A view-based monitoring for usage control in web services

Hassina Meziane, Salima Benbernou*, Mohand-Said Hacid, Zaki Malik, Mike Papazoglou

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

Abstract

Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, and accepting a service by the customer. The criticality is more pronounced when the service provider handles the non-functional QoS attribute of privacy, i.e., privacy related to the customer's personal data. In this regard, the customer needs some guarantee(s) from the service provider about confidentiality management, leading to overall quality characterization of the provided service. A service level agreement (SLA) is primarily intended to specify (in terms of clauses) the level of such non-functional QoS delivered to the customer. The aim is to provide customers with tools that show the fulfillment of QoS guarantees, through SLA monitoring process. In this paper, we address the problem of usage control of private data in service based applications ensuring end-to-end QoS capabilities. We propose a query containment based approach to support the monitoring of privacy-aware SLA compliance, that spells out a customer's privacy rights, and shows how the customer's private information must be handled by a Web service provider. We introduce the private data usage flow model upon which the monitoring is performed to observe the data usage flow, and capture the privacy vulnerabilities that may lead to non-compliance. The model is built on top of (i) properties and time-related privacy requirements to be monitored, and (ii) a set of identified privacy violations. As proof of concept, a privacy aware SLA monitoring system, which is an easy-to-use, and efficient tool for observing the dynamic private data usage flow is developed. Experiment results indicate the relevance and applicability of the proposed approach.

Original languageEnglish
Pages (from-to)145-178
Number of pages34
JournalDistributed and Parallel Databases
Volume34
Issue number2
DOIs
Publication statusPublished - Jun 2016

Keywords

  • Privacy aware SLA
  • Usage control
  • Monitoring
  • Usage flow view
  • Query containment
  • Compliance
  • QUERY CONTAINMENT
  • CHECKING

Cite this

Meziane, Hassina ; Benbernou, Salima ; Hacid, Mohand-Said ; Malik, Zaki ; Papazoglou, Mike. / A view-based monitoring for usage control in web services. In: Distributed and Parallel Databases. 2016 ; Vol. 34, No. 2. pp. 145-178.
@article{76c8ebbc2f8646f3885d532d1bace9e3,
title = "A view-based monitoring for usage control in web services",
abstract = "Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, and accepting a service by the customer. The criticality is more pronounced when the service provider handles the non-functional QoS attribute of privacy, i.e., privacy related to the customer's personal data. In this regard, the customer needs some guarantee(s) from the service provider about confidentiality management, leading to overall quality characterization of the provided service. A service level agreement (SLA) is primarily intended to specify (in terms of clauses) the level of such non-functional QoS delivered to the customer. The aim is to provide customers with tools that show the fulfillment of QoS guarantees, through SLA monitoring process. In this paper, we address the problem of usage control of private data in service based applications ensuring end-to-end QoS capabilities. We propose a query containment based approach to support the monitoring of privacy-aware SLA compliance, that spells out a customer's privacy rights, and shows how the customer's private information must be handled by a Web service provider. We introduce the private data usage flow model upon which the monitoring is performed to observe the data usage flow, and capture the privacy vulnerabilities that may lead to non-compliance. The model is built on top of (i) properties and time-related privacy requirements to be monitored, and (ii) a set of identified privacy violations. As proof of concept, a privacy aware SLA monitoring system, which is an easy-to-use, and efficient tool for observing the dynamic private data usage flow is developed. Experiment results indicate the relevance and applicability of the proposed approach.",
keywords = "Privacy aware SLA, Usage control, Monitoring, Usage flow view, Query containment, Compliance, QUERY CONTAINMENT, CHECKING",
author = "Hassina Meziane and Salima Benbernou and Mohand-Said Hacid and Zaki Malik and Mike Papazoglou",
year = "2016",
month = "6",
doi = "10.1007/s10619-014-7169-3",
language = "English",
volume = "34",
pages = "145--178",
journal = "Distributed and Parallel Databases",
issn = "0926-8782",
publisher = "Springer",
number = "2",

}

A view-based monitoring for usage control in web services. / Meziane, Hassina; Benbernou, Salima; Hacid, Mohand-Said; Malik, Zaki; Papazoglou, Mike.

In: Distributed and Parallel Databases, Vol. 34, No. 2, 06.2016, p. 145-178.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - A view-based monitoring for usage control in web services

AU - Meziane, Hassina

AU - Benbernou, Salima

AU - Hacid, Mohand-Said

AU - Malik, Zaki

AU - Papazoglou, Mike

PY - 2016/6

Y1 - 2016/6

N2 - Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, and accepting a service by the customer. The criticality is more pronounced when the service provider handles the non-functional QoS attribute of privacy, i.e., privacy related to the customer's personal data. In this regard, the customer needs some guarantee(s) from the service provider about confidentiality management, leading to overall quality characterization of the provided service. A service level agreement (SLA) is primarily intended to specify (in terms of clauses) the level of such non-functional QoS delivered to the customer. The aim is to provide customers with tools that show the fulfillment of QoS guarantees, through SLA monitoring process. In this paper, we address the problem of usage control of private data in service based applications ensuring end-to-end QoS capabilities. We propose a query containment based approach to support the monitoring of privacy-aware SLA compliance, that spells out a customer's privacy rights, and shows how the customer's private information must be handled by a Web service provider. We introduce the private data usage flow model upon which the monitoring is performed to observe the data usage flow, and capture the privacy vulnerabilities that may lead to non-compliance. The model is built on top of (i) properties and time-related privacy requirements to be monitored, and (ii) a set of identified privacy violations. As proof of concept, a privacy aware SLA monitoring system, which is an easy-to-use, and efficient tool for observing the dynamic private data usage flow is developed. Experiment results indicate the relevance and applicability of the proposed approach.

AB - Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, and accepting a service by the customer. The criticality is more pronounced when the service provider handles the non-functional QoS attribute of privacy, i.e., privacy related to the customer's personal data. In this regard, the customer needs some guarantee(s) from the service provider about confidentiality management, leading to overall quality characterization of the provided service. A service level agreement (SLA) is primarily intended to specify (in terms of clauses) the level of such non-functional QoS delivered to the customer. The aim is to provide customers with tools that show the fulfillment of QoS guarantees, through SLA monitoring process. In this paper, we address the problem of usage control of private data in service based applications ensuring end-to-end QoS capabilities. We propose a query containment based approach to support the monitoring of privacy-aware SLA compliance, that spells out a customer's privacy rights, and shows how the customer's private information must be handled by a Web service provider. We introduce the private data usage flow model upon which the monitoring is performed to observe the data usage flow, and capture the privacy vulnerabilities that may lead to non-compliance. The model is built on top of (i) properties and time-related privacy requirements to be monitored, and (ii) a set of identified privacy violations. As proof of concept, a privacy aware SLA monitoring system, which is an easy-to-use, and efficient tool for observing the dynamic private data usage flow is developed. Experiment results indicate the relevance and applicability of the proposed approach.

KW - Privacy aware SLA

KW - Usage control

KW - Monitoring

KW - Usage flow view

KW - Query containment

KW - Compliance

KW - QUERY CONTAINMENT

KW - CHECKING

U2 - 10.1007/s10619-014-7169-3

DO - 10.1007/s10619-014-7169-3

M3 - Article

VL - 34

SP - 145

EP - 178

JO - Distributed and Parallel Databases

JF - Distributed and Parallel Databases

SN - 0926-8782

IS - 2

ER -