A view-based monitoring for usage control in web services

Hassina Meziane, Salima Benbernou*, Mohand-Said Hacid, Zaki Malik, Mike Papazoglou

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

1 Citation (Scopus)

Abstract

Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, and accepting a service by the customer. The criticality is more pronounced when the service provider handles the non-functional QoS attribute of privacy, i.e., privacy related to the customer's personal data. In this regard, the customer needs some guarantee(s) from the service provider about confidentiality management, leading to overall quality characterization of the provided service. A service level agreement (SLA) is primarily intended to specify (in terms of clauses) the level of such non-functional QoS delivered to the customer. The aim is to provide customers with tools that show the fulfillment of QoS guarantees, through SLA monitoring process. In this paper, we address the problem of usage control of private data in service based applications ensuring end-to-end QoS capabilities. We propose a query containment based approach to support the monitoring of privacy-aware SLA compliance, that spells out a customer's privacy rights, and shows how the customer's private information must be handled by a Web service provider. We introduce the private data usage flow model upon which the monitoring is performed to observe the data usage flow, and capture the privacy vulnerabilities that may lead to non-compliance. The model is built on top of (i) properties and time-related privacy requirements to be monitored, and (ii) a set of identified privacy violations. As proof of concept, a privacy aware SLA monitoring system, which is an easy-to-use, and efficient tool for observing the dynamic private data usage flow is developed. Experiment results indicate the relevance and applicability of the proposed approach.

Original languageEnglish
Pages (from-to)145-178
Number of pages34
JournalDistributed and Parallel Databases
Volume34
Issue number2
DOIs
Publication statusPublished - Jun 2016

Keywords

  • Privacy aware SLA
  • Usage control
  • Monitoring
  • Usage flow view
  • Query containment
  • Compliance
  • QUERY CONTAINMENT
  • CHECKING

Cite this