Department of Computer Science E-Commerce & E-Government Research LabPreserving Privacy in E-government Applications Information Security Research Seminar CISC, JMU, VA, May 11, 2004 PI: Athman Bouguettaya Presenter: Abdelmounaam Rezgui Agenda Introduction A Reputation Management System for Privacy Preservation Trade Secret Techniques for Privacy Preservation Implementation: WebDG Publications People PI. Dr. Athman Bouguettaya Students: Mohammad Salman Akram Xumin Liu Zaki Malik Brahim Medjahed Mourad Ouzzani Yu Qi Abdelmounaam Rezgui Objective of the Project Preserving Privacy in E-government Applications Application: E-government providing social and welfare benefits to citizens Context: The (Semantic) Web Leverage the ubiquity of the Web to provide a better service to citizens (e.g., senior citizens, families, children). Preserving Privacy on the Semantic Web Research Objectives Privacy aware service selection Privacy preserving service composition Mechanisms for privacy violation detection and tracking Mutual non-repudiation Challenges Non-transparency of service workflow Unpredictability of service behavior Volatility of Web services Composition of services with heterogeneous/incompatible privacy policies Interaction forms Preserving Privacy in citizen-government interactions A reputation management system for Web services Privacy-aware query optimizer for Web services Preserving Privacy when outsourcing government services Trade secret techniques for privacy preservation Reputation The Reputation Approach Objective Establish trust in Web services through reputation Basic idea Define reputation criteria for Web services Quantify reputation Functionalities: collect, Evaluate, update, disseminate reputation of Web services Extend Web services invocation scheme (discovery- selection-invocation) A Scenario Reputation Model Reputation Manager: Trusted third party responsible of collecting, evaluating, updating and disseminating reputation information Probing Agents: Responsible for monitoring the services and reporting collected information to the Reputation Manager Service Wrappers: Software module co-located with a Web service S that handles all messages received/sent by S Support for legacy Web services Ontology for Privacy Characteristics of attributes Privacy Significance Order Example: PSL (PhoneNumber) < PSL (SSN) Synonymy Example: T = { PhoneNumber, HomePhoneNumber, ContactNumber, Telephone, Phone } Information Flow Difference IFD(Op) = PSL(a) - PSL(a) a Input(Op) a Output(Op) Privacy Violation when: IFD(Op) < 0 Weighted Definition of Reputation Criteria for Reputation Assessment Examples: Degree of permeability, Authentication, Encryption Mechanisms, Seniority, etc. Definition where, s i is a Web service m is the number of criteria w k is weight of the k th criterion c i k is value of the k th criterion Reputation(s i ) = m w k. c i k k=1 Reputation Manager Perturbation Techniques Using Trade Secret Techniques to Preserve Privacy Objectives Preserving citizens privacy while allowing G2B interactions involving the exchange of private information Basic Idea Perturb data in a way that preserves its use Perturbation deters discovery of relationships between multiple requests Make any data mining technique computationally infeasible A Scenario Character Replacement Method Use replacement characters from the same alphabet or numeric Use replace characters from a different alphabet Word Change Method Change the composition of the word by adding or deleting characters Add Invisible control characters, phonetically similar characters Delete Characters used for phonetic emphasis Character Reordering Method Alter the position of characters in a word Graham Rawlinsons thesis it dosent mttaer in waht oredr the ltteers in a word are, the olny iprmoetnt tihng is that the frsit and lsat lteter be at the rghit pclae. The rset can be a toatl mses and you can still raed it wouthit porbelm WebDG Project The Big Picture WebDG in a nutshell A Web Service Management System (WSMS) Privacy preserving access to government Web services Web Service Composition Query Optimization URL - Journal Papers A. Rezgui, A. Bouguettaya and M. Eltoweissy, SemWebDL: A Privacy Preserving Semantic Web Infrastructure for Digital Libraries, Accepted in the International Journal on Digital Libraries, to appear, 2004 B. Medjahed, B. Benatallah, A. Bouguettaya, A. Elmagarmid. WebBIS: An Infrastructure for Agile Integration of Web Services, International Journal on Cooperative Information Systems, Volume 13, Number 2, June 2004 A. Rezgui, A. Bouguettaya and M. Eltoweissy, Preserving Privacy in the Web: Facts, Challenges and Solutions, IEEE Security & Privacy, Volume 1, Number 6, November 2003 B. Medjahed, A. Bouguettaya, A. Elmagarmid, Composing Web Services on the Semantic Web, The VLDB Journal, Special Issue on the Semantic Web, Volume 12, Number 4, November 2003 X. Yang, A. Bouguettaya, B. Medjahed, H. Long, W. He. Organizing and Accessing Web Services on Air, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, Volume 33, Number 6, November 2003 B. Medjahed, B. Benatallah, A. Bouguettaya, A. H. H. Ngu, and A. Elmagarmid. Business-to-Business Interactions: Issues and Enabling Technologies. The VLDB Journal, Volume 12, Number 1, May 2003 B. Medjahed, A. Rezgui, A. Bouguettaya, and M. Ouzzani. Infrastructure for E-Government Web Services, IEEE Internet Computing, Volume 7, Number 1, January/February 2003 Z. Malik, and A. Bouguettaya. Preserving Trade Secrets in P2P Web Services Collaboration. International Journal of Cooperative Information Systems (submitted) Publications Publications (contd) Book Chapters A. Bouguettaya, A. Rezgui, B. Medjahed, and M. Ouzzani, Internet Computing Support for Digital Government. In The Practical Handbook of Internet Computing, CRC Press, June 2004 A. Rezgui, A. Bouguettaya, and Z. Malik, Using Reputation to Preserve Privacy in the Semantic Web, In Information Security Policies and Actions in Modern Integrated Systems, Eds. Carlo Bellettini and Maria Grazia Fugini, Idea Group Publishing, February 2004 Conference Papers M. S. Akram, B.Medjahed, and A. Bouguettaya, Supporting Dynamic Changes in Web Service Environments, 1st International Conference on Service Oriented Computing (SOC), Trento, Italy, December Rezgui, A. Bouguettaya, Z. Malik, A Reputation-based Approach to Preserving Privacy in Web Services, VLDB Workshop on Technologies for E-services (TES03), September 2003 M. Ouzzani and A. Bouguettaya, A Query Paradigm for Web Services, 1st International Conference on Web Services, Las Vegas, NV, USA, June 2003 A. Rezgui, M. Ouzzani, A. Bouguettaya, and B. Medjahed, Preserving Privacy in Web Services. The 4th International ACM Workshop on Web Information and Data Management, Virginia, USA, November 2002 A. Rezgui, Z. Wen, and A. Bouguettaya, Enforcing Privacy in Interoperable E-Government Databases, The dg.o 2002 NSF Conference for Digital Government Research, Los Angeles, USA, May 2002 A. Bouguettaya, B. Medjahed, A. Rezgui, M. Ouzzani, and Z. Wen. Privacy Preserving Composition of Government Web Services, The dg.o 2002 NSF Conference for Digital Government Research, Los Angeles, USA, May 2002 ?