nach oben

Mobile Networks and Applications

Erschienen in:

10.11.2021

SDTIOA: Modeling the Timed Privacy Requirements of IoT Service Composition: A User Interaction Perspective for Automatic Transformation from BPEL to Timed Automata

verfasst von: Honghao Gao, Yida Zhang, Huaikou Miao, Ramón J. Durán Barroso, Xiaoxian Yang

Erschienen in: Mobile Networks and Applications | Ausgabe 6/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the development of the Internet of Things (IoT) and the Internet, new kinds of services based on IoT devices will benefit everyone. As a key step in achieving a complex business structure based on a massive number of IoT devices, establishing an effective service composition is extremely important. The emerging architecture of composition is related to process management and is subject to security risks, such as privacy leaks. Traditional service composition methods have difficulty verifying the timed privacy requirements of an IoT service composition. Therefore, this paper proposes an automatic method of transforming Business Process Execution Language (BPEL) into timed automata for formal verification, with the aim of formalizing timed privacy requirements for the IoT service composition and verifying the formal model returned to the UPPAAL supporting tool. First, a privacy requirement template is introduced to analyze the structure of the IoT service composition. Then, a timed computation tree logic (TCTL) property formula template is used to describe the privacy requirements, especially time constraints. Second, an extended timed I/O automata model, namely, the Sensitive Data Timed I/O Automata (SDTIOA) model, is proposed to formalize communication behavior, sensitive data treatment, and service time. Third, the corresponding transformation rules and algorithms are designed for BPEL and SDTIOA. These models can be adjusted through user interaction. Next, as a practical engineering application, we develop a prototype to show how to work with UPPAAL and generate UPPAAL code from SDTIOA code. Finally, a case study is discussed to illustrate the processes of modeling and timed verification for an IoT service composition.

Vorheriger Artikel Formal analysis and automated validation of privacy-preserving AICE protocol in mobile edge computing

Nächster Artikel TA-BiLSTM: An Interpretable Topic-Aware Model for Misleading Information Detection in Mobile Social Networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

Jetzt informieren

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

Jetzt informieren

Lemoine F, Aubonnet t, Simoni N (2020) IoT composition based on self-controlled services. Journal of Ambient Intelligence and Humanized Computing 11: 5167–5186

LeeI J, LeeK (2015) The Internet of Things (IoT): applications, investments, and challenges for enterprises. Business Horizons 58(4):431–440CrossRef

Jangjaccard J, Nepal S (2014) A survey of emerging threats in cybersecurity. J Comput Syst Sci 80(5):973–993MathSciNetCrossRef

Constante E, Paci F, Zannone N et al (2013) Privacy-aware web service composition and ranking. International Conference on Web Services 10(3):131–138

Labda W, Mehandjiev N, Sampaio P et al (2014) Modeling of privacy-aware business processes in BPMN to protect personal data. ACM Symposium on Applied Computing, pp 1399–1405

Roman R, Najera P, Lopez J et al (2011) Securing the internet of things. IEEE Computer 44(9):51–58CrossRef

Bertino E (2016) Data privacy for IoT systems: concepts, approaches, and research directions. International Conference on Big Data, pp 3645–3647

Butun I (2017) Privacy and trust relations in Internet of Things from the user point of view. IEEE Annual Computing and Communication Workshop and Conference, pp 1–5

Weber RH (2010) Internet of things: new security and privacy challenges. The Internet of Things 26(1):23–30CrossRef

10.

Bhatia R, Gujral MS (2017) Privacy aware access control: a literature survey and novel framework. International Journal of Information Technologies and Systems Approach 10(2):17–30CrossRef

11.

OASIS WS-BPEL Technical Committee, Web Services Business Process Execution Language Version 2.0 (2007). http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html

12.

Erl T (2008) SOA Principles of Service Design (Prentice Hall)

13.

UPPALL (2019) UPPAAL web help. https://www.it.uu.se/research/group/darts/uppaal/help.php?file=WebHelp

14.

David A, Larsen KG, Legay A et al (2010) Timed I/O automata: a complete specification theory for real-time systems. ACM International Conference Hybrid Systems Computation and Control, pp 91–100

15.

Felten EW, Schneider MA (2000) Timing attacks on Web privacy. Computer and Communications Security, pp 25–32

16.

Alur R, Courcoubetis C, Dill D (1990) Model-checking for real-time systems. Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science, Philadelphia, PA, USA, pp 414– 425

17.

Focardi R, Gorrieri R, Lanotte R et al (2002) Formal models of timing attacks on web privacy. Electronic Notes in Theoretical Computer Science, pp 229–243

18.

Song D, Wagner D, Tian X et al (2001) Timing analysis of keystrokes and timing attacks on SSH. Usenix Security Symposium, pp 25–25

19.

Honghao G, Huaikou M, Hongwei Z (2013) Predictive web service monitoring using probabilistic model checking. Applied Mathematics & Information Sciences 7(1L):139–148MathSciNetCrossRef

20.

Gao H, Chu D, Duan Y (2017) The probabilistic model checking based service selection method for business process modeling. Journal of Software Engineering and Knowledge Engineering 27(6):897–923CrossRef

21.

Gao H, Huang W, Duan Y, Yang X, Zou Q (2019) Research on cost-driven services composition in an uncertain environment. Journal of Internet Technology (JIT) 20(3):755–769

22.

Joshaghani R, Black S, Sherman E et al (2019) Formal specification and verification of user-centric privacy policies for ubiquitous systems. International Database Engineering and Applications Symposium

23.

Li YH, Paik H, Benatallah B et al (2006) Formal consistency verification between BPEL process and privacy policy. Conference on Privacy, Security and Trust

24.

Liu L, Huang Z, Xiao F et al (2010) Verification of privacy requirements in web services composition. International Symposium on Data, Privacy, and E-Commerce, pp 117–122

25.

Lu J, Huang Z, Ke C et al (2014) Verification of behavior-aware privacy requirements in web services composition. Journal of Software 9(4):944–951

26.

Mateescu R, Rampacek S (2008) Formal modeling and discrete-time analysis of BPEL web services. In: Dietzj LG, Albani A, Barjis J (eds) Advances in enterprise engineering i. CIAO! 2008, EOMAS 2008. Lecture notes in business information processing, vol 10. Springer, Berlin

27.

Fares E, Bodeveix JP, Filali M et al (2011) Verification of timed BPEL 2.0 models. In: Halpin T (ed) Enterprise, business-process and information systems modeling. BPMDS 2011, EMMSAD 2011. Lecture notes in business information processing, vol 81. Springer, Berlin

28.

Song W, Ma X, Ye C et al (2009) Timed modeling and verification of BPEL processes using time petri nets. International Conference on Quality Software, pp 92–97

29.

Chama IE, Belala N, Saidouni DE et al (2014) Formalization and analysis of timed BPEL. Information Reuse and Integration, pp 483–491

30.

Chama IE, Belala N, Saidouni DE et al (2017) A timed semantics for web services composition. International Journal of Business Process Integration and Management 8(1):64–79CrossRef

31.

Gao H, Miao H, Liu L et al (2018) Automated quantitative verification for service-based system design: a visualization transform tool perspective. International Journal of Software Engineering and Knowledge Engineering 28(10):1369–1397CrossRef

Titel: SDTIOA: Modeling the Timed Privacy Requirements of IoT Service Composition: A User Interaction Perspective for Automatic Transformation from BPEL to Timed Automata
verfasst von: Honghao Gao
Yida Zhang
Huaikou Miao
Ramón J. Durán Barroso
Xiaoxian Yang
Publikationsdatum: 10.11.2021
Verlag: Springer US
Erschienen in: Mobile Networks and Applications / Ausgabe 6/2021
Print ISSN: 1383-469X
Elektronische ISSN: 1572-8153
DOI: https://doi.org/10.1007/s11036-021-01846-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelektronik

ATZelectronics worldwide

Weitere Artikel der Ausgabe 6/2021

A Novel Visual Medical Image Encryption for Secure Transmission of Authenticated Watermarked Medical Images

Runtime Verification of Spatio-Temporal Specification Language

PR-RCUC: A POI Recommendation Model Using Region-Based Collaborative Filtering and User-Based Mobile Context

Tolerance-Oriented Wi-Fi Advertisement Scheduling: A Near Optimal Study on Accumulative User Interests

Edge User Allocation in Overlap Areas for Mobile Edge Computing

A Multi-modal Data Platform for Diagnosis and Prediction of Alzheimer’s Disease Using Machine Learning Methods