Similar to Roman Khazankin (Vienna University of Technology): Providence: A Framework for Private Data Propagation Control in Service-Oriented Systems (20)
7. Private data disclosures Private information: Name: John Johnson Address : 1040 Example st. 2/3 Loan: 250 000 $ Date: 01.01.2010 …… <entry when=“1/1/10”> <n>Johnson J.</n> <sum>250,000</sum> </entry> …… ( Name(“ John Johnson ”) OR Address(“ 1040 Example st. 2/3 ”) ) AND Amount( 250000 ) AND Date( 01.01.2010 ) Disclosure specification: Possible detectable form Primitives: (used by content inspection) Name(“ John Johnson ”) Address(“ 1040 Example st. 2/3 ”) Amount( 250000 ) Date( 01.01.2010 )
8.
9.
10. Example Process 1 S1 S2 S3 Process 2 Context = {Process 1} Promise = { Only for system administration } Context = {Process 2} Promise = { System administration, Marketing } D1 Disclosure D1 Policy = {System administration, research and development} D1 D1
How is this information spread across the system? How is it used eventually? What can we guarantee?
Very basic depiction of content inspection tool. This abstraction is referred as inspection engine further.
To make the framework generally applicable to any SOA, we propose to use content inspection on exchanged messages. If any private information is detected in the message then it is of our interest in which context this disclosure occurs.
Private information example Corresponding primitives How to aggregate them in a disclosure A fragment of the message which “contains” the disclosure.
Actually, a policy is checked against all promises of supercontexts.