TY - JOUR
AU - Wakrime, Abderrahim, Ait
AB - Abstract Cloud Computing-based Software as a Service (SaaS) combines multiple Web Services in order to satisfy an SaaS request. SaaS is based on service-oriented architecture and Web Service technology which are popular paradigm to design new generation of applications. In addition, SaaS composition can maintain Data as a Service (DaaS) to answer the needs of a customer that cannot be satisfied by a single Web Service. SaaS/DaaS composition may reveal privacy sensitive information. In this paper, we propose a formal model of privacy in order to verify compatibility of services involved in this composition in terms of their privacy capabilities. We propose a new technique that translates the problem of minimum SaaS/DaaS Web Services Composition within preserved-privacy into Satisfiability problem. We propose also a generalization of this approach to take into account the Quality of Service. In order to show that our approach is feasible and efficient in practice, experiment results are provided as a benchmark. 1. INTRODUCTION Nowadays Cloud Computing (CC) provides applications as services over the Internet. For that purpose, hardware and systems software in the datacentres are facilitating the cloud-based services user requests. CC offers a guaranteed economy of scale, shortens the maintenance time and reduces implementation cost. CC is based on cloud resources shared and reallocated by multiple customers in order to reduce the risk. The services provided are classified in the three main layers, as shown in Fig. 1: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). First, IaaS offers access to computing resources in a virtualized environment providing servers, storage, backup and network. Second, PaaS provides platform and computing environment necessary for developers to implement their own various services and applications on the Internet. Third, SaaS refers to any cloud service that allows customers to have access to applications over the Internet. Figure 1. Open in new tabDownload slide Architecture layers of cloud computing. Figure 1. Open in new tabDownload slide Architecture layers of cloud computing. SaaS uses the service concept as a main unit to develop and build complex and distributed applications. This architecture is based on Web technology to establish and manage communication between its services. In this context, a Web Service (WS) is a module containing operations and data structures which are used to implement its functionality. Thus, this module is used as a black-box that we can reuse and deploy. A WS can be also used as a communication program and data exchange between heterogeneous applications not based on WSs. This communication is based on standard technologies and protocols. WSs are widely perceived as a standard way for the integration of applications on Web. These applications are based on a service-oriented architecture to achieve encapsulation from different providers as services. In fact, these applications can be published, invoked and composed using a weak coupling. Recently, WSs became a popular means to publish and share data on the Web. Indeed, these data can be used as a service using a new type of service called Data as a Service (DaaS). Modern companies are shifting to a WS-oriented architecture for sharing data on the Web. They provide their data as WSs called DaaS WSs. DaaS is similar to SaaS in terms of stored information and access management. DaaS provides a simplified view and built in real time. It provides data from a diverse providers to fulfill requests from various customers. In Fig. 1, the DaaS position is depicted in the complete architecture layer for CC stack, exactly, within SaaS layer to couple them in order to enrich the SaaS WSs. When a single WS does not respond to an application or customer’s request, the Web Services Composition (WSC) in CC is a challenge and it is defined as a process to select and combine a set of atomic or composite WSs to meet the customers requirements. This process is to automatically find a sequence of WSs satisfying the customer’s request that aims at integrating data from diverse data providers. However, SaaS composition may reveal privacy-sensitive data with DaaS. Privacy is an important issue for CC in terms of legal compliance and customer trust. Indeed, privacy preservation is becoming a priority in WSC. This paper focuses on a privacy-preserving approach in SaaS layer within DaaS in WSC. In privacy-preserving WSC and selection approach, some research studies are proposed to express the privacy without using a formal method to verify compatibility between privacy policies and requirements. In our previous work, we proposed a Relaxation SaaS solution to repair the failed customer query by rewriting it with an approximation [1]. It is based on an incremental approach that exploits a formal method Quantified Satisfiability to repair the query and provide an alternative SaaS that leads to a successful request close to the original one. In this paper, we propose a privacy-preserving approach to compose a CC WSs based on SAT solving. SAT problem is the problem of checking whether a set of Boolean clauses is satisfiable or not i.e. if there exists an interpretation that satisfies a given propositional logic formula. SAT is central to many domains of computer science and Artificial Intelligence (theorem proving, planning, non-monotonic reasoning, electronic design automation or knowledge-based verification and validation). During the last two decades, SAT has gained considerable audience with the advent of a new generation of SAT solvers. On the other hand, some research effort focused more on analysing unsatisfiability by seeking for enumerating minimal unsatisfiability i.e. minimal subsets of clauses that are unsatisfiable because they are considered as explanation of the unsatisfiability. Indeed, Minimally Unsatisfiable Subformulas (MUS) find a wide range of practical applications, including product configuration, knowledge-based validation, hardware/software design and verification. MUSes also find application in recent Maximum Satisfiability algorithms and in Conjunctive Normal Form (CNF) formula redundancy removal. Besides direct applications in Propositional Logic, algorithms for MUS extraction have been applied to more expressive logics. In this paper, we propose an alternative solution for composition approaches based on SAT problem to preserve the privacy of data exchanged between WSs. A bottom up encoding allows us to encode the composition problem as a problem of finding a SAT problem with a best Quality of Service (QoS). The proposed approach is based on privacy compatibility among interconnected services. The privacy compatibility is investigated with a compatibility matching between available data and composed WSs. To summarize, we propose a compatibility matching approach to check privacy compatibility, as regards Personally Identifiable Information, between WSs within a composition. The rest of the paper is organized as follows. Section 2 provides a motivating example. Section 3 reviews related efforts. Section 4 describes some preliminaries definitions and notations used in this paper. Section 5 explains the proposed approach-based Satisfiability which is intended to privacy preservation in WSC with QoS. Section 6 discusses some experimental results of using our approach for making QoS-based privacy WSC. Finally, Section 7 summarizes this work and opening new perspectives. 2. MOTIVATION CC represents an efficient and promised technique to provide complex applications in various domains e.g. a WS represents a major element for each cloud exactly on the SaaS or DaaS. To build each application on the SaaS or DaaS, it is important to compose these services in order to facilitate their operation to the end-user. Moreover, the composition needs to be well defined in order to ensure that the SaaS or DaaS can provide a data as a service with a preserved-privacy and a high level of a QoS. Currently, the privacy has gained the interest of the researchers while composing an SaaS WSs or DaaS WSs in CC. In fact, privacy issue presents a strong barrier for cloud customers to adapt into CC systems. However, an optimal WSC with preserved-privacy is usually related to its quality. To achieve an optimal composition with improved QoS and to protect the privacy of data that are collected, stored and shared by SaaS services or DaaS services, we propose in this paper, a new approach to find shortest sequence of WSs taking into account privacy when satisfying CC requests with a guaranteed best QoS. This approach is proposed to maintain data privacy required by current legislation in CC. To motivate and illustrate our approach, we introduce the problem of SaaS WSC within privacy-preserving DaaS using an example. In this typical example, we have an e-insurance system exporting the set of SaaS WSs and DaaS WSs in Fig. 2. Figure 2. Open in new tabDownload slide E-insurance system with SaaS and DaaS Web Services. Figure 2. Open in new tabDownload slide E-insurance system with SaaS and DaaS Web Services. A customer sends a request that contains personal information for a car insurance with the best price and the best guarantee. For instance, to compare various offers of the car insurance from different providers or insurance companies, the customer sends a query containing his personal information like Name, CarModel, CarUse i.e. private use or professional use, KMPerYear i.e. how many kilometers a customer drives per year. When a comparator discovers insurance companies in order to determine the best offer to achieve customer’s request, the e-insurance system suggests to the customer selecting the method of payment. This method can be a service provided by SaaS or by DaaS. The SaaS WS Credit Card Payment has customer personal informations as input data. However, the DaaS WS PayPal Payment provides personal data that are already registered over the Internet. This WS is invoked on demand so that the consumers can make the payment directly. In short, the customer needs to discover the existing different insurance offers and selects the best one. In fact, he chooses the best payment method for him by invoking an SaaS WS like Credit Card Payment or DaaS WS as PayPal Payment. As shown previously, the services invocation has to ensure that the parameters of the services are compatible in terms of type and privacy of exchanged data. 3. RELATED WORK A number of research efforts have studied either WSC, QoS-based Web Services Composition, privacy preservation mechanisms in CC or formal method to model privacy. We provide an overview of some of these works as a context for the research discussed in the remainder of the paper. 3.1. Web Services Composition Different techniques have been proposed to deal with the WSC problem. In this context, huge research effort focused the use of graph-based and tree-based search Algorithms. In [2], an approach to automatic service composition is presented. The discovery and the matchmaking are based on semantic annotations of service properties based on input parameters, output parameters and goals of WS request provided by the requester. The approach uses a graph-based search algorithm to determine all possible composition and applies some measures to rank them such as acyclic tree structures. The authors in [3] presented a semantics-based technique for automatic WSC that uses Directed Acyclic Graph (DAG) as means to represent complex interactions, containing control flow, information flow and pre/post conditions. The authors in the previous work have not studied the performance of the proposed algorithms for search optimization in order to minimize the number of services in each composition. Another work is more related to use finite automata extended with parametric Boolean conditions in WSC problem such as [4]. 3.2. QoS-based WSC Another approach reduces the dynamic WSC to a Constraint Satisfaction Problem which is used to optimize service selection based on several criteria that are cost estimation and QoS [5]. In [6], an approach is presented which uses only QoS of the services for WS selection without customers QoS requirements. The presented approach recommends prospective service candidates to users by relaxing QoS constraints if no suitable or available WS could exactly fulfill user requirements. In [7], an approach called Probabilistic Hierarchical Refinement is presented to solve the optimal selection problem for the service composition. The defined approach provides a reduction of search space by eliminating the services which cannot participate in a composition. In addition, the found composition maximizes the overall QoS. Tan et al. [8] propose an approach based on genetic algorithms for searching for a recovery plan. Automated recovery is based on their QoS and is proposed when a WSC fall into the failure state i.e. a WS could not be accessed or unsatisfied the customer requirement. 3.3. Privacy in CC The works presented above do not address privacy over WSC. Recently, several privacy preservation mechanisms in CC have been developed opening new challenges. They are defined to offer the ability, for a person or a group of people, to protect them from privacy issues and also protect their private life information. This challenge of respecting privacy with composing WSs in CC is of major interest. For that, privacy preservation is becoming more important for the future development of CC technology, exactly, of the WS customers as well as service provider. In [9], the authors represent a set of mechanisms that cooperate to preserve citizen’s privacy using databases and WSs to manipulate the data. In addition, the work presented in [10] proposes an approach to assist customers and WS providers in the composition and selection of composite services preserving privacy. In another work [11], a privacy-preserving composition execution system is presented. In this work, composition of data services is represented as a DAG. The work in [12] aims at proposing a technique based on Binary search tree combined with weighted sum method to quantify the customer’s qualitative privacy preferences into a numerical value in order to fulfill the customer’s request. This work is inspired from the work presented in [13] to find an optimal path for service collaboration. In [14, 15], WSC problem is solved with a Boolean satisfiability solver by reducing this problem into a reachability problem on a state-transition system. On the other hand, numerous studies have been proposed, in the literature, to study the privacy concern in the CC. Most of them use different methods to model and treat the privacy. In [16], a privacy model is proposed for DaaS WSs. The model deals with privacy at input/output data and services operations exactly in service composition. This service composition approach checks compatibility among privacy requirements and policies within a composition to ensure privacy. Also, another attractive approach, in recent years, introduces a semantic-enabled architecture to select and compose data-providing services into an execution workflow for data integration [17]. It is based on a method to manipulate the semantic conflicts of data exchange between component services, such as the conversion between different measuring units. The proposed approach aims to automatically compose DaaS WSs published by heterogeneous health information systems. In summary, most of the privacy preservation approaches in SaaS and DaaS layers of CC do not use a formal method to model and verify WSC taking into account customer personal data privacy. This paper uses a formal method to model WSC and prohibiting disclosure customer personal data. The benefit of using Satisfiability is the simplicity of the model, use mathematical reasoning about the composition and eventually to justify it rigorously. The idea of using formal method to study privacy is not new. In [18], a logic-based framework, which uses a first-order extension of Computational Tree Logic, is presented to reason about the privacy protection provided by a Web application. The work in [19] proposes an approach which models a variety of privacy policy languages using Linear Time Logic. Our contribution is the modeling and reducing a WSC problem to CNF formula and ensuring privacy preservation over composition, which are not discussed in [18, 19]. This paper addresses the privacy-preserving problem that poses serious problem during interactions with CC. We can conclude that the main differences between our proposal approach and those presented above are the proposed formal approach, that exploits SAT problem, guarantees an SaaS and DaaS composition to resolve privacy concerns at the composition time with QoS. In addition, the transformation and the reduction to SAT are directly applied to find a composition without using the state-transition system and tree-based heuristic. We adapt also the idea of WSC by introducing a new formal definitions of Web Services and composition techniques using SAT, which is a well-known NP-complete problem for which there does not exist a scalable solution. SAT is adopted in this work to exploit the promising results of engineering efforts for a moderately large size of problems. 4. PRELIMINARIES Before presenting our SAT-based SaaS, we need to get some information and definitions about the Web Services and the basic concept of the semantic WSC to provide an SaaS and DaaS. In addition, we present some definitions, notations and technical background used in SAT problem. 4.1. Software as a Service In the SaaS and DaaS, WSs are composed to produce a complete program or application as a service accessed through the Internet. These services are proposed by multiple providers with the same features. The paradigm of Web Services based on SaaS that uses Internet such as infrastructure to operate and manage communication between the services. WS is as a black-box ready for reuse after its creation and deployment in the private or public network. In this section, we formalize the notion of Web Services, their composition and the privacy at WS interfaces. Thus, the customer will find a service that meets their needs with a specialized directory. To simplify the operation of a Web Service, it is a software component that receives a set of input data and generates a set of output data after the execution. WSs use standard technologies and protocols like XML to exchange data between them. Also, they use Web Services Description Language (WSDL) 2.01 to describe their functionality. Definition 4.1 A Web Service is a triple WSx=(IdWSx,InWSx,OutWSx)where IdWSxis the service identifier, InWSxis a set of typed input data ports and OutWSxis a set of typed output data ports. When ini∈InWSx and outj∈OutWSx ⁠, with i∈∣InWSx∣ and j∈∣OutWSx∣ ⁠, are ready to interact and communicate, generally, there is a junction relation between them. That is why it is necessary to check that: They have the same type: ini.type=outj.type or ini.type is a subtype of outj.type or outj.type is a subtype of ini.type ⁠. This type matching relation between ports Web Services is denoted by ⊵t ⁠. They are compatible in terms of privacy i.e. privacy attribute ini.Pv is compatible with privacy attribute outj.type which are declared as Mandatory (Mand) or Optional (Opt). This privacy compatibility classified under three categories: out.Pv=Opt and in.Pv=Opt ⁠, or out.Pv=Opt and in.Pv=Mand ⁠, or out.Pv=Mand and in.Pv=Mand ⁠. ⊵p denotes the privacy compatibility between ports Web Services. Definition 4.2 (Privacy Junction Function) Given two Web Services WS1=(IdWS1,InWS1,OutWS1)and WS2=(IdWS2,InWS2,OutWS2) ⁠, a privacy junction function returns true if in⊵toutand in⊵pout ⁠, such as in∈InWS2and out∈OutWS1 ⁠. In the following, we define fP as the function associating to each couple (ini,outj) the value 1 if the privacy junction function is satisfied between ini and outj and 0 otherwise. Web Services begin to populate our daily life and collect more and more data about our personal life. As explained above, privacy is a major concern in large of parts of the Web Services when exchanging information in the CC. Different privacy policies may be attached to different Web Service definition. A customer, which can be an customer person or an application, invokes Web Services in the CC by sending a request. This last contains its input data and its needs in terms of goals. Definition 4.3 The customer’s request wris defined as wr=〈rin,rout〉 ⁠, where rinis the customer input data and routrepresents the customer output data representing the desired objective. When a customer require features and a single WS does not respond to it request, it is important to combine or to compose several services to satisfy the request. In principle, a composition select a Web Service only if the privacy policy of this Web Service complies with its policy. Definition 4.4 Given a set of Web Services {WS1,WS2…WSn} ⁠, a composition is a sequence invoked sequentially or in parallel to satisfy the customer’s request wr=〈rin,rout〉 ⁠, such that rout⊆(rin∪OutWS1∪⋯∪OutWSn)and between each two ports connected the privacy junction function is satisfied i.e. the function fP=1 ⁠. 4.2. Propositional satisfiability In this section, after some preliminary definitions and notations, we introduce the most important computational features of modern SAT solvers. A CNF formula Σ is a conjunction (interpreted as a set) of clauses, where a clause is a disjunction (interpreted as a set) of literals. A literal is a positive (x) or negative (⁠ ¬x ⁠) Boolean variable. The two literals x and ¬x are called complementary. An unit clause is a clause with only one literal (called unit literal). An empty clause is interpreted as false, while an empty CNF formula is interpreted as true. A set of literals is complete if it contains one literal for each variable occurring in Σ and fundamental if it does not contain complementary literals. An interpretation I of a Boolean formula Σ associates a value I(x) to some of the variables x appearing in Σ. An interpretation can be represented by a fundamental set of literals, in the obvious way. A model of a formula Σ is an interpretation I that satisfies the formula, i.e. that satisfies all clauses of the formula. Finally, SAT is the problem of deciding whether a given CNF formula Σ admits a model or not. ⊨* denotes the logical consequence modulo unit propagation. Let us also mention that any propositional formula can be translated to an equi-satisfiable formula in CNF using Tseitin’s linear encoding [20]. Let us now briefly describe the basic components of CDCL-based SAT solvers [21, 22]. To be exhaustive, these solvers incorporate unit propagation (enhanced by efficient and lazy data structures), variable activity-based heuristic, literal polarity phase, clause learning, restarts and a learnt clauses database reduction policy. Typically, a SAT solver can be assimilated to a sequence of decision and unit propagation literals. Each literal chosen as a decision variable is affected to a new decision. If all literals are assigned, then I is a model of the formula and the formula is answered to be satisfiable. If a conflict is reached by unit propagation, a new clause is derived by conflict analysis [23] considered as a logical consequence of the initial problem. If an empty clause is derived, then the formula is answered to be unsatisfiable. 5. SAT-BASED SAAS In the following, we propose to simplify the encoding of WSC when the goal is to verify the existence of the SaaS/DaaS services composition that preserves privacy. Our technique aims to simplify the encoding the composition problem into CNF formula without considering variables representatives of the actions in the STRIPS and SATPlan models i.e. if a Web Service WSx is used this means that the input ports infer the output ports. Formally, the relation between WSx, its input data ports and its output data port can be spelled as follows: (⋀ink∈InWSxink)→WSxandWSx→(⋀outj∈OutWSxoutj) with k∈∣InWSx∣ ⁠, j∈∣OutWSx∣ ⁠, ink and outj are Boolean variables introduced to represent each input/output data ports. These implications can be easily translated into the following constraint with a set of clauses: (⋁ink∈InWSx¬ink∨WSx)∧⋀outj∈OutWSx(¬WSx∨outj).(1) When a WSx is used, this variable is propagated to true. To encode the privacy junction function, we need to allow for two Web Services to be linked i.e. allow the transmission between compatible input/output data ports satisfying the requirements of the privacy junction. That leads to the constraint (2) ⋀(outi,inj)∈INWS×OUTWS∣fP(outk,ink)=1outi→inj(2) The encoding represented above allows us to represent the set of WSs and their relation using a CNF formula. In the rest of the paper, we denotes by ΦS the CNF encoding of all SaaS/DaaS Web Services as in constraint (1). To illustrate our encoding, let us consider the composition that is represented in Fig. 3 between Find_Insurrance and Axa_Insurrance in the SaaS of Fig. 2. From Fig. 3, we can see that for both output data ports of Find_Insurrance Web Service and input data ports of Axa_Insurrance Web Service, the privacy junction function is satisfied i.e. fp=1 for each couple (in, out) such as in∈InAxa_Insurrance and out∈OutFind_Insurrance ⁠. As Fig. 3 shows, the three cases of privacy attribute, of Definition 4.2, are explicitly represented on each input/output data port, indeed, the privacy is preserved between these two Web Services. Figure 3. Open in new tabDownload slide Find_Insurrance and Axa_Insurrance Services Composition with preserved-privacy. Figure 3. Open in new tabDownload slide Find_Insurrance and Axa_Insurrance Services Composition with preserved-privacy. Using the two formulas representing our encoding, we get the following result: ΦS=(¬UserAccount⋁Find_Insurrance)∧(¬Find_Insurrance⋁Name∧CarModel∧CarUse∧KMPerYear)∧(¬Name∧¬CarModel∧¬CarUse∧¬KMPerYear⋁Axa_Insurrance)∧(¬Axa_Insurrance⋁InsurranceOffer). On the other hand, Fig. 4 shows a case where the privacy is violated after a WSC because the privacy junction function is not satisfied i.e. fp≠ 1, exactly, for the data ports couple KMPerYear. In this case, the Axa_Insurrance Web Services not adopted, for that, it is necessary to replace it by another WS which provides the same services. Proposition 1 Let 〈rin,rout〉be a customer’s request and S=〈WS1…WSn〉a sequence of SaaS/DaaS Web Services. A composition with 〈WS1…WSn〉is possible for 〈rin,rout〉iff ΦS∧rin⊨*rout Proof Immediate according to the encoding based on constraint (1).□ Figure 4. Open in new tabDownload slide Find_Insurrance and Axa_Insurrance Services Composition with violated-privacy. Figure 4. Open in new tabDownload slide Find_Insurrance and Axa_Insurrance Services Composition with violated-privacy. Proposition 1 states that a composition is possible if from ΦS∧rin ⁠, we can deduce by unit propagation rout. Note that to test if a composition is possible with 〈WS1…WSn〉 is linear since unit propagation is sufficient for this request. As a consequence, we have the following proposition. Proposition 2 Let 〈rin,rout〉be a customer’s request and S=〈WS1…WSn〉a sequence of SaaS/DaaS Web Services. A composition with 〈WS1…WSn〉is possible for 〈rin,rout〉iff ΦS∧rin∧¬rout⊨*⊥ ⁠. Proof Immediately, according to the encoding based on Proposition 1.□ Proposition 2 allows us to characterize the WSC through the unsatisfiability. 5.1. Minimum unsatisfiability and minimum privacy composition Privacy plays a major role and is a challenging in Web Service Composition. The Web Service usually collects a large amount of customers personal data and shares these data with other Web Services. This, unfortunately, may lead to risks of data misuse. In this section, we propose to characterize privacy composition through minimum unsatisfiability to model the privacy aspects in WSC. Definition 5.1 (MUS) Let Φ a CNF formula considered as a multiset. A subset Φ′⊆Φis a MUS if Φ′is unsatisfiable and for all Φ″⊂Φ′ ⁠, Φ″is satisfiable. Example 1 Let us consider the CNF formula Φ=a∧b∧(¬a∨¬b)∧¬b ⁠. Φ involves the following two MUSes M1={a,b,(¬a∨¬b)} and M2={b,¬b} ⁠. There has been a remarkable amount of recent work on algorithms for computing minimal explanations of unsatisfiability over the last decade [24, 25]. State-of-the-art MUS extraction algorithms use SAT solvers as NP oracles, and typically perform a number of SAT solver calls. Each call with a different subformula of the original input formula. On the other hand, the problem of the computation of the smallest MUS has been studied recently. In [26], the authors propose novel algorithm for computing a smallest MUS based on Maximum correction sets. Let us now show how MUSes can be used to characterize minimum WSC in the SaaS/DaaS. Without confusion and when is necessary, WSx represents the Boolean variable associated to the SaaS Web Service WSx. Proposition 3 Let ΦSbe the CNF formula encoding of the WSC SaaS/DaaS problem. 〈WS1,…,WSn〉is a minimum WSC of a customer’s request 〈rin,rout〉iff ΦS∧rin∧¬routis a MUS. Proof We provide through our encoding a mapping between the set of possible composition and the models of ΦS ⁠. A minimum WSC is a composition using the minimum set of Web Services. Consequently, by solving Boolean CNF formulas by finding the MUS, it is clear that it corresponds to a minimum WSC.□ Proposition 3 allows us to have a means to deduce a minimum WSC through the computation of a minimum MUS of ΦS involving rin∧¬rout ⁠. According to Proposition 3, there exists a one to one mapping between the set of MUSes and the possible WSC. Since a minimal WSC corresponds to a MUS of ΦS∧rin∧¬rout ⁠, then MUS-based extraction approaches can be adapted to deal with this problem. Algorithm 1 describes our approach. Let us sketch the behavior of our Algorithm 1. It uses an incremental approach to find the minimum WSC with a preserved-privacy. The minimum WSC is represented by minPrivacyComp set. First, the formula ΦS∧X∧¬Y is considered. In the while loop and at each iteration, we extract a MUS (function extractMUS). Such MUS must satisfy some required conditions. First, it has to involve the clauses encoding X∧¬Y ⁠. Second, the set of involved variables encoding SaaS/DaaS Web Services must be less than a given bound. This bound corresponds to the number of SaaS/DaaS Web Services used in the composition and which must minimizes at each iteration using the constraint C=(∑i=1nWSi<minSize) ⁠. Note that the number of calls to the MUS extraction procedures does not exceed the number of SaaS/DaaS Web Services. Furthermore, the computation of the MUS is constrained by the fact that it must involve X and ¬Y ⁠. Furthermore, the computation of a MUS is less difficult compared with the general case. Indeed, we showed that unit propagation is sufficient as stated in Proposition 1. 5.2. QoS-based privacy composition In the previous section, we have shown how a minimum WSC can be found using linear calls to a MUS extraction procedure. Each minimum WSC contains the Web Services ensuring privacy policies. However, in general, while dealing with SaaS/DaaS Web Services in the CC, the minimality for a customer can have multiple meaning. For instance, a company can decide to use the WSC with minimum global cost corresponding to the total price. Another criterion for a customer can be considered is the time execution or the confidence degree of the SaaS/DaaS Web Services used. In the following, we propose to generalize the MUS-based privacy composition to take into account the QoS. For simplicity reason, we associate with each SaaS/DaaS Web Service WSx an attribute (real number) noted cx representing the QoS criteria associated to WSx. These QoS criteria have specific value type, they are unitless and influence the performance of a Web Service. In this paper, we focus on the three fundamental type of quality criteria: Execution cost, response time and frequency. First, execution cost is the required payment amount for the customer to pay to execute the requested service. Second, response time is the time needed to process a query from the sending request until receiving the response. Third, frequency represents a number of times the customers have used the requested Web Service. Then, the main goal is to minimize the sum of SaaS/DaaS Web Services QoS criteria. Algorithm 2 represents our general algorithm for privacy composition taking into account the QoS. As for Algorithm 1, it uses a while loop performing calls to a MUS extractor. Here, at each iteration, the required MUS must involve SaaS/DaaS Web Services having a global QoS criteria (getQoSCriteriaWS) lower that the previous iteration. 6. EXPERIMENTATION In order to validate our proposed approach, we generate randomly a set of Web Services and customer’s requests. The process of generation is the following: first, we generate randomly a set of Web Services as follows: a set of level are generated and each level is associated with a random number set of Web Services. Each Web Service is a set of input data ports and output data ports. Each input data port of a Web Service of a given level ℓ is an output data port of one or some Web Services at levels less than ℓ. This represents implicitly the data port type. The input/output data ports are generated, also, with a parameter which represents a privacy. This parameter is Mand or Opt and used to check compatibility among privacy within WSC. For each Web Service, we affected a weight that represents execution cost to express explicitly QoS, in order to select the best Web Service if there is a set of Web Services provide the same functionality. Each WSC is obtained by checking our privacy junction function of Definition 4.2 i.e. fp=1 and the minimization of the QoS as regards execution cost. Second, we generate randomly a customer’s request that its input data are generated randomly from all input data ports off all Web Services which are in the uppermost level. Furthermore, the output data of customer’s request may also be generated randomly from a set containing all output data port for all Web Services of the lowest level. We generate several levels with several Web Services to build multiple directories. We conducted experiments using the implemented prototype system to evaluate our approach. In the experiments, a PC using Intel Quad-Core 2.6 GHz, 16 GB memory and a Linux operating system is operated to run the prototype system. We have implemented a prototype of our approach in Java. Furthermore, we analyze and detect the minimal WSC by using the method described in Section 5 which consists transforming the Web Services definition into a SAT problem. In order to evaluate the overall performance of our SAT-based SaaS approach, Table 1 shows the ‘problem size’ from a multiple directories which contains a customer’s request and a set of Web Services defined with its input data ports and output data ports. These directories represent instances for our experiments and the ‘problem size’ is represented by number of variables ‘#var’ and number of clauses ‘#cls’. When executing our tool using eMUS2 [27] as a framework for constraint solving, we can get the minimal WSC by giving the number of Web Services participated ‘Min WSC’ and the average time needed by our approach to identify an optimal solution ‘CPU Time’. In each WSC, the number of private data is expressed by ‘#Private Data’. This number represents qualitative parameter of our results i.e. there is the same during WSC or it changes increasingly according to the data that their privacy is not compulsory and it becomes mandatory. This is guaranteed by Definition 4.2 where a data port with optional privacy attribute can be composed with a data port with mandatory privacy attribute and which have the same data type. This composition allows us to add these data to the set of private data by incrementing ‘#Private Data’ number. Therefore, for such a data, its privacy can be guaranteed from the beginning to the end of a composition, or, after the beginning to the end of a composition. Table 1. Experimental results on different benchmarks of Privacy WSC with several levels. Instance name . Problem size (#var, #cls) . Min privacy WSC . CPU time (s) . #Private data . DPWSC-L5-N7 (35,69) 2 0.003 2 DPWSC-L10-N8 (80,152) 9 0.0035 3 DPWSC-L15-N9 (135,253) 11 0.305 5 DPWSC-L20-N10 (200,381) 14 13.455 1 DPWSC-L25-N11 (275,529) 10 10.324 4 DPWSC-L30-N12 (360,685) 13 17.876 5 DPWSC-L35-N13 (455,866) 18 10.259 4 DPWSC-L40-N14 (560,1067) 6 15.846 1 DPWSC-L45-N15 (675,1286) 0 0.005329 0 DPWSC-L50-N16 (800,1520) 20 60.4863 4 Instance name . Problem size (#var, #cls) . Min privacy WSC . CPU time (s) . #Private data . DPWSC-L5-N7 (35,69) 2 0.003 2 DPWSC-L10-N8 (80,152) 9 0.0035 3 DPWSC-L15-N9 (135,253) 11 0.305 5 DPWSC-L20-N10 (200,381) 14 13.455 1 DPWSC-L25-N11 (275,529) 10 10.324 4 DPWSC-L30-N12 (360,685) 13 17.876 5 DPWSC-L35-N13 (455,866) 18 10.259 4 DPWSC-L40-N14 (560,1067) 6 15.846 1 DPWSC-L45-N15 (675,1286) 0 0.005329 0 DPWSC-L50-N16 (800,1520) 20 60.4863 4 Open in new tab Table 1. Experimental results on different benchmarks of Privacy WSC with several levels. Instance name . Problem size (#var, #cls) . Min privacy WSC . CPU time (s) . #Private data . DPWSC-L5-N7 (35,69) 2 0.003 2 DPWSC-L10-N8 (80,152) 9 0.0035 3 DPWSC-L15-N9 (135,253) 11 0.305 5 DPWSC-L20-N10 (200,381) 14 13.455 1 DPWSC-L25-N11 (275,529) 10 10.324 4 DPWSC-L30-N12 (360,685) 13 17.876 5 DPWSC-L35-N13 (455,866) 18 10.259 4 DPWSC-L40-N14 (560,1067) 6 15.846 1 DPWSC-L45-N15 (675,1286) 0 0.005329 0 DPWSC-L50-N16 (800,1520) 20 60.4863 4 Instance name . Problem size (#var, #cls) . Min privacy WSC . CPU time (s) . #Private data . DPWSC-L5-N7 (35,69) 2 0.003 2 DPWSC-L10-N8 (80,152) 9 0.0035 3 DPWSC-L15-N9 (135,253) 11 0.305 5 DPWSC-L20-N10 (200,381) 14 13.455 1 DPWSC-L25-N11 (275,529) 10 10.324 4 DPWSC-L30-N12 (360,685) 13 17.876 5 DPWSC-L35-N13 (455,866) 18 10.259 4 DPWSC-L40-N14 (560,1067) 6 15.846 1 DPWSC-L45-N15 (675,1286) 0 0.005329 0 DPWSC-L50-N16 (800,1520) 20 60.4863 4 Open in new tab Algorithm 1 Minimum Privacy WSC. Input: S=〈X1,Y1〉,…,〈Xn,Yn〉 a set of SaaS/DaaS Web Services Input: 〈X,Y〉 a customer’s request Output: a set of SaaS/DaaS Web Services Ψ←ΦS∧X∧¬Y ⁠; minPrivacyComp←∅ ⁠; minSize←n ⁠; C←∅ ⁠; while (true) do M←extractMUS(Ψ);ifM≠∅thenminPrivacyComp←{WSx∣WSx∈M};minSize←∣minPrivacyComp∣;Ψ←(ΨS⧹{C})∧(∑i=1nWSi<minSize);C=(∑i=1nWSi<minSize)else⌊break; returnminPrivacyComp Input: S=〈X1,Y1〉,…,〈Xn,Yn〉 a set of SaaS/DaaS Web Services Input: 〈X,Y〉 a customer’s request Output: a set of SaaS/DaaS Web Services Ψ←ΦS∧X∧¬Y ⁠; minPrivacyComp←∅ ⁠; minSize←n ⁠; C←∅ ⁠; while (true) do M←extractMUS(Ψ);ifM≠∅thenminPrivacyComp←{WSx∣WSx∈M};minSize←∣minPrivacyComp∣;Ψ←(ΨS⧹{C})∧(∑i=1nWSi<minSize);C=(∑i=1nWSi<minSize)else⌊break; returnminPrivacyComp Open in new tab Algorithm 1 Minimum Privacy WSC. Input: S=〈X1,Y1〉,…,〈Xn,Yn〉 a set of SaaS/DaaS Web Services Input: 〈X,Y〉 a customer’s request Output: a set of SaaS/DaaS Web Services Ψ←ΦS∧X∧¬Y ⁠; minPrivacyComp←∅ ⁠; minSize←n ⁠; C←∅ ⁠; while (true) do M←extractMUS(Ψ);ifM≠∅thenminPrivacyComp←{WSx∣WSx∈M};minSize←∣minPrivacyComp∣;Ψ←(ΨS⧹{C})∧(∑i=1nWSi<minSize);C=(∑i=1nWSi<minSize)else⌊break; returnminPrivacyComp Input: S=〈X1,Y1〉,…,〈Xn,Yn〉 a set of SaaS/DaaS Web Services Input: 〈X,Y〉 a customer’s request Output: a set of SaaS/DaaS Web Services Ψ←ΦS∧X∧¬Y ⁠; minPrivacyComp←∅ ⁠; minSize←n ⁠; C←∅ ⁠; while (true) do M←extractMUS(Ψ);ifM≠∅thenminPrivacyComp←{WSx∣WSx∈M};minSize←∣minPrivacyComp∣;Ψ←(ΨS⧹{C})∧(∑i=1nWSi<minSize);C=(∑i=1nWSi<minSize)else⌊break; returnminPrivacyComp Open in new tab Algorithm 2 Minimum QoS Privacy WSC value. Input: S=〈X1,Y1〉,…,〈Xn,Yn〉 a set of SaaS/DaaS Web Services Input: 〈X,Y〉 a customer’s request Output: a set of SaaS/DaaS Web Services Ψ←ΦS∧X∧¬Y ⁠; minQoSCriteria←+∞ ⁠; minPrivacyComp←∅ ⁠; C←∅ ⁠; while (true) do M←extractMUS(Ψ);ifM≠∅thennewQoSCriteria←getQoSCriteriaWS(M);minQoSCriteria←newQoSCriteria;minPrivacyComp←{WSx∣WSx∈M};Ψ→(Ψ⧹{C})∧(∑i=1nciWSi<minQoSCriteria);C→(∑i=1nciWSi<minQoSCriteria);else⌊break; returnminPrivacyComp Input: S=〈X1,Y1〉,…,〈Xn,Yn〉 a set of SaaS/DaaS Web Services Input: 〈X,Y〉 a customer’s request Output: a set of SaaS/DaaS Web Services Ψ←ΦS∧X∧¬Y ⁠; minQoSCriteria←+∞ ⁠; minPrivacyComp←∅ ⁠; C←∅ ⁠; while (true) do M←extractMUS(Ψ);ifM≠∅thennewQoSCriteria←getQoSCriteriaWS(M);minQoSCriteria←newQoSCriteria;minPrivacyComp←{WSx∣WSx∈M};Ψ→(Ψ⧹{C})∧(∑i=1nciWSi<minQoSCriteria);C→(∑i=1nciWSi<minQoSCriteria);else⌊break; returnminPrivacyComp Open in new tab Algorithm 2 Minimum QoS Privacy WSC value. Input: S=〈X1,Y1〉,…,〈Xn,Yn〉 a set of SaaS/DaaS Web Services Input: 〈X,Y〉 a customer’s request Output: a set of SaaS/DaaS Web Services Ψ←ΦS∧X∧¬Y ⁠; minQoSCriteria←+∞ ⁠; minPrivacyComp←∅ ⁠; C←∅ ⁠; while (true) do M←extractMUS(Ψ);ifM≠∅thennewQoSCriteria←getQoSCriteriaWS(M);minQoSCriteria←newQoSCriteria;minPrivacyComp←{WSx∣WSx∈M};Ψ→(Ψ⧹{C})∧(∑i=1nciWSi<minQoSCriteria);C→(∑i=1nciWSi<minQoSCriteria);else⌊break; returnminPrivacyComp Input: S=〈X1,Y1〉,…,〈Xn,Yn〉 a set of SaaS/DaaS Web Services Input: 〈X,Y〉 a customer’s request Output: a set of SaaS/DaaS Web Services Ψ←ΦS∧X∧¬Y ⁠; minQoSCriteria←+∞ ⁠; minPrivacyComp←∅ ⁠; C←∅ ⁠; while (true) do M←extractMUS(Ψ);ifM≠∅thennewQoSCriteria←getQoSCriteriaWS(M);minQoSCriteria←newQoSCriteria;minPrivacyComp←{WSx∣WSx∈M};Ψ→(Ψ⧹{C})∧(∑i=1nciWSi<minQoSCriteria);C→(∑i=1nciWSi<minQoSCriteria);else⌊break; returnminPrivacyComp Open in new tab It is important to note that the data ports type and privacy parameter are taken into consideration in the Web Service attribute stored in the each directory. That means, the WSC mechanism is relevant even if the other attributes are taken into account. The experiment makes clear that a customer’s request does not fulfill its goal if the WSC does not respect the matching between the Web Services data type and privacy policy on each port. 7. CONCLUSION In this paper, we presented a new approach to compute a minimum composition of SaaS Web Services and DaaS Web Services for a given customer’s request. We presented an encoding of the SaaS/DaaS Web Services into a propositional Boolean formula. Taking advantage of SAT, we use minimum unsatisfiability with MUS to solve privacy-aware WSC problem with QoS in CC. Indeed, we showed how the computation of the smallest minimal unsatisfiable set of clauses is used to find the minimum WSC ensuring privacy with a best QoS. Knowing that any NP-complete problem can be reduced to a SAT problem and as soon as a solution of the SAT problem is found, the corresponding privacy-aware WSC problem is solved. Our technique has proven itself to be quite effective, in particular because of the great efforts made to optimize the implementation of SAT solvers. We have evaluated our approach based on the composition built on different number of Web Services with a different number of tasks generated randomly. Our experiment showed that our SAT-based SaaS encoding yields minimum privacy composition in keeping customer’s requests. As a future work, we plan to test our approach on real-life problems using standard data sets like WS-Challenge data sets. In addition, we will show how our approach can be exploited and implemented with Platform for Privacy Preferences Project protocol, of World Wide Web Consortium, which helps customers to manage their data privacy which have differing privacy policies, for example, what information is collected and stored. This can be performed using WSDL that is used to describe the functionality offered by each Web Service. REFERENCES 1 Ait Wakrime , A. , Benbernou , S. and Jabbour , S. ( 2015 ) Relaxation Based SaaS for Repairing Failed Queries over the Cloud Computing. 12th IEEE Int. Conf. e-Business Engineering (ICEBE 2015), Beijing, China, October 23–25, pp. 245–250. 2 Shiaa , M. , Fladmark , J. and Thiell , B. ( 2008 ) An Incremental Graph-based Approach to Automatic Service Composition. IEEE Int. Conf. Services Computing, 2008 (SCC '08), July, pp. 397–404. 3 Kona , S. , Bansal , A., Blake , M. and Gupta , G. ( 2008 ) Generalized Semantics-based Service Composition. IEEE Int. Conf. Web Services, 2008 (ICWS '08), September, pp. 219–227. 4 Balbiani , P. , Alili , F.C., Héam , P.-C. and Kouchnarenko , O. ( 2010 ) Composition of services with constraints . Electron. Notes Theor. Comput. Sci. , 263 , 31 – 46 . Google Scholar Crossref Search ADS WorldCat 5 Channa , N. , Li , S., Shaikh , A.W. and Fu , X. ( 2005 ) Constraint Satisfaction in Dynamic Web Service Composition. Proc. Sixteenth Int. Workshop on Database and Expert Systems Applications, 2005, August, pp. 658–664. 6 Lin , C.-F. , Sheu , R.-K., Chang , Y.-S. and Yuan , S.-M. ( 2011 ) A relaxable service selection algorithm for qos-based web service composition . Inf. Softw. Technol. , 53 , 1370 – 1381. . Google Scholar Crossref Search ADS WorldCat 7 Tan , T.H , Chen , M., Sun , J., Liu , Y., André , É., Xue , Y. and Dong , J.S. ( 2016 ) Optimizing Selection of Competing Services with Probabilistic Hierarchical Refinement. Proc. 38th Int. Conf. Softw. Eng., pp. 85–95. ACM. 8 Tan , T.H. , Chen , M., André , É., Sun , J., Liu , Y. and Dong , J.S. ( 2014 ) Automated Runtime Recovery for QoS-based Service Composition. Proc. 23rd Int. Conf. World Wide Web, pp. 563–574. ACM. 9 Rezgui , A. , Ouzzani , M., Bouguettaya , A. and Medjahed , B. ( 2002 ) Preserving Privacy in Web Services. Proc. 4th Int. Workshop on Web Information and Data Management, pp. 56–62. ACM. 10 Squicciarini , A. , Carminati , B. and Karumanchi , S. ( 2011 ) A Privacy-Preserving Approach for Web Service Selection and Provisioning. 2011 IEEE Int. Conf. Web Services (ICWS), pp. 33–40. IEEE. 11 Barhamgi , M. , Benslimane , D., Amghar , Y., Cuppens-Boulahia , N. and Cuppens , F. ( 2013 ) Privcomp: A Privacy-Aware Data Service Composition System. Proc. 16th Int. Conf. Extending Database Technology, pp. 757–760. ACM. 12 Bhatia , R. and Singh , M. ( 2014 ) Privacy Aware Access Control in Web Services Compositions. Proc. 2014 Int. Conf. Information and Communication Technology for Competitive Strategies 73. ACM. 13 Li , M. , Sun , X., Wang , H. and Zhang , Y. ( 2009 ) Optimal Privacy-Aware Path in Hippocratic Databases. Database Systems for Advanced Applications, pp. 441–455. Springer. 14 Nam , W. , Kil , H. and Lee , D. ( 2008 ) Type-Aware Web Service Composition using Boolean Satisfiability Solver. 2008 10th IEEE Conference on E-Commerce Technology and the Fifth IEEE Conference on Enterprise Computing, E-Commerce and E-Services, pp. 331–334. IEEE. 15 Penczek , W. , Pólrola , A. and Zbrzezny , A. ( 2010 ) Towards Automatic Composition of Web Services: A SAT-Based Phase. ACSD/Petri Nets Workshops, pp. 453–473. 16 Tbahriti , S.-E. , Mrissa , M., Medjahed , B., Ghedira , C., Barhamgi , M. and Fayn , J. ( 2011 ) Privacy-aware DaaS services composition. Database and Expert Systems Applications, pp. 202–216. Springer. 17 Amarouche , I.A. , Benslimane , D., Barhamgi , M., Mrissa , M. and Alimazighi , Z. ( 2011 ) Electronic health record data-as-a-services composition based on query rewriting. Transactions on Large-Scale Data-and Knowledge-Centered Systems IV, pp. 95–123. Springer. 18 Fu , X. ( 2011 ) Conformance verification of privacy policies. Web Services and Formal Methods, pp. 86–100. Springer. 19 Barth , A. , Datta , A., Mitchell , J.C. and Nissenbaum , H. ( 2006 ) Privacy and Contextual Integrity: Framework and Applications. 2006 IEEE Symposium on Security and Privacy, pp. 15. IEEE. 20 Tseitin , G. ( 1968 ) On the complexity of derivations in the propositional calculus. In Slesenko , H. Structures in Constructives Mathematics and Mathematical Logic, Part II , pp. 115 , 125 . Google Scholar Google Preview OpenURL Placeholder Text WorldCat COPAC 21 Moskewicz , M. , Madigan , C., Zhao , Y., Zhang , L. and Malik , S. ( 2001 ) Chaff: Engineering an Efficient SAT Solver. Proc. Design Automation Conf., pp. 530–535. 22 Eén , N. and Sörensson , N. ( 2003 ) An Extensible SAT-Solver. SAT, pp. 502–518. 23 Zhang , L. , Madigan , C., Moskewicz , M. and Malik , S. ( 2001 ) Efficient conflict driven learning in boolean satisfiability solver. Int. Conf. Computer-Aided Design, pp. 279–285. 24 Grégoire , É. , Mazure , B. and Piette , C. ( 2007 ) Boosting a Complete Technique to Find MSS and MUS Thanks to a Local Search Oracle. Proc. 20th Int. Joint Conf. Artificial Intelligence (IJCAI 2007), Hyderabad, India, January 6–12, pp. 2300–2305. 25 Liffiton , M.H. , Mneimneh , M.N., Lynce , I., Andraus , Z.S., Marques-Silva , J. and Sakallah , K.A. ( 2009 ) A branch and bound algorithm for extracting smallest minimal unsatisfiable subformulas . Constraints , 14 , 415 – 442 . Google Scholar Crossref Search ADS WorldCat 26 Ignatiev , A. , Previti , A., Liffiton , M.H. and Marques-Silva , J. ( 2015 ) Smallest MUS Extraction with Minimal Hitting Set Dualization. Proc. 21st Int. Conf. Principles and Practice of Constraint Programming (CP 2015), Cork, Ireland, August 31–September 4, pp. 173–182. 27 Previti , A. and Marques-Silva , J. ( 2013 ) Partial MUS enumeration. Proc. 27th AAAI Conf. Artificial Intelligence, Bellevue, Washington, USA, July 14–18. Footnotes 1 " Web Service Description language http://www.w3.org/TR/wsdl20/ 2 " http://logos.ucd.ie/web/doku.php?id=emus Author notes Handling editor: Andrew Martin © The British Computer Society 2017. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com
TI - Satisfiability-Based Privacy-Aware Cloud Computing
JF - The Computer Journal
DO - 10.1093/comjnl/bxx039
DA - 2017-12-01
UR - https://www.deepdyve.com/lp/oxford-university-press/satisfiability-based-privacy-aware-cloud-computing-vs9IHENMQk
SP - 1760
VL - 60
IS - 12
DP - DeepDyve
ER -