TY - JOUR
T1 - Privacy in Data Service Composition
AU - Barhamgi, Mahmoud
AU - Perera, Charith
AU - Yu, Chia-Mu
AU - Benslimane, Djamal
AU - Camacho, David
AU - Bonnet, Christine
N1 - Publisher Copyright:
© 2008-2012 IEEE.
PY - 2020/7
Y1 - 2020/7
N2 - In modern information systems different information features, about the same individual, are often collected and managed by autonomous data collection services that may have different privacy policies. Answering many end-users' legitimate queries requires the integration of data from multiple such services. However, data integration is often hindered by the lack of a trusted entity, often called a mediator, with which the services can share their data and delegate the enforcement of their privacy policies. In this article, we propose a flexible privacy-preserving data integration approach for answering data integration queries without the need for a trusted mediator. In our approach, services are allowed to enforce their privacy policies locally. The mediator is considered to be untrusted, and only has access to encrypted information to allow it to link data subjects across the different services. Services, by virtue of a new privacy requirement, dubbed kk-Protection, limiting privacy leaks, cannot infer information about the data held by each other. End-users, in turn, have access to privacy-sanitized data only. We evaluated our approach using an example and a real dataset from the healthcare application domain. The results are promising from both the privacy preservation and the performance perspectives.
AB - In modern information systems different information features, about the same individual, are often collected and managed by autonomous data collection services that may have different privacy policies. Answering many end-users' legitimate queries requires the integration of data from multiple such services. However, data integration is often hindered by the lack of a trusted entity, often called a mediator, with which the services can share their data and delegate the enforcement of their privacy policies. In this article, we propose a flexible privacy-preserving data integration approach for answering data integration queries without the need for a trusted mediator. In our approach, services are allowed to enforce their privacy policies locally. The mediator is considered to be untrusted, and only has access to encrypted information to allow it to link data subjects across the different services. Services, by virtue of a new privacy requirement, dubbed kk-Protection, limiting privacy leaks, cannot infer information about the data held by each other. End-users, in turn, have access to privacy-sanitized data only. We evaluated our approach using an example and a real dataset from the healthcare application domain. The results are promising from both the privacy preservation and the performance perspectives.
KW - Web privacy
KW - privacy-preserving web data integration
KW - service composition
KW - web services
UR - http://www.scopus.com/inward/record.url?scp=85083742636&partnerID=8YFLogxK
U2 - 10.1109/TSC.2019.2963309
DO - 10.1109/TSC.2019.2963309
M3 - Article
AN - SCOPUS:85083742636
SN - 1939-1374
VL - 13
SP - 639
EP - 652
JO - IEEE Transactions on Services Computing
JF - IEEE Transactions on Services Computing
IS - 4
M1 - 8946749
ER -