Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

A Service-Based Framework for Flexible Business Processes

This article describes a framework for the design and enactment of flexible and adaptive business processes. It combines design-time and run-time mechanisms to offer a single integrated solution. The design-time environment supports the specification of process-drivenWeb applications with Quality of Service (QoS) constraints and monitoring annotations. The runtime identifies the actual services, from the QoS perspective, oversees the execution through monitoring, and reacts to failures and infringement of QoS constraints. The article also discusses these issues on a proof of concept application developed for an industrial supply chain scenario

Minimizing disclosure of private information in credential-based interactions : a graph-based approach

We address the problem of enabling clients to regulate disclosure of their credentials and properties when interacting with servers in open scenarios. We provide a means for clients to specify the sensitivity of information in their portfolio at a fine-grain level and to determine the credentials and properties to disclose to satisfy a server request while minimizing the sensitivity of the information disclosed. Exploiting a graph modeling of the problem, we develop a heuristic approach for determining a disclosure minimizing released information, that offers execution times compatible with the requirements of interactive access to Web resources

ASSERT4SOA: Toward Security Certification of Service-Oriented Applications

ASSERT4SOA project proposes machine readable certificates to be used to allow Web service requesters to automatically assess the security properties of Web services (and their providers) as certified by a trusted third party. This vision promises to open up an entire new market for certification services

Supporting user privacy preferences on information release in open scenarios

Access control solutions for open systems are typically based on the assumption that a client may adopt approached speci\ufb01cally designed for the server to protect the disclosure of her sensitive information. These solutions however do not consider the speci\ufb01c privacy requirements characterizing the client. In this paper, we put forward the idea of adopting a di\ufb00erent model at the client-side, aimed at minimizing the amount of sensitive information released to a server. The model should be based on a formal modeling of the client portfolio and should easily support the de\ufb01nition of privacy preferences and disclosure limitations for empowering the user in the release of her personal information

A Declarative Framework for Specifying and Enforcing Purpose-aware Policies

Purpose is crucial for privacy protection as it makes users confident that their personal data are processed as intended. Available proposals for the specification and enforcement of purpose-aware policies are unsatisfactory for their ambiguous semantics of purposes and/or lack of support to the run-time enforcement of policies. In this paper, we propose a declarative framework based on a first-order temporal logic that allows us to give a precise semantics to purpose-aware policies and to reuse algorithms for the design of a run-time monitor enforcing purpose-aware policies. We also show the complexity of the generation and use of the monitor which, to the best of our knowledge, is the first such a result in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International Workshop on Security and Trust Management (STM 2015

Données quantitatives en anthropologie biologique : regards croisés

International audienc

Analytical composite performance models for Big Data applications

In the era of Big Data, whose digital industry is facing the massive growth of data size and development of data intensive software, more and more companies are moving to use new frameworks and paradigms capable of handling data at scale. The outstanding MapRe- duce (MR) paradigm and its implementation framework, Hadoop are among the most re- ferred ones, and basis for later and more advanced frameworks like Tez and Spark. Accurate prediction of the execution time of a Big Data application helps improving design time de- cisions, reduces over allocation charges, and assists budget management. In this regard, we propose analytical models based on the Stochastic Activity Networks (SANs) to accurately model the execution of MR, Tez and Spark applications in Hadoop environments governed by the YARN Capacity scheduler. We evaluate the accuracy of the proposed models over the TPC-DS industry benchmark across different configurations. Results obtained by numeri- cally solving analytical SAN models show an average error of 6% in estimating the execution time of an application compared to the data gathered from experiments and moreover the model evaluation time is lower than simulation time of state of the art solutions

Data security issues in cloud scenarios

The amount of data created, stored, and processed has enormously increased in the last years. Today, millions of devices are connected to the Internet and generate a huge amount of (personal) data that need to be stored and processed using scalable, efficient, and reliable computing infrastructures. Cloud computing technology can be used to respond to these needs. Although cloud computing brings many benefits to users and companies, security concerns about the cloud still represent the major impediment for its wide adoption. We briefly survey the main challenges related to the storage and processing of data in the cloud. In particular, we focus on the problem of protecting data in storage, supporting fine-grained access, selectively sharing data, protecting query privacy, and verifying the integrity of computations