databases Aims and scope Submit manuscript

Abstract

Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, and accepting a service by the customer. The criticality is more pronounced when the service provider handles the non-functional QoS attribute of privacy, i.e., privacy related to the customer’s personal data. In this regard, the customer needs some guarantee(s) from the service provider about confidentiality management, leading to overall quality characterization of the provided service. A service level agreement (SLA) is primarily intended to specify (in terms of clauses) the level of such non-functional QoS delivered to the customer. The aim is to provide customers with tools that show the fulfillment of QoS guarantees, through SLA monitoring process. In this paper, we address the problem of usage control of private data in service based applications ensuring end-to-end QoS capabilities. We propose a query containment based approach to support the monitoring of privacy-aware SLA compliance, that spells out a customer’s privacy rights, and shows how the customer’s private information must be handled by a Web service provider. We introduce the private data usage flow model upon which the monitoring is performed to observe the data usage flow, and capture the privacy vulnerabilities that may lead to non-compliance. The model is built on top of (i) properties and time-related privacy requirements to be monitored, and (ii) a set of identified privacy violations. As proof of concept, a privacy aware SLA monitoring system, which is an easy-to-use, and efficient tool for observing the dynamic private data usage flow is developed. Experiment results indicate the relevance and applicability of the proposed approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

Notes

  1. http://www.cnil.fr/english/

  2. https://privacyassociation.org/news/a/2008-07-global-privacy-dispatches-france-cnil-annual-report/

References

  1. Amiri, K., Park, S., Tewari, R., Padmanabhan, S.: Scalable template-based query containment checking for web semantic caches. In: Proceedings of the 19th International Conference on Data Engineering. ICDE 2003, pp. 493–504. IEEE Computer Society, Bangalore (2003)

  2. Barbon, F., Traverso, P., Pistore, M., Trainotti, M.: Run-time monitoring of instances and classes of web service compositions. In: Proceedings of the IEEE International Conference on Web Services. ICWS 2006, pp. 63–71. IEEE Computer Society, Chicago, Illinois (2006)

  3. Baresi, L., Ghezzi, C., Guinea, S.: Smart monitors for composed services. In: Proceedings of the ICSOC 2004. Second International Conference on Service Oriented Computing, ICSOC 2004, pp. 193–202. ACM Press, New York (2004)

  4. Baresi, L., Guinea, S.: Towards dynamic monitoring of ws-bpel processes. In: Proceedings of the Third International Conference on Service Oriented Computing, ICSOC 2005, pp. 269–282. Springer, Amsterdam (2005)

  5. Beeri, C., Eyal, A., Milo, T., Pilberg, A.: Monitoring business processes with queries. In: Proceedings of the 33rd International Conference on Very Large Data Bases. VLDB 2007, pp. 603–614. ACM, University of Vienna (2007)

  6. Beeri, C., Eyal, A., Milo, T.: A. Pilberg: Query-based monitoring of bpel business processes. In: Proceedings of the ACM SIGMOD International Conference on Management of Data. SIGMOD 2007, pp. 1122–1124. ACM, Beijing (2007)

  7. Beeri, C., Levy, A.Y., Rousset, M.C.: Rewriting queries using views in description logics. In: Proceedings of the Sixteenth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, pp. 99–108. ACM, Tucson (1997)

  8. Benbernou, S., Brandic, I., Cappiello, C., Carro, M., Comuzzi, M., Kertész, A., Kritikos, K., Parkin, M., Pernici, B., Plebani, P.: Modeling and negotiating service quality. In: S-CUBE Book, pp. 157–208. Springer, Berlin (2010)

  9. Benbernou, S., Cavallaro, L., Hacid, M.S., Kazhamiaki, R., Kecskemeti, G., Poizat, J., Silvestri, F., M. Uhlig, B.W.: State of the art report, gap analysis of knowledge on principles, techniques and methodologies for monitoring and adaptation of SBAs. S-Cube Deliverable PO-JRA 1(1) (2008)

  10. Benbernou, S., Meziane, H., Hacid, M.S.: Run-time monitoring for privacy-agreement compliance. In: Proceedings of the Fifth International Conference on Service Oriented Computing, ICSOC 2007, pp. 353–364. Springer, Vienna (2007)

  11. Benbernou, S., Meziane, H., Li, Y., Hacid, M.S.: A privacy agreement model for web services. In: Proceedings of the IEEE International Conference on Services Computing, SCC 2007, pp. 196–203. IEEE Computer Society, Salt Lake City (2007)

  12. Calvanese, D., Giacomo, G.D., Lenzerini, M.: Answering queries using views in description logics. In: Proceedings of the 6th International Workshop on Knowledge Representation meets Databases. KRDB 1999, pp. 6–10. CEUR-WS.org, Linkping (1999)

  13. Calvanese, D., Giacomo, G.D., Lenzerini, M.: Conjunctive query containment and answering under description logic constraints. TOCL 9(3), 22 (2008)

    Article  MathSciNet  Google Scholar 

  14. Calvanese, D., Giacomo, G.D., Lenzerini, M., Vardi, M.Y.: View-based query containment. In: Proceedings of the Twenty-Second ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. PODS 2003, pp. 56–67. ACM, San Diego (2003)

  15. Davidson, S., Khanna, S., Milo, T., Panigrahi, D., Roy, S.: Provenance views for module privacy. In: Proceedings of the 30th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems. PODS 2011, pp. 175–186. ACM, Athens (2011)

  16. Davidson, S.B., Khanna, S., Roy, S., Stoyanovich, J., Tannen, V., Chen, Y.: On provenance and privacy. In: Proceedings of the Database Theory. 14th International Conference, ICDT 2011, pp. 3–10. ACM, Uppsala (2011)

  17. Davidson, S.B., Khanna, S., Tannen, V., Roy, S., Chen, Y., Milo, T., Stoyanovich, J.: Enabling privacy in provenance-aware workflow systems. In: Fifth Biennial Conference on Innovative Data Systems Research, CIDR 2011, pp. 215–218. Online Proceedings. www.crdrdb.org 2011, Asilomar, CA, USA (2011)

  18. Fabbri, D., LeFevre, K.: Explanation-based auditing. In: Proceedings of the 38th International Conference on Very Large Data Bases VLDB2012, Istanbul, pp. 1–12 (2012)

  19. Farre, C., Teniente, E., Urpi, T.: The constructive method for query containment checking. In: Proceedings of the 10th International Conference Database and Expert Systems Applications, DEXA 1999, pp. 583–593. Springer, Florence (1999)

  20. Farre, C., Teniente, E., Urpi, T.: Checking query containment with the CQC method. Data Knowl. Eng. 53(2), 163–223 (2005)

    Article  Google Scholar 

  21. Ghanavati, S., Amyot, D., Peyton, L.: A requirements management framework for privacy compliance. In: Proceedings of the Workshop em Engenharia de Requisitos, WER 2007, Toronto, pp. 149–159 (2007)

  22. Halevy, A.Y.: Theory of answering queries using views. SIGMOD Rec. 29(4), 40–47 (2000)

    Article  Google Scholar 

  23. Halevy, A.Y.: Answering queries using views: a survey. VLDB J. 10(4), 270–294 (2001)

    Article  MATH  Google Scholar 

  24. Kazhamiakin, R., Pandya, P., Pistore, M.: Representation, verification, and computation of timed properties in web. In: Proceedings of the IEEE International Conference on Web Services, ICWS 2006, pp. 497–504. IEEE Computer Society, Chicago (2006)

  25. Kolaitis, P., Vardi, M.Y.: Conjunctive-query containment and constraint satisfaction. In: Proceedings of the Seventeenth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, pp. 205–213. ACM, New York (1998)

  26. Korba, L., Wang, Y., Geng, L., Song, R., Yee, G., Patrick, A.S., Buffett, S., Liu, H., You, Y.: Private data discovery for privacy compliance in collaborative environments. In: Proceedings of the 5th International Conference Cooperative Design. Visualization, and Engineering, CDVE 2008, Lecture Notes in Computer Science, vol. 5220, pp. 142–150. Springer, Calvià (2008)

  27. Kritikos, K., Pernici, B., Plebani, P., Cappiello, C., Comuzzi, M., Benbernou, S., Brandic, I., Kertész, A., Parkin, M., Carro, M.: A survey on service quality description. ACM Comput. Surv. 46(1), 1 (2013)

    Article  Google Scholar 

  28. Lazovik, A., Aiello, M., Papazoglou, M.: Associating assertions with business processes and monitoring their execution. In: Proceedings of the Second International Conference Service-Oriented Computing—ICSOC 2004, pp. 94–104. ACM, New York (2004)

  29. Levy, A.Y., Mendelzon, A.O., Sagiv, Y., Srivastava, D.: Answering queries using views. In: Proceedings of the Fourteenth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. PODS 1995, pp. 95–104. ACM, San Jose (1995)

  30. Mahbub, K., Spanoudakis, G.: Monitoring WS-agreement: an event calculus-based approach. In: Test and Analysis of Web Services, pp. 265–306. Springer, Berlin (2007)

  31. Mahbub, K., Spanoudakis, G.: Run-time monitoring of requirements for systems composed of web-services: Initial implementation and evaluation experience. In: Proceedings of the IEEE International Conference on Web Services, ICWS 2005, pp. 257–265. IEEE Computer Society, Orlando (2005)

  32. Meziane, H., Benbernou, S.: A dynamic privacy model for web services. Comput. Stand. Interfaces 32(5–6), 288–304 (2010). Elsevier

    Article  Google Scholar 

  33. Meziane, H., Benbernou, S., Zerdali, A., Hacid, M.S., Papazoglou, M.: A view-based monitoring for privacy-aware web services. In: Proceedings of the 26th International Conference on Data Engineering, ICDE 2010, pp. 1129–1132. IEEE computer society, Long Beach (2010)

  34. Mont, M.C., Pearson, S., Thyne, R.: A systematic approach to privacy enforcement and policy compliance checking in enterprises. In: Proceedings of the Third International Conference Trust and Privacy in Digital Business, TrustBus 2006, pp. 91–102. Springer, Krakow (2006)

  35. Pearson, S., Allison, D.: A model-based privacy compliance checker. Int. J. E-Bus. Res. 5(2), 63–83 (2009)

    Article  Google Scholar 

  36. Pearson, S., Allison, D.: Privacy compliance checking using a model-based approach. E-Business Applications for Product Development and Competitive Growth: Emerging Technologies, IGI GLOBAL, pp. 199–220 (2011)

  37. Pernici, B., Siadat, S.H., Benbernou, S., Ouziri, M.: A penalty-based approach for qos dissatisfaction using fuzzy rules. In: Proceedings of the 9th International Conference on Service-Oriented Computing, ICSOC 2011, pp. 574–581. Springer, Berlin (2011)

  38. Peyton, L., Nozin, M.: Tracking privacy compliance in b2b networks. In: Proceedings of the 6th International Conference on Electronic Commerce, ICEC 2004, pp. 376–381. ACM, Delft (2004)

  39. Pistore, M., Traverso, P.: Assumption-based composition and monitoring of web services. In: Test and Analysis of Web Services, pp. 307–335. Springer, Berlin (2007)

  40. Pottinger, R., Halevy, A.Y.: Minicon: a scalable algorithm for answering queries using views. VLDB J. 10(2–3), 182–198 (2001)

    MATH  Google Scholar 

  41. Rahmouni, H.B., Solomonides, T., Mont, M.C., Shiu, S.: Privacy compliance in european healthgrid domains: an ontology-based approach. In: Proceedings of the Twenty-Second IEEE International Symposium on Computer-Based Medical Systems, CBMS 2009, pp. 1–8. IEEE Computer Society, Albuquerque (2009)

  42. Sebahi, S., Hacid, M.S.: Business process monitoring with BPath. In: Proceedings of the International Conferences on On the Move to Meaningful Internet Systems: OTM 2010—Confederated, CoopIS, IS, DOA and ODBASE, pp. 446–453. Springer, Berlin (2010)

  43. Simmonds, J., Gan, Y., Chechik, M., Nejati, S., O’Farrell, B., Litani, E., Waterhouse, J.: Runtime monitoring of web service conversations. IEEE Trans. Serv. Comput. 2(3), 223–244 (2009)

    Article  Google Scholar 

  44. Song, R., Korba, L., Yee, G.: Privacy rights management for privacy compliance systems. In: Proceedings of the 21st International Conference on Advanced Information Networking and Applications, AINA 2007, pp. 620–625. IEEE Computer Society, Niagara Falls (2007)

  45. Spanoudakis, G., Mahbub, K.: Non-intrusive monitoring of service-based systems. IJCIS 15(3), 325–358 (2006)

    Google Scholar 

  46. Squicciarini, A.C., Carminati, B., Karumanchi, S.: A privacy-preserving approach for web service selection and provisioning. In: Proceedings of the IEEE International Conference on Web Services, ICWS 2011, pp. 33–40. IEEE Computer Society, Washington (2011)

  47. Squicciarini, A.C., Casassa-Mont, M., Bertino, E., Bhargav-Spantzel, A.: Automatic compliance of privacy policies in federated digital identity management. Tech. Rep. HPL-2008-8, HP Laboratories Bristol (2008)

  48. Squicciarini, A.C., Mont, M.C., Spantzel, A.B., Bertino, E.: Automatic compliance of privacy policies in federated digital identity management. In: Proceedings of the 9th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2008, pp. 89–92. IEEE Computer Society, New York (2008)

  49. Yee, G.: Visualization for privacy compliance. In: Proceedings of the 3rd Workshop on Visualization for Computer Security, VizSEC 2006, pp. 117–122. ACM, Alexandria (2006)

  50. Yee, G.: Visual analysis of privacy risks in web services. In: Proceedings of the IEEE International Conference on Web Services, ICWS 2007, pp. 671–678. IEEE Computer Society, Salt Lake City (2007)

  51. Yee, G.O.M.: Towards designing e-services that protect privacy. Int. J. Secur. Softw. Eng. 1(2), 18–34 (2010)

    Article  Google Scholar 

  52. Yee, G., Korba, L.: Privacy policy compliance for web services. In: Proceedings of the IEEE International Conference on Web Services, ICWS 2004, pp. 158–165. IEEE Computer Society, San Diego (2004)

  53. Yee, G., Korba, L., Song, R.: Assessing the likelihood of privacy policy compliance. In: Proceedings of the IFIP TC-11 23rd International Information Security Conference IFIP 20th World Computer Congress, pp. 723–727. Springer, Milano (2008)

  54. Zemni, M.A., Benbernou, S., Carro, M.: A soft constraint-based approach to qos-aware service selection. In: Proceedings of the 8th International Conference on Service-Oriented Computing, ICSOC 2010, pp. 596–602. Springer, Berlin (2010)

Download references

Author information

Authors and Affiliations

  1. University of Oran, Es Senia, Algeria

    Hassina Meziane

  2. Université Paris Descartes, Paris, France

    Hassina Meziane & Salima Benbernou

  3. Université Claude Bernard Lyon 1, Villeurbanne, France

    Mohand-Said Hacid

  4. Wayne State University, Detroit, USA

    Zaki Malik

  5. Tilburg University, Tilburg, The Netherlands

    Mike Papazoglou

Authors
  1. Hassina Meziane
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Salima Benbernou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohand-Said Hacid
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zaki Malik
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mike Papazoglou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Salima Benbernou.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Meziane, H., Benbernou, S., Hacid, MS. et al. A view-based monitoring for usage control in web services. Distrib Parallel Databases 34, 145–178 (2016). https://doi.org/10.1007/s10619-014-7169-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10619-014-7169-3

Keywords

Search

Navigation