A user requirements-oriented privacy policy self-adaption scheme in cloud computing

doi:10.1007/s11704-022-1182-x

Front. Comput. Sci.

2023, Vol. 17

Issue (2) : 172203 https://doi.org/10.1007/s11704-022-1182-x

RESEARCH ARTICLE

A user requirements-oriented privacy policy self-adaption scheme in cloud computing

Changbo KE¹, Fu XIAO¹(

), Zhiqiu HUANG², Fangxiong XIAO³

¹. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210003, China
². College of computer science and technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016, China
³. School of Software Engineering, Jinling Institute of Technology, Nanjing 210000, China

Download: PDF(5090 KB) HTML
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract

In an ever-changing environment, Software as a Service (SaaS) can rarely protect users’ privacy. Being able to manage and control the privacy is therefore an important goal for SaaS. Once the participant of composite service is substituted, it is unclear whether the composite service satisfy user privacy requirement or not. In this paper, we propose a privacy policies automatic update method to enhance user privacy when a service participant change in the composite service. Firstly, we model the privacy policies and service variation rules. Secondly, according to the service variation rules, the privacy policies are automatically generated through the negotiation between user and service composer. Thirdly, we prove the feasibility and applicability of our method with the experiments. When the service quantity is 50, ratio that the services variations are successfully checked by monitor is 81%. Moreover, ratio that the privacy policies are correctly updated is 93.6%.

Keywords cloud computing SaaS service privacy protection privacy policies update

Corresponding Author(s): Fu XIAO

Issue Date: 04 August 2022

Cite this article:

Changbo KE,Fu XIAO,Zhiqiu HUANG, et al. A user requirements-oriented privacy policy self-adaption scheme in cloud computing[J]. Front. Comput. Sci., 2023, 17(2): 172203.

URL:

https://academic.hep.com.cn/fcs/EN/10.1007/s11704-022-1182-x
https://academic.hep.com.cn/fcs/EN/Y2023/V17/I2/172203

Fig.1 Composite service variation

Fig.2 E-commerce scenario

Fig.3 Roadmap for this method

Notation	Description
$C$	A privacy disclosure collection.
$P i$	A privacy item ( $P i ∈ C$ ).
$ℏ$	The disclosure constraints on the privacy item.
$O W P n i$	The service participant numbered as i, OWⁱ holds user privacy item $P n$ in a composite service.
Po	A policy that a privacy item P_i is disclosed to the service participant OWⁱ.
$T$	The credit constraint of service participants by official or service composer.
$P A$	The combination of the disclosure constraints and credit constraint.
$Q$	The constraint of Privacy Sensitivity Pair (PSP)
$ϑ$	The inputs and preconditions of the service participant.
$Ω$	A privacy item collection which contains the user exposable privacy items to composite service.
$r$	The real name of the user.
$− λ$	A user’s address which is provided without community information.
$ℓ$	A phone number of user’s office.
$N$	A name of user.
$?$	An address of user.
$UN$	A username when user login a service.
$χ$	The shopping information of user.
$d e g + (o w i)$	The in-degree of the service in the process graph of the service composition.
$d e g − (o w i)$	The out-degree of the service in the process graph of the service composition.

Tab.1 Standard definition of symbols used in this paper

Fig.4 The generation process of

C

Fig.5 The variation rules

Conditions & Graphics	Instance	Operations
		$o w ⋃ 1 n P i i (v t) ? 0$

Tab.2 Service exiting

Conditions	Graphics	Operations
$(d e g − (v) = 1) ∨ (d e g + (v) = 1)$ $(d e g − (v) ? 2) ∨ (d e g + (v) ? 2)$		$ϕ$ $C (ϑ, Q) ∧ M a t c h (P u ∡ P A, R s ∡ P A)$

Tab.3 Service participating

Fig.6 The relationship between |S| and

| C |

Fig.7 The effect of

| Q |

increase on the efficiency for generating

C

Fig.8 Factors that affect the efficiency for PA generation

Fig.9 Efficiency comparison for Po generation

Fig.10 Ratio that the Services Variations (SV) are successfully checked by monitor

Fig.11 Ratio that the privacy policies are correctly updated

1	B Hayes. Cloud computing. Communications of the ACM, 2008, 51( 7): 9– 11
2	M, Jensen J, Schwenk N, Gruschka L L Iacono. On technical security issues in cloud computing. In: Proceedings of the 2009 IEEE International Conference on Cloud Computing. 2009, 109– 116
3	A H H, Ngu M P, Carlson Q Z, Sheng H Y Paik. Semantic-based mashup of composite applications. IEEE Transactions on Services Computing, 2010, 3( 1): 2– 15
4	M, Zhou R, Zhang W, Xie W, Qian A Zhou. Security and privacy in cloud computing: a survey. In: Proceedings of the 6th International Conference on Semantics, Knowledge and Grids. 2010, 105– 112
5	H, Takabi J B D, Joshi G J Ahn. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 2010, 8( 6): 24– 31
6	V, Andrikopoulos S, Benbernou M P Papazoglou. On the evolution of services. IEEE Transactions on Software Engineering, 2012, 38( 3): 609– 628
7	C, Ke Z, Huang X Cheng. Privacy disclosure checking method applied on collaboration interactions among SaaS services. IEEE Access, 2017, 5: 15080– 15092
8	J, Qi B, Xu Y, Xue K, Wang Y Sun. Knowledge based differential evolution for cloud computing service composition. Journal of Ambient Intelligence and Humanized Computing, 2018, 9( 3): 565– 574
9	S E, Chang A Y, Liu W C Shen. User trust in social networking services: a comparison of Facebook and LinkedIn. Computers in Human Behavior, 2017, 69: 207– 217
10	V, Chang M Ramachandran. Towards achieving data security with the cloud computing adoption framework. IEEE Transactions on Services Computing, 2016, 9( 1): 138– 151
11	V V H, Pham X, Liu X, Zheng M, Fu S V, Deshpande W, Xia R, Zhou M Abdelrazek. PaaS-black or white: an investigation into software development model for building retail industry SaaS. In: Proceedings of the 39th IEEE/ACM International Conference on Software Engineering Companion (ICSE-C). 2017, 285– 287
12	W, Song H A, Jacobsen C, Zhang X Ma. Dependence-based data-aware process conformance checking. IEEE Transactions on Services Computing, 2021, 14( 3): 654– 667 https://doi.org/10.1109/TSC.2018.2821685
13	M, Guzek P, Bouvry E G Talbi. A survey of evolutionary computation for resource management of processing in cloud computing. IEEE Computational Intelligence Magazine, 2015, 10( 2): 53– 67
14	L, Zhang X Y, Li K, Liu T, Jung Y Liu. Message in a sealed bottle: privacy preserving friending in mobile social networks. IEEE Transactions on Mobile Computing, 2015, 14( 9): 1888– 1902
15	Q, Ma S, Zhang T, Zhu K, Liu L, Zhang W, He Y Liu. PLP: Protecting location privacy against correlation analyze Attack in crowdsensing. IEEE Transactions on Mobile Computing, 2017, 16( 9): 2588– 2598
16	C, Ke F, Xiao Z, Huang Y, Meng Y Cao. Ontology-based privacy data chain disclosure discovery method for big data. IEEE Transactions on Services Computing, 2022, 15( 1): 59– 68
17	C, Lutz M Miličić. A tableau algorithm for description logics with concrete domains and general tboxes. Journal of Automated Reasoning, 2007, 38( 1): 227– 259
18	I, Reay S, Dick J Miller. A large-scale empirical study of P3P privacy policies: stated actions vs. legal obligations. ACM Transactions on the Web, 2009, 3( 2): 6
19	I, Hadar T, Hasson O, Ayalon E, Toch M, Birnhack S, Sherman A Balissa. Privacy by designers: software developers’ privacy mindset. Empirical Software Engineering, 2018, 23( 1): 259– 289
20	J M, Such M Rovatsos. Privacy policy negotiation in social media. ACM Transactions on Autonomous and Adaptive Systems, 2016, 11( 1): 4
21	Y, Lee D, Sarangi O, Kwon M Y Kim. Lattice based privacy negotiation rule generation for context-aware service. In: Proceedings of the 6th International Conference on Ubiquitous Intelligence and Computing. 2009, 340– 352
22	C, Ke Z, Huang M Tang. Supporting negotiation mechanism privacy authority method in cloud computing. Knowledge-Based Systems, 2013, 51: 48– 59
23	S E, Tbahriti C, Ghedira B, Medjahed M Mrissa. Privacy-enhanced web service composition. IEEE Transactions on Services Computing, 2014, 7( 2): 210– 222
24	J, Bhatia T D Breaux. Semantic incompleteness in privacy policy goals. In: Proceedings of the 26th IEEE International Requirements Engineering Conference (RE). 2018, 159– 169
25	L, Yu T, Zhang X, Luo L, Xue H Chang. Toward automatically generating privacy policy for android apps. IEEE Transactions on Information Forensics and Security, 2017, 12( 4): 865– 880
26	S, Zimmeck S M Bellovin. Privee: An architecture for automatically analyzing web privacy policies. In: Proceedings of the 23rd USENIX Security Symposium. 2014, 1– 16
27	A I, Anton J B, Earp Q, He W, Stufflebeam D, Bolchini C Jensen. Financial privacy policies and the need for standardization. IEEE Security & Privacy, 2004, 2( 2): 36– 45
28	A K, Massey J, Eisenstein A I, Antón P P Swire. Automated text mining for requirements analysis of policy documents. In: Proceedings of the 21st IEEE International Requirements Engineering Conference (RE). 2013, 4– 13
29	J, Bhatia T D Breaux. A data purpose case study of privacy policies. In: Proceedings of the 25th IEEE International Requirements Engineering Conference (RE). 2017, 394– 399
30	T D, Breaux D, Smullen H Hibshi. Detecting repurposing and over-collection in multi-party privacy requirements specifications. In: The 23rd IEEE International Requirements Engineering Conference (RE). 2015, 166– 175
31	A C, Squicciarini D, Lin S, Sundareswaran J Wede. Privacy policy inference of user-uploaded images on content sharing sites. IEEE Transactions on Knowledge and Data Engineering, 2015, 27( 1): 193– 206
32	T, Linden R, Khandelwal H, Harkous K Fawaz. The privacy policy landscape after the GDPR. Proceedings on Privacy Enhancing Technologies, 2020, 2020( 1): 47– 64
33	S, Wilson F, Schaub F, Liu K M, Sathyendra D, Smullen S, Zimmeck R, Ramanath P, Story F, Liu N, Sadeh N A Smith. Analyzing privacy policies at scale: from crowdsourcing to automated annotations. ACM Transactions on the Web, 2019, 13( 1): 1
34	L, Yu X, Luo C, Qian S, Wang H K Leung. Enhancing the description-to-behavior fidelity in android apps with privacy policy. IEEE Transactions on Software Engineering, 2018, 44( 9): 834– 854
35	L, Yu X, Luo J, Chen H, Zhou T, Zhang H, Chang H K N Leung. PPChecker: towards accessing the trustworthiness of android Apps’ privacy policies. IEEE Transactions on Software Engineering, 2021, 47( 2): 221– 242 https://doi.org/10.1109/TSE.2018.2886875
36	A, Khurat B, Suntisrivaraporn D Gollmann. Privacy policies verification in composite services using OWL. Computers & Security, 2017, 67: 122– 141
37	R N, Zaeem R L, German K S Barber. PrivacyCheck: automatic summarization of privacy policies using data mining. ACM Transactions on Internet Technology, 2018, 18( 4): 53
38	J M, Such N Criado. Resolving multi-party privacy conflicts in social media. IEEE Transactions on Knowledge and Data Engineering, 2016, 28( 7): 1851– 1863
39	X, Wang X, Qin M B, Hosseini R, Slavin T D, Breaux J Niu. Guileak: Tracing privacy policy claims on user input data for android applications. In: Proceedings of the 40th IEEE/ACM International Conference on Software Engineering (ICSE). 2018, 37− 47
40	F, Amato L, Coppolino S, D’Antonio N, Mazzocca F, Moscato L Sgaglione. An abstract reasoning architecture for privacy policies monitoring. Future Generation Computer Systems, 2020, 106: 393– 400
41	M, Ouederni G, Salaün E Pimentel. Client update: a solution for service evolution. In: Proceedings of 2011 IEEE International Conference on Services Computing. 2011, 394− 401
42	S H, Ryu F, Casati H, Skogsrud B, Benatallah R Saint-Paul. Supporting the dynamic evolution of web service protocols in service-oriented architectures. ACM Transactions on the Web, 2008, 2( 2): 13
43	L, Wu Y, Ge Q, Liu E, Chen R, Hong J, Du M Wang. Modeling the evolution of users’ preferences and social links in social networking services. IEEE Transactions on Knowledge and Data Engineering, 2017, 29( 6): 1240– 1253
44	M, Robol T D, Breaux E, Paja P Giorgini. Consent verification under evolving privacy policies. In: Proceedings of the 27th IEEE International Requirements Engineering Conference (RE). 2019, 422− 427
45	Z, Alom B, Carminati E Ferrari. Adapting users’ privacy preferences in smart environments. In: Proceedings of the 2019 IEEE International Congress on Internet of Things (ICIOT). 2019, 165− 172
46	K P, Joshi A, Gupta S, Mittal C, Pearce A, Joshi T Finin. Semantic approach to automating management of big data privacy policies. In: Proceedings of the 2016 IEEE International Conference on Big Data (Big Data). 2016, 482− 491
47	R, Slavin X, Wang M B, Hosseini J, Hester R, Krishnan J, Bhatia T D, Breaux J Niu. Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the 38th International Conference on Software Engineering. 2016, 25− 36
48	Y, Li Y, Zhang H, Zhu S Du. Toward automatically generating privacy policy for smart home apps. In: Proceedings of IEEE INFOCOM 2021-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). 2021, 1− 7

[1]

FCS-21182-OF-CK_suppl_1

Download

[1]	Kun WANG, Song WU, Shengbang LI, Zhuo HUANG, Hao FAN, Chen YU, Hai JIN. Precise control of page cache for containers[J]. Front. Comput. Sci., 2024, 18(2): 182102-.
[2]	Shiwei LU, Ruihu LI, Wenbin LIU. FedDAA: a robust federated learning framework to protect privacy and defend against adversarial attack[J]. Front. Comput. Sci., 2024, 18(2): 182307-.
[3]	Ashish SINGH, Abhinav KUMAR, Suyel NAMASUDRA. DNACDS: Cloud IoE big data security and accessing scheme based on DNA cryptography[J]. Front. Comput. Sci., 2024, 18(1): 181801-.
[4]	Xingxin LI, Youwen ZHU, Rui XU, Jian WANG, Yushu ZHANG. Indexing dynamic encrypted database in cloud for efficient secure k-nearest neighbor query[J]. Front. Comput. Sci., 2024, 18(1): 181803-.
[5]	Jianwei LI, Xiaoming WANG, Qingqing GAN. SEOT: Secure dynamic searchable encryption with outsourced ownership transfer[J]. Front. Comput. Sci., 2023, 17(5): 175812-.
[6]	Sedigheh KHOSHNEVIS. A search-based identification of variable microservices for enterprise SaaS[J]. Front. Comput. Sci., 2023, 17(3): 173208-.
[7]	Rong ZENG, Xiaofeng HOU, Lu ZHANG, Chao LI, Wenli ZHENG, Minyi GUO. Performance optimization for cloud computing systems in the microservice era: state-of-the-art and research opportunities[J]. Front. Comput. Sci., 2022, 16(6): 166106-.
[8]	Kaiyue ZHANG, Xuan SONG, Chenhan ZHANG, Shui YU. Challenges and future directions of secure federated learning: a survey[J]. Front. Comput. Sci., 2022, 16(5): 165817-.
[9]	Zhengxiong HOU, Hong SHEN, Xingshe ZHOU, Jianhua GU, Yunlan WANG, Tianhai ZHAO. Prediction of job characteristics for intelligent resource allocation in HPC systems: a survey and future directions[J]. Front. Comput. Sci., 2022, 16(5): 165107-.
[10]	Zhangjie FU, Yan WANG, Xingming SUN, Xiaosong ZHANG. Semantic and secure search over encrypted outsourcing cloud based on BERT[J]. Front. Comput. Sci., 2022, 16(2): 162802-.
[11]	Arpita BISWAS, Abhishek MAJUMDAR, Soumyabrata DAS, Krishna Lal BAISHNAB. OCSO-CA: opposition based competitive swarm optimizer in energy efficient IoT clustering[J]. Front. Comput. Sci., 2022, 16(1): 161501-.
[12]	Yao QIN, Hua WANG, Shanwen YI, Xiaole LI, Linbo ZHAI. A multi-objective reinforcement learning algorithm for deadline constrained scientific workflow scheduling in clouds[J]. Front. Comput. Sci., 2021, 15(5): 155105-.
[13]	Wei ZHENG, Ying WU, Xiaoxue WU, Chen FENG, Yulei SUI, Xiapu LUO, Yajin ZHOU. A survey of Intel SGX and its applications[J]. Front. Comput. Sci., 2021, 15(3): 153808-.
[14]	Najme MANSOURI, Mohammad Masoud JAVIDI, Behnam Mohammad Hasani ZADE. Hierarchical data replication strategy to improve performance in cloud computing[J]. Front. Comput. Sci., 2021, 15(2): 152501-.
[15]	Jiayang LIU, Jingguo BI, Mu LI. Secure outsourcing of large matrix determinant computation[J]. Front. Comput. Sci., 2020, 14(6): 146807-.

Viewed

Full text

Abstract

Cited

Shared

Discussed