Research On Privacy Analysis And Verification Of Web Service Composition

Service-Oriented Computing (SOC) is a kind of Internet-based distributed computing model, which proposes a promising paradigm of software development. SOC has efficiently solved the integration problem of distributed applications in a distributed, dynamic and heterogeneous environment by taking the Web service as basic components. Web services composition is one of the core technologies of realizing SOC. It satisfies the requirements of users to form new value-added services by composing existing services. The users have to release some personal private information to support the execution of the services composition to obtain the benefits of the services composition. Due to the characteristics of the service-oriented environment, i.e., open, autonomous, and dynamic, the provider of the services composition may access, use or disclose the private information without authorization after obtaining it, thus causing huge damages to the privacy of uses.Facing with this privacy hazard, users worry about the security of their personal information. On one hand, they hope to accomplish the business tasks through the services composition; on the other hand, they also hope that the damage to their privacy can be minimized. Hence, how to minimize the damage to the users'privacy on the premise of satisfying the functional requirement of users is a key issue in realizing secure Web services composition. Many researchers at home and abroad have conducted extensive and profound investigations to the Web service composition, but few of them pays enough attention to protection of personal privacy. In view of the current limitations of the study, this thesis conducts the research on the privacy protection problem of Web service compositions, the major contributions are as follows:(1) It investigates the privacy analysis and verification framework for Web services composition. Within this framework, users can express their personalized privacy policies, set the sensitive degree of the privacy data; and the service composer can check whether the design satisfies the privacy policy constraints of the users in the process of designing the services composition, and thus analyze the privacy disclosure and authorization of the Web services composition within this framework that can efficiently decrease the harm of privacy disclosure and provide basic conditions to improve the security and reliability of services composition.(2) It studies the problem of privacy access control of Web services composition. It proposes a trust-based Web services privacy access control model. This model utilizes a trust degree to limit the access of the services to the privacy and presents an enforcement system of privacy policies. Besides, it analyzes the function components of the system as well as the executive process and presents the corresponding algorithm for the privacy authorization decision which is very important to the implementation of fine-grained privacy authorization.(3) It explores the privacy modeling and verification problem of Web services composition. It proposes an interface automata model by extending privacy semantics, and utilizes this model to specify the privacy behaviors of the Web services and their compositions. It also presents a transformation method from BPEL process activities to privacy interface automata. On top of that, it transforms a privacy interface automata of a services composition to a state space reachability graph and presents a verification algorithm of the privacy authorization. This algorithm can verify whether there is violation in the reachability graph, and thus verify whether the services composition satisfies the privacy requirements of users. This algorithm provides an important foundation to improve the function correctness and privacy security of services.(4) It inspects the privacy disclosure and authorization problem in Web services composition and presents an analysis method of the minimal privacy disclosure and optimal privacy authorization. Firstly it put forward a method to compute the privacy disclosure cost. This method assigns the privacy disclosure cost to a state space reachability graph which satisfies the privacy policy constraints so as to from the minimal privacy cost reachability graph. Then it proposes an algorithm to obtain the reachability path of the minimal privacy cost. It can be utilized to compute the privacy cost of the reachability path, and thus analyze the minimal privacy disclosure of the services composition. At last it offers an algorithm of setting the optimal privacy policy, with which the optimal privacy authorization of the services composition can be analyzed based on the minimal privacy cost reachability graph. The analysis on the problems like the minimal privacy disclosure and optimal privacy authorization is of great significance in decreasing the privacy disclosure hazard of services composition.(5) Based on the above methods and theories, this thesis designs and implements a privacy analysis and verification tool for Web services composition. With this tool, the privacy analysis and verification to the services composition can be conducted. On top of that, this paper presents a case study of on-line shopping transactions to prove the correctness and efficiency of the methods and theories contributed by this thesis.