A Privacy-Preserving Approach for Web Service Selection and Provisioning

The growing success of WS-related technologies has resulted in a large number of providers, which implement services of varying degree of sophistication and complexity. While on the one hand the availability of a wide array of services has created a competitive and flexible market that suits well the needs of different type of users, on the other hand, it requires them to select among possibly hundreds of similar services. As such, Web service selection plays a crucial role in Web service life-cycle. Here, several application-dependent requirements might constrain the selection of the best service. In this paper, we study the privacy implications caused by the exchange of large amount of potentially sensitive data required by optimized strategies for service-selection. In particular, we propose a comprehensive framework to uniformly protect users' and service providers' privacy needs, at the time of service selection. We define a solution that allows matching of the search criteria against the Web services attributes in a private fashion such that both criteria and service attributes are kept private during the matching. Further, we propose an approach to protect service provisioning rules from unwanted disclosure, both from the user and the service provider's perspective. Our experimental evaluation and complexity analysis demonstrate that our algorithms are efficient.

[1]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[2]  Lei Li,et al.  High Performance Approach for Multi-QoS Constrained Web Services Selection , 2007, ICSOC.

[3]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[4]  Maria-Esther Vidal,et al.  Customized and Optimized Service Selection with ProtocolDB , 2009, Globe.

[5]  Elisa Bertino,et al.  Access control enforcement for conversation-based web services , 2006, WWW '06.

[6]  Elisa Bertino,et al.  Identity Attribute-Based Role Provisioning for Human WS-BPEL Processes , 2009, 2009 IEEE International Conference on Web Services.

[7]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[8]  Raffaela Mirandola,et al.  Per-flow optimal service selection for Web services based processes , 2010, J. Syst. Softw..

[9]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[10]  Barbara Carminati,et al.  Security Conscious Web Service Composition , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[11]  Rong Wang,et al.  A Fast Heuristic Algorithm for the Composite Web Service Selection , 2009, APWeb/WAIM.

[12]  Athman Bouguettaya,et al.  Preserving privacy in web services , 2002, WIDM '02.

[13]  Barbara Carminati,et al.  Security Conscious Web Service Composition with Semantic Web Support , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[14]  Wenbo Mao,et al.  Modern Cryptography: Theory and Practice , 2003 .