Skip to main content
SpringerLink
Log in

SDTIOA: Modeling the Timed Privacy Requirements of IoT Service Composition: A User Interaction Perspective for Automatic Transformation from BPEL to Timed Automata

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

With the development of the Internet of Things (IoT) and the Internet, new kinds of services based on IoT devices will benefit everyone. As a key step in achieving a complex business structure based on a massive number of IoT devices, establishing an effective service composition is extremely important. The emerging architecture of composition is related to process management and is subject to security risks, such as privacy leaks. Traditional service composition methods have difficulty verifying the timed privacy requirements of an IoT service composition. Therefore, this paper proposes an automatic method of transforming Business Process Execution Language (BPEL) into timed automata for formal verification, with the aim of formalizing timed privacy requirements for the IoT service composition and verifying the formal model returned to the UPPAAL supporting tool. First, a privacy requirement template is introduced to analyze the structure of the IoT service composition. Then, a timed computation tree logic (TCTL) property formula template is used to describe the privacy requirements, especially time constraints. Second, an extended timed I/O automata model, namely, the Sensitive Data Timed I/O Automata (SDTIOA) model, is proposed to formalize communication behavior, sensitive data treatment, and service time. Third, the corresponding transformation rules and algorithms are designed for BPEL and SDTIOA. These models can be adjusted through user interaction. Next, as a practical engineering application, we develop a prototype to show how to work with UPPAAL and generate UPPAAL code from SDTIOA code. Finally, a case study is discussed to illustrate the processes of modeling and timed verification for an IoT service composition.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19

Similar content being viewed by others

References

  1. Lemoine F, Aubonnet t, Simoni N (2020) IoT composition based on self-controlled services. Journal of Ambient Intelligence and Humanized Computing 11: 5167–5186

  2. LeeI J, LeeK (2015) The Internet of Things (IoT): applications, investments, and challenges for enterprises. Business Horizons 58(4):431–440

    Article  Google Scholar 

  3. Jangjaccard J, Nepal S (2014) A survey of emerging threats in cybersecurity. J Comput Syst Sci 80(5):973–993

    Article  MathSciNet  Google Scholar 

  4. Constante E, Paci F, Zannone N et al (2013) Privacy-aware web service composition and ranking. International Conference on Web Services 10(3):131–138

    Google Scholar 

  5. Labda W, Mehandjiev N, Sampaio P et al (2014) Modeling of privacy-aware business processes in BPMN to protect personal data. ACM Symposium on Applied Computing, pp 1399–1405

  6. Roman R, Najera P, Lopez J et al (2011) Securing the internet of things. IEEE Computer 44(9):51–58

    Article  Google Scholar 

  7. Bertino E (2016) Data privacy for IoT systems: concepts, approaches, and research directions. International Conference on Big Data, pp 3645–3647

  8. Butun I (2017) Privacy and trust relations in Internet of Things from the user point of view. IEEE Annual Computing and Communication Workshop and Conference, pp 1–5

  9. Weber RH (2010) Internet of things: new security and privacy challenges. The Internet of Things 26(1):23–30

    Article  Google Scholar 

  10. Bhatia R, Gujral MS (2017) Privacy aware access control: a literature survey and novel framework. International Journal of Information Technologies and Systems Approach 10(2):17–30

    Article  Google Scholar 

  11. OASIS WS-BPEL Technical Committee, Web Services Business Process Execution Language Version 2.0 (2007). http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html

  12. Erl T (2008) SOA Principles of Service Design (Prentice Hall)

  13. UPPALL (2019) UPPAAL web help. https://www.it.uu.se/research/group/darts/uppaal/help.php?file=WebHelp

  14. David A, Larsen KG, Legay A et al (2010) Timed I/O automata: a complete specification theory for real-time systems. ACM International Conference Hybrid Systems Computation and Control, pp 91–100

  15. Felten EW, Schneider MA (2000) Timing attacks on Web privacy. Computer and Communications Security, pp 25–32

  16. Alur R, Courcoubetis C, Dill D (1990) Model-checking for real-time systems. Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science, Philadelphia, PA, USA, pp 414– 425

  17. Focardi R, Gorrieri R, Lanotte R et al (2002) Formal models of timing attacks on web privacy. Electronic Notes in Theoretical Computer Science, pp 229–243

  18. Song D, Wagner D, Tian X et al (2001) Timing analysis of keystrokes and timing attacks on SSH. Usenix Security Symposium, pp 25–25

  19. Honghao G, Huaikou M, Hongwei Z (2013) Predictive web service monitoring using probabilistic model checking. Applied Mathematics & Information Sciences 7(1L):139–148

    Article  MathSciNet  Google Scholar 

  20. Gao H, Chu D, Duan Y (2017) The probabilistic model checking based service selection method for business process modeling. Journal of Software Engineering and Knowledge Engineering 27(6):897–923

    Article  Google Scholar 

  21. Gao H, Huang W, Duan Y, Yang X, Zou Q (2019) Research on cost-driven services composition in an uncertain environment. Journal of Internet Technology (JIT) 20(3):755–769

    Google Scholar 

  22. Joshaghani R, Black S, Sherman E et al (2019) Formal specification and verification of user-centric privacy policies for ubiquitous systems. International Database Engineering and Applications Symposium

  23. Li YH, Paik H, Benatallah B et al (2006) Formal consistency verification between BPEL process and privacy policy. Conference on Privacy, Security and Trust

  24. Liu L, Huang Z, Xiao F et al (2010) Verification of privacy requirements in web services composition. International Symposium on Data, Privacy, and E-Commerce, pp 117–122

  25. Lu J, Huang Z, Ke C et al (2014) Verification of behavior-aware privacy requirements in web services composition. Journal of Software 9(4):944–951

    Google Scholar 

  26. Mateescu R, Rampacek S (2008) Formal modeling and discrete-time analysis of BPEL web services. In: Dietzj LG, Albani A, Barjis J (eds) Advances in enterprise engineering i. CIAO! 2008, EOMAS 2008. Lecture notes in business information processing, vol 10. Springer, Berlin

  27. Fares E, Bodeveix JP, Filali M et al (2011) Verification of timed BPEL 2.0 models. In: Halpin T (ed) Enterprise, business-process and information systems modeling. BPMDS 2011, EMMSAD 2011. Lecture notes in business information processing, vol 81. Springer, Berlin

  28. Song W, Ma X, Ye C et al (2009) Timed modeling and verification of BPEL processes using time petri nets. International Conference on Quality Software, pp 92–97

  29. Chama IE, Belala N, Saidouni DE et al (2014) Formalization and analysis of timed BPEL. Information Reuse and Integration, pp 483–491

  30. Chama IE, Belala N, Saidouni DE et al (2017) A timed semantics for web services composition. International Journal of Business Process Integration and Management 8(1):64–79

    Article  Google Scholar 

  31. Gao H, Miao H, Liu L et al (2018) Automated quantitative verification for service-based system design: a visualization transform tool perspective. International Journal of Software Engineering and Knowledge Engineering 28(10):1369–1397

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China (NSFC) under Grant No. 61902236 and National Key Research and Development Program of China under Grant 2020YFB1006003.

Author information

Authors and Affiliations

  1. School of Computer Engineering and Science, Shanghai University, Shanghai, 200444, People’s Republic of China

    Honghao Gao, Yida Zhang & Huaikou Miao

  2. Faculty of Telecommunication Engineering, University of Valladolid, Valladolid, Spain

    Ramón J. Durán Barroso

  3. School of Computer and Information Engineering, Shanghai Polytechnic University, Shanghai, 201209, People’s Republic of China

    Xiaoxian Yang

Authors
  1. Honghao Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yida Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Huaikou Miao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ramón J. Durán Barroso
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiaoxian Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaoxian Yang.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gao, H., Zhang, Y., Miao, H. et al. SDTIOA: Modeling the Timed Privacy Requirements of IoT Service Composition: A User Interaction Perspective for Automatic Transformation from BPEL to Timed Automata. Mobile Netw Appl 26, 2272–2297 (2021). https://doi.org/10.1007/s11036-021-01846-x

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-021-01846-x

Keywords

Search

Navigation