Skip to main content
SpringerLink
Log in

A user requirements-oriented privacy policy self-adaption scheme in cloud computing

  • Research Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

In an ever-changing environment, Software as a Service (SaaS) can rarely protect users’ privacy. Being able to manage and control the privacy is therefore an important goal for SaaS. Once the participant of composite service is substituted, it is unclear whether the composite service satisfy user privacy requirement or not. In this paper, we propose a privacy policies automatic update method to enhance user privacy when a service participant change in the composite service. Firstly, we model the privacy policies and service variation rules. Secondly, according to the service variation rules, the privacy policies are automatically generated through the negotiation between user and service composer. Thirdly, we prove the feasibility and applicability of our method with the experiments. When the service quantity is 50, ratio that the services variations are successfully checked by monitor is 81%. Moreover, ratio that the privacy policies are correctly updated is 93.6%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Hayes B. Cloud computing. Communications of the ACM, 2008, 51(7): 9–11

    Article  Google Scholar 

  2. Jensen M, Schwenk J, Gruschka N, Iacono L L. On technical security issues in cloud computing. In: Proceedings of the 2009 IEEE International Conference on Cloud Computing. 2009, 109–116

  3. Ngu A H H, Carlson M P, Sheng Q Z, Paik H Y. Semantic-based mashup of composite applications. IEEE Transactions on Services Computing, 2010, 3(1): 2–15

    Article  Google Scholar 

  4. Zhou M, Zhang R, Xie W, Qian W, Zhou A. Security and privacy in cloud computing: a survey. In: Proceedings of the 6th International Conference on Semantics, Knowledge and Grids. 2010, 105–112

  5. Takabi H, Joshi J B D, Ahn G J. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 2010, 8(6): 24–31

    Article  Google Scholar 

  6. Andrikopoulos V, Benbernou S, Papazoglou M P. On the evolution of services. IEEE Transactions on Software Engineering, 2012, 38(3): 609–628

    Article  Google Scholar 

  7. Ke C, Huang Z, Cheng X. Privacy disclosure checking method applied on collaboration interactions among SaaS services. IEEE Access, 2017, 5: 15080–15092

    Article  Google Scholar 

  8. Qi J, Xu B, Xue Y, Wang K, Sun Y. Knowledge based differential evolution for cloud computing service composition. Journal of Ambient Intelligence and Humanized Computing, 2018, 9(3): 565–574

    Article  Google Scholar 

  9. Chang S E, Liu A Y, Shen W C. User trust in social networking services: a comparison of Facebook and LinkedIn. Computers in Human Behavior, 2017, 69: 207–217

    Article  Google Scholar 

  10. Chang V, Ramachandran M. Towards achieving data security with the cloud computing adoption framework. IEEE Transactions on Services Computing, 2016, 9(1): 138–151

    Article  Google Scholar 

  11. Pham V V H, Liu X, Zheng X, Fu M, Deshpande S V, Xia W, Zhou R, Abdelrazek M. PaaS-black or white: an investigation into software development model for building retail industry SaaS. In: Proceedings of the 39th IEEE/ACM International Conference on Software Engineering Companion (ICSE-C). 2017, 285–287

  12. Song W, Jacobsen H A, Zhang C, Ma X. Dependence-based data-aware process conformance checking. IEEE Transactions on Services Computing, 2021, 14(3): 654–667

    Article  Google Scholar 

  13. Guzek M, Bouvry P, Talbi E G. A survey of evolutionary computation for resource management of processing in cloud computing. IEEE Computational Intelligence Magazine, 2015, 10(2): 53–67

    Article  Google Scholar 

  14. Zhang L, Li X Y, Liu K, Jung T, Liu Y. Message in a sealed bottle: privacy preserving friending in mobile social networks. IEEE Transactions on Mobile Computing, 2015, 14(9): 1888–1902

    Article  Google Scholar 

  15. Ma Q, Zhang S, Zhu T, Liu K, Zhang L, He W, Liu Y. PLP: Protecting location privacy against correlation analyze Attack in crowdsensing. IEEE Transactions on Mobile Computing, 2017, 16(9): 2588–2598

    Article  Google Scholar 

  16. Ke C, Xiao F, Huang Z, Meng Y, Cao Y. Ontology-based privacy data chain disclosure discovery method for big data. IEEE Transactions on Services Computing, 2022, 15(1): 59–68

    Article  Google Scholar 

  17. Lutz C, Miličić M. A tableau algorithm for description logics with concrete domains and general tboxes. Journal of Automated Reasoning, 2007, 38(1): 227–259

    Article  MathSciNet  Google Scholar 

  18. Reay I, Dick S, Miller J. A large-scale empirical study of P3P privacy policies: stated actions vs. legal obligations. ACM Transactions on the Web, 2009, 3(2): 6

    Article  Google Scholar 

  19. Hadar I, Hasson T, Ayalon O, Toch E, Birnhack M, Sherman S, Balissa A. Privacy by designers: software developers’ privacy mindset. Empirical Software Engineering, 2018, 23(1): 259–289

    Article  Google Scholar 

  20. Such J M, Rovatsos M. Privacy policy negotiation in social media. ACM Transactions on Autonomous and Adaptive Systems, 2016, 11(1): 4

    Article  Google Scholar 

  21. Lee Y, Sarangi D, Kwon O, Kim M Y. Lattice based privacy negotiation rule generation for context-aware service. In: Proceedings of the 6th International Conference on Ubiquitous Intelligence and Computing. 2009, 340–352

  22. Ke C, Huang Z, Tang M. Supporting negotiation mechanism privacy authority method in cloud computing. Knowledge-Based Systems, 2013, 51: 48–59

    Article  Google Scholar 

  23. Tbahriti S E, Ghedira C, Medjahed B, Mrissa M. Privacy-enhanced web service composition. IEEE Transactions on Services Computing, 2014, 7(2): 210–222

    Article  Google Scholar 

  24. Bhatia J, Breaux T D. Semantic incompleteness in privacy policy goals. In: Proceedings of the 26th IEEE International Requirements Engineering Conference (RE). 2018, 159–169

  25. Yu L, Zhang T, Luo X, Xue L, Chang H. Toward automatically generating privacy policy for android apps. IEEE Transactions on Information Forensics and Security, 2017, 12(4): 865–880

    Article  Google Scholar 

  26. Zimmeck S, Bellovin S M. Privee: An architecture for automatically analyzing web privacy policies. In: Proceedings of the 23rd USENIX Security Symposium. 2014, 1–16

  27. Anton A I, Earp J B, He Q, Stufflebeam W, Bolchini D, Jensen C. Financial privacy policies and the need for standardization. IEEE Security & Privacy, 2004, 2(2): 36–45

    Article  Google Scholar 

  28. Massey A K, Eisenstein J, Antón A I, Swire P P. Automated text mining for requirements analysis of policy documents. In: Proceedings of the 21st IEEE International Requirements Engineering Conference (RE). 2013, 4–13

  29. Bhatia J, Breaux T D. A data purpose case study of privacy policies. In: Proceedings of the 25th IEEE International Requirements Engineering Conference (RE). 2017, 394–399

  30. Breaux T D, Smullen D, Hibshi H. Detecting repurposing and over-collection in multi-party privacy requirements specifications. In: The 23rd IEEE International Requirements Engineering Conference (RE). 2015, 166–175

  31. Squicciarini A C, Lin D, Sundareswaran S, Wede J. Privacy policy inference of user-uploaded images on content sharing sites. IEEE Transactions on Knowledge and Data Engineering, 2015, 27(1): 193–206

    Article  Google Scholar 

  32. Linden T, Khandelwal R, Harkous H, Fawaz K. The privacy policy landscape after the GDPR. Proceedings on Privacy Enhancing Technologies, 2020, 2020(1): 47–64

    Article  Google Scholar 

  33. Wilson S, Schaub F, Liu F, Sathyendra K M, Smullen D, Zimmeck S, Ramanath R, Story P, Liu F, Sadeh N, Smith N A. Analyzing privacy policies at scale: from crowdsourcing to automated annotations. ACM Transactions on the Web, 2019, 13(1): 1

    Article  Google Scholar 

  34. Yu L, Luo X, Qian C, Wang S, Leung H K. Enhancing the description-to-behavior fidelity in android apps with privacy policy. IEEE Transactions on Software Engineering, 2018, 44(9): 834–854

    Article  Google Scholar 

  35. Yu L, Luo X, Chen J, Zhou H, Zhang T, Chang H, Leung H K N. PPChecker: towards accessing the trustworthiness of android Apps’ privacy policies. IEEE Transactions on Software Engineering, 2021, 47(2): 221–242

    Article  Google Scholar 

  36. Khurat A, Suntisrivaraporn B, Gollmann D. Privacy policies verification in composite services using OWL. Computers & Security, 2017, 67: 122–141

    Article  Google Scholar 

  37. Zaeem R N, German R L, Barber K S. PrivacyCheck: automatic summarization of privacy policies using data mining. ACM Transactions on Internet Technology, 2018, 18(4): 53

    Article  Google Scholar 

  38. Such J M, Criado N. Resolving multi-party privacy conflicts in social media. IEEE Transactions on Knowledge and Data Engineering, 2016, 28(7): 1851–1863

    Article  Google Scholar 

  39. Wang X, Qin X, Hosseini M B, Slavin R, Breaux T D, Niu J. Guileak: Tracing privacy policy claims on user input data for android applications. In: Proceedings of the 40th IEEE/ACM International Conference on Software Engineering (ICSE). 2018, 37–47

  40. Amato F, Coppolino L, D’Antonio S, Mazzocca N, Moscato F, Sgaglione L. An abstract reasoning architecture for privacy policies monitoring. Future Generation Computer Systems, 2020, 106: 393–400

    Article  Google Scholar 

  41. Ouederni M, Salaün G, Pimentel E. Client update: a solution for service evolution. In: Proceedings of 2011 IEEE International Conference on Services Computing. 2011, 394–401

  42. Ryu S H, Casati F, Skogsrud H, Benatallah B, Saint-Paul R. Supporting the dynamic evolution of web service protocols in service-oriented architectures. ACM Transactions on the Web, 2008, 2(2): 13

    Article  Google Scholar 

  43. Wu L, Ge Y, Liu Q, Chen E, Hong R, Du J, Wang M. Modeling the evolution of users’ preferences and social links in social networking services. IEEE Transactions on Knowledge and Data Engineering, 2017, 29(6): 1240–1253

    Article  Google Scholar 

  44. Robol M, Breaux T D, Paja E, Giorgini P. Consent verification under evolving privacy policies. In: Proceedings of the 27th IEEE International Requirements Engineering Conference (RE). 2019, 422–427

  45. Alom Z, Carminati B, Ferrari E. Adapting users’ privacy preferences in smart environments. In: Proceedings of the 2019 IEEE International Congress on Internet of Things (ICIOT). 2019, 165–172

  46. Joshi K P, Gupta A, Mittal S, Pearce C, Joshi A, Finin T. Semantic approach to automating management of big data privacy policies. In: Proceedings of the 2016 IEEE International Conference on Big Data (Big Data). 2016, 482–491

  47. Slavin R, Wang X, Hosseini M B, Hester J, Krishnan R, Bhatia J, Breaux T D, Niu J. Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the 38th International Conference on Software Engineering. 2016, 25–36

  48. Li Y, Zhang Y, Zhu H, Du S. Toward automatically generating privacy policy for smart home apps. In: Proceedings of IEEE INFOCOM 2021-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). 2021, 1–7

Download references

Acknowledgements

We thank doctoral candidate Yunfei Meng of Nanjing University of Aeronautics and Astronautics (NUAA), for his participation of beneficial discussions. We appreciate the anonymous referees for comments that will lead to the improvements of our paper. This work was supported by the Nature Science Foundation of Jiangsu for Distinguished Young Scientist (BK20170039), Guangxi Natural Science Foundation (2018GXNSFAA 050046), Fund for Talents for Scientific Research at Jinling Institute of Technology, and Science Foundations of Nanjing Institute of Technology (CKJB201906).

Author information

Authors and Affiliations

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, 210003, China

    Changbo Ke & Fu Xiao

  2. College of computer science and technology, Nanjing University of Aeronautics and Astronautics, Nanjing, 210016, China

    Zhiqiu Huang

  3. School of Software Engineering, Jinling Institute of Technology, Nanjing, 210000, China

    Fangxiong Xiao

Authors
  1. Changbo Ke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fu Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhiqiu Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fangxiong Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fu Xiao.

Additional information

Changbo Ke received his PhD degree from Nanjing University of Aeronautics and Astronautics, China in 2014. Now he is an associate professor and master supervisor in Nanjing University of Posts and Telecommunications, China. He has published more than 10 papers in related international conferences and journals, including IEEE TSC, IEEE TR, KBS, and so on. His major research interests include privacy and security in IoT. He is a member of the IEEE Computer Society.

Fu Xiao received his PhD degree in computer science and technology from Nanjing University of Science and Technology, China in 2007. He is currently a professor and PhD supervisor in the School of Computer Science, Nanjing University of Posts and Telecommunications, China. He has published more than 20 papers in related international conferences and journals, including IEEE/ACM ToN, IEEE JSAC, IEEE TMC, IEEE TVT, INFOCOM, IPCCC, ICC, and so on. His main research interest include the wireless sensor networksand Internet of Things. He is a member of the IEEE Computer Society and the Association for Computing Machinery.

Zhiqiu Huang received his PhD degree from Nanjing University of Aeronautics and Astronautics, China. Now he is a professor and PhD supervisor in Nanjing University of Aeronautics and Astronautics, China. He has published more than 40 papers in related international conferences and journals, including IEEE TSC, KBS, FGCS Computers & Security, IEEE TNSM, ICWS, and so on. His major research interests include formal method, software engineering, and cloud computing.

Fangxiong Xiao received his PhD degree from Nanjing University of Aeronautics and Astronautics, China in 2010. Now he is a professor in Jinling Institute of Technology of China. He has published more than 10 papers in related international conferences and journals. His major research interests include software engineering and block chain.

Electronic Supplementary Material

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ke, C., Xiao, F., Huang, Z. et al. A user requirements-oriented privacy policy self-adaption scheme in cloud computing. Front. Comput. Sci. 17, 172203 (2023). https://doi.org/10.1007/s11704-022-1182-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11704-022-1182-x

Keywords

Search

Navigation