Research On Private Information Disclosure Detection Method Of Composite Services

The Internet of Things,as a national emerging strategic industry,is widely used in digital homes,smart manufacturing,smart cities and other fields.The service capability of a single Io T is limited,and it is difficult to meet the complex service needs of users.Multi-domain sharing,dynamic integration,and collaborative development become a new model for Io T service development.Due to the different sensitivity of the privacy information involved in the composite service,the complex interdependence of the privacy information and the dynamic change of the calling rights between the services,the combined service has privacy information disclosure such as privacy information aggregation and unauthorized access to privacy information.How to detect the leakage of private information in the process of sharing service sharing becomes the key research point of portfolio service.This paper focuses on the privacy leakage detection of composite services.The main work is as follows:Aiming at the problem of privacy information aggregation caused by different sensitivity of privacy information and complex interdependence of privacy information,this paper proposes a static privacy information leakage detection method based on Petri net.Based on the sensitivity of privacy information,a multi-security model is designed to study the confidentiality and integrity security policy of privacy information,and to establish a privacy information security protocol based on the purpose of use,and to implement security supervision of privacy information flow.On this basis,the dependence relationship between privacy information is studied,and the Petri net-based combined service privacy information authorization constraint network is constructed to solve the privacy information leakage problem caused by the aggregation of private information in the combined service,and the static information leakage detection of the composite service is realized.The experimental verification shows that the model realizes the ms-level detection of the static service information leakage of the combined service without affecting the service function.Aiming at the problem of unauthorized access of private information caused by the dynamic change of third-party service calling rights during the sharing of shared services,a dynamic privacy information leakage detection method based on security label is proposed.Research the dependencies between services,services and privacy information,construct a knowledge and privacy information map,generate a private information security label for the combined service,and determine whether the call will cause privacy information disclosure by dynamically verifying the security label during the service invocation process.To realize the detection of dynamic privacy information leakage of the combined service in the service chain mode.Experimental verification shows that this method saves 14% of the average communication overhead compared to the existing service chain information flow control method.Based on the above-mentioned research techniques and methods,the privacy information leakage detection system of combined services is designed and implemented,and the system is applied to the multi-domain Io T service sharing platform developed by the research group.The smart parking application is taken as an example to verify the research techniques and methods.Feasibility and availability.