Security-aware Business Process as a Service by hiding provenance

We adress in this paper the security issues that arise when outsourcing business processes in the BPaaS (Business Process as a Service). In particular when sharing and reusing process fragments coming from different organizations for faster and easier development of process-based applications (PBA). The goal is twofold, to preserve the process fragment provenance, i.e., the companies's business activities which provide the reused fragments in order to avoid the competition, and to guarantee the end-to-end availability of PBA to fragment's consumers. We formally define the problem, and offer an efficient anonymization-based protocol. Experiments have been conducted to show the effectiveness of the proposed solution. We address the security issues that arise when outsourcing business processes in the cloud as BPaaS (Business Process as a Service).We formally define the concept of sharing and reusing process fragments for faster and easier development of process-based applications.We provide an efficient anonymization-based protocol to preserve the process fragment provenance, and to guarantee the end-to-end availability of process-based applications.We evaluate the performance of the proposed approach on real datasets.

[1]  Salima Benbernou,et al.  A view-based Monitoring for Privacy-aware Web services , 2010, 2010 IEEE 26th International Conference on Data Engineering (ICDE 2010).

[2]  Yehia Taher,et al.  α BPaaS - A Customizable BPaaS on the Cloud , 2013, CLOSER.

[3]  Hao Wang,et al.  Evaluating Service Identification with Design Metrics on Business Process Decomposition , 2009, 2009 IEEE International Conference on Services Computing.

[4]  Catriel Beeri,et al.  Querying business processes , 2006, VLDB.

[5]  Marianne Winslett,et al.  Introducing secure provenance: problems and challenges , 2007, StorageSS '07.

[6]  J. A. Bondy,et al.  Graph Theory with Applications , 1978 .

[7]  Eric Dubois,et al.  A Security Risk Assessment Model for Business Process Deployment in the Cloud , 2014, 2014 IEEE International Conference on Services Computing.

[8]  Athman Bouguettaya,et al.  QoS Analysis for Web Service Compositions with Complex Structures , 2013, IEEE Transactions on Services Computing.

[9]  Eyhab Al-Masri,et al.  QoS-based Discovery and Ranking of Web Services , 2007, 2007 16th International Conference on Computer Communications and Networks.

[10]  Bu-Sung Lee,et al.  Optimization of Resource Provisioning Cost in Cloud Computing , 2012, IEEE Transactions on Services Computing.

[11]  Salima Benbernou,et al.  A survey on service quality description , 2013, CSUR.

[12]  Barbara Carminati,et al.  Security Conscious Web Service Composition , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[13]  Mike P. Papazoglou,et al.  Cloud Blueprints for Integrating and Managing Cloud Federations , 2012, Software Service and Application Engineering.

[14]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[15]  Gian Luigi Ferrari,et al.  Enforcing secure service composition , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[16]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[17]  Marlon Dumas,et al.  Fast detection of exact clones in business process model repositories , 2013, Inf. Syst..

[18]  Nils Gruschka,et al.  Security and Privacy-Enhancing Multicloud Architectures , 2013, IEEE Transactions on Dependable and Secure Computing.

[19]  Salima Benbernou,et al.  A Privacy Agreement Model for Web Services , 2007, IEEE International Conference on Services Computing (SCC 2007).

[20]  Suraj C. Kothari,et al.  Preventing SQL injection attacks in stored procedures , 2006, Australian Software Engineering Conference (ASWEC'06).

[21]  Salima Benbernou,et al.  A dynamic privacy model for web services , 2010, Comput. Stand. Interfaces.

[22]  Luciano Baresi,et al.  Towards Distributed BPEL Orchestrations , 2006, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[23]  David Evans,et al.  Enforcing End-to-End Application Security in the Cloud - (Big Ideas Paper) , 2010, Middleware.

[24]  David M. Eyers,et al.  Information Flow Control for Secure Cloud Computing , 2014, IEEE Transactions on Network and Service Management.

[25]  David M. Eyers,et al.  Big Ideas Paper : Enforcing End-to-end Application Security in the Cloud , 2010 .

[26]  Eyhab Al-Masri,et al.  Investigating web services on the world wide web , 2008, WWW.

[27]  Dragan Ivanovic,et al.  Automatic Fragment Identification in Workflows Based on Sharing Analysis , 2010, ICSOC.

[28]  Mikhail J. Atallah,et al.  Anonyfrag: an anonymization-based approach for privacy-preserving BPaaS , 2012, Cloud-I '12.

[29]  Remco M. Dijkman,et al.  APROMORE: An advanced process model repository , 2011, Expert Syst. Appl..

[30]  Stefan Katzenbeisser,et al.  Trustable outsourcing of business processes to cloud computing environments , 2011, 2011 5th International Conference on Network and System Security.

[31]  J. A. Bondy,et al.  Graph Theory with Applications , 1978 .

[32]  Frank Leymann,et al.  E Role-based Decomposition of Business Processes using BPEL , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[33]  Frank Leymann,et al.  Towards Classification Criteria for Process Fragmentation Techniques , 2011, Business Process Management Workshops.

[34]  Oliver Kopp,et al.  Process Fragment Libraries for Easier and Faster Development of Process-based Applications , 2011 .

[35]  Jianwen Su,et al.  Separating Execution and Data Management: A Key to Business-Process-as-a-Service (BPaaS) , 2014, BPM.

[36]  José M. Tribolet,et al.  Identification of Services through Functional Decomposition of Business Processes , 2010, BIS.

[37]  Juliana Freire,et al.  Provenance and scientific workflows: challenges and opportunities , 2008, SIGMOD Conference.

[38]  Jinpeng Huai,et al.  Business Process Decomposition Based on Service Relevance Mining , 2010, 2010 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology.

[39]  Sanjeev Khanna,et al.  On provenance and privacy , 2010, ICDT '11.

[40]  Elisa Bertino,et al.  Security-Aware Service Composition with Fine-Grained Information Flow Control , 2013, IEEE Transactions on Services Computing.

[41]  Debmalya Panigrahi,et al.  Provenance views for module privacy , 2010, PODS.

[42]  Athman Bouguettaya,et al.  Genetic Algorithm Based QoS-Aware Service Compositions in Cloud Computing , 2011, DASFAA.

[43]  Salima Benbernou,et al.  Run-Time Monitoring for Privacy-Agreement Compliance , 2007, ICSOC.

[44]  Mikhail J. Atallah,et al.  Privacy-Preserving Business Process Outsourcing , 2012, 2012 IEEE 19th International Conference on Web Services.

[45]  Sherif Sakr,et al.  Design by Selection: A Reuse-Based Approach for Business Process Modeling , 2011, ER.

[46]  Frank Leymann,et al.  Towards BPEL in the Cloud: Exploiting Different Delivery Models for the Execution of Business Processes , 2009, 2009 Congress on Services - I.