Providence:  A Framework for Private Data Propagation Control in Service-Oriented Systems Roman Khazankin Vienna Universit...
Problem statement SOA Private data <ul><li>How is the private information propagated throughout the system? </li></ul><ul>...
Related work <ul><li>Private information is guarded in a single source </li></ul><ul><li>Privacy issues are considered onl...
Content Inspection <ul><li>Well-developed algorithms and tools for detecting pre-loaded information in   network  transmis...
Content Inspection
Message exchange monitoring Sender Receiver <ul><li>Context </li></ul><ul><li>Time </li></ul><ul><li>Application </li></ul...
Private data disclosures Private information: Name:  John Johnson Address :  1040 Example st. 2/3 Loan:  250 000  $ Date: ...
Contexts <ul><li>A context can be a  subcontext  of another context. </li></ul><ul><li>If a disclosure occurs in context C...
Privacy policies and promises <ul><li>A privacy  promise  may be assigned to a  context </li></ul><ul><li>A privacy  polic...
Example Process 1 S1 S2 S3 Process 2 Context = {Process 1} Promise = { Only for system administration } Context = {Process...
Logging disclosure occurrences <ul><li>Disclosure occurrences log enables for more functionality: </li></ul><ul><li>Which ...
Architecture
Conclusion <ul><li>A framework which allows to control the private data propagation in SOA </li></ul><ul><li>Loose couplin...
<ul><li>Thank you for attention.   </li></ul><ul><li>Authors </li></ul><ul><li>Roman Khazankin, TU Vienna </li></ul><ul><l...
Upcoming SlideShare
Loading in …5
×

Roman Khazankin (Vienna University of Technology): Providence: A Framework for Private Data Propagation Control in Service-Oriented Systems

627 views
533 views

Published on

Roman Khazankin (Vienna University of Technology): Providence: A Framework for Private Data Propagation Control in Service-Oriented Systems

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
627
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • How is this information spread across the system? How is it used eventually? What can we guarantee?
  • Very basic depiction of content inspection tool. This abstraction is referred as inspection engine further.
  • To make the framework generally applicable to any SOA, we propose to use content inspection on exchanged messages. If any private information is detected in the message then it is of our interest in which context this disclosure occurs.
  • Private information example Corresponding primitives How to aggregate them in a disclosure A fragment of the message which “contains” the disclosure.
  • Actually, a policy is checked against all promises of supercontexts.
  • Roman Khazankin (Vienna University of Technology): Providence: A Framework for Private Data Propagation Control in Service-Oriented Systems

    1. 1. Providence: A Framework for Private Data Propagation Control in Service-Oriented Systems Roman Khazankin Vienna University of Technology
    2. 2. Problem statement SOA Private data <ul><li>How is the private information propagated throughout the system? </li></ul><ul><li>- For which purposes is it used? </li></ul>
    3. 3. Related work <ul><li>Private information is guarded in a single source </li></ul><ul><li>Privacy issues are considered only within particular process </li></ul><ul><li>Approach requires interference with business logic of services </li></ul><ul><li>No general case, practical solutions </li></ul>
    4. 4. Content Inspection <ul><li>Well-developed algorithms and tools for detecting pre-loaded information in network transmissions . </li></ul><ul><li>Successfully applied in DLP (Data Loss Prevention) solutions </li></ul>
    5. 5. Content Inspection
    6. 6. Message exchange monitoring Sender Receiver <ul><li>Context </li></ul><ul><li>Time </li></ul><ul><li>Application </li></ul><ul><li>Process </li></ul><ul><li>Credentials </li></ul><ul><li>… </li></ul>Content Inspection
    7. 7. Private data disclosures Private information: Name: John Johnson Address : 1040 Example st. 2/3 Loan: 250 000 $ Date: 01.01.2010 …… <entry when=“1/1/10”> <n>Johnson J.</n> <sum>250,000</sum> </entry> …… ( Name(“ John Johnson ”) OR Address(“ 1040 Example st. 2/3 ”) ) AND Amount( 250000 ) AND Date( 01.01.2010 ) Disclosure specification: Possible detectable form Primitives: (used by content inspection) Name(“ John Johnson ”) Address(“ 1040 Example st. 2/3 ”) Amount( 250000 ) Date( 01.01.2010 )
    8. 8. Contexts <ul><li>A context can be a subcontext of another context. </li></ul><ul><li>If a disclosure occurs in context C1 which is subcontext of context C2, then it also occurs in C2 </li></ul>Example. Context = {Process A, Receiver = Endpoint1} is subcontext of Context = {Process A}
    9. 9. Privacy policies and promises <ul><li>A privacy promise may be assigned to a context </li></ul><ul><li>A privacy policy may be assigned to a disclosure </li></ul><ul><li>Policies and promises are comparable (we can check if a promise satisfies a policy) </li></ul><ul><li>So if a disclosure occurs in a context, we can check the promise against the policy </li></ul>
    10. 10. Example Process 1 S1 S2 S3 Process 2 Context = {Process 1} Promise = { Only for system administration } Context = {Process 2} Promise = { System administration, Marketing } D1 Disclosure D1 Policy = {System administration, research and development} D1 D1
    11. 11. Logging disclosure occurrences <ul><li>Disclosure occurrences log enables for more functionality: </li></ul><ul><li>Which disclosures occur in specified context? </li></ul><ul><li>In which contexts disclosure of specified type occurs? </li></ul><ul><li>What promise is enough for specified context to keep compliant with current private data usage practices? </li></ul><ul><li>How is the private data of specified type actually used? </li></ul><ul><li>What if we want to set another policy for private data or context, what violations will it produce for the current environment? </li></ul>
    12. 12. Architecture
    13. 13. Conclusion <ul><li>A framework which allows to control the private data propagation in SOA </li></ul><ul><li>Loose coupling with the system (can be deployed, e.g. at ESB level) </li></ul><ul><li>Different specifications can be used for policies and contexts </li></ul>
    14. 14. <ul><li>Thank you for attention. </li></ul><ul><li>Authors </li></ul><ul><li>Roman Khazankin, TU Vienna </li></ul><ul><li>Schahram Dustdar, TU Vienna </li></ul>

    ×