Web服务组合隐私分析与验证研究
|
摘要
面向服务计算SOC(Service-Oriented Computing)是一种基于Internet的分布式计算模式,代表了软件开发的最新发展方向。SOC以Web服务作为基本组成单元,有效地解决了在分布、动态、异构环境下的分布式应用集成问题。Web服务组合是实现SOC的核心技术之一,它通过组合已有的Web服务形成新的增值服务,用以满足用户的需求。用户在享受组合服务功能的同时,需要释放一些个人隐私信息,用以支持组合服务的执行。由于面向服务环境的开放、自治和动态的本质,组合服务的提供者在获得这些隐私信息后,可能会未经授权的访问、使用和暴露它们,从而对用户造成了极大的隐私危害。
面对这些危害,用户越来越担心其个人信息的隐私安全,他们一方面希望通过组合服务来完成业务功能,另一方面他们也希望所遭遇的隐私危害最小,因此如何在满足用户功能需求的前提下最大可能的减小隐私危害是实现安全Web服务组合的一个关键问题。当前国内外研究者对Web服务组合开展了广泛而深入的研究,但很少关注保护用户的个人隐私。针对当前研究工作的不足,本文围绕Web服务组合中的隐私分析与验证问题展开研究,主要成果如下:
(1)研究了Web服务组合隐私分析与验证框架,该框架支持用户表达个性化的隐私策略、设置隐私数据的敏感度,并支持服务组合者在设计服务组合时,验证该组合是否满足用户的隐私策略约束,并且分析它的隐私暴露与授权问题,基于上述分析验证过程所组合的Web服务能减少对隐私数据的误用和危害,为提高组合服务的安全性和可靠性提供了基础。
(2)研究了Web服务组合隐私访问控制问题,提出一种基于信任度的Web服务组合隐私访问控制模型,该模型利用信任度作为服务访问隐私权限的资格条件,给出了隐私策略执行系统,分析了该系统的功能组件以及执行流程,并且给出了相应的隐私授权决策算法,为细粒度的隐私授权的实施提供了重要保障。
(3)研究了Web服务组合隐私建模与验证问题,提出一种扩展隐私语义的接口自动机模型,利用该模型对Web服务及其组合的隐私行为进行建模,给出了服务的BPEL流程活动到隐私接口自动机的转换方法;在此基础上将服务组合的自动机模型转换到它的相容状态空间可达图,然后提出了隐私授权验证算法,根据该算法检测可达图中是否存在隐私策略违背,从而验证服务组合是否满足用户的隐私策略约束,为提高组合服务的功能正确性和隐私安全性提供了重要保障。
(4)研究了Web服务组合中的隐私暴露与授权问题,提出一种Web服务组合最小隐私暴露与最优隐私授权分析方法。首先给出了隐私暴露代价的计算方法,对满足隐私策略约束的相容状态空间可达图加注隐私暴露代价形成隐私代价可达图;然后提出了最小隐私代价可达路径算法,使用它对隐私代价可达图中的路径进行暴露代价计算,从而分析服务组合中的最小隐私暴露问题;最后提出了最优隐私策略设置算法,利用该算法在最小隐私代价可达图的基础上分析了服务组合中的最优隐私授权。最小隐私暴露和最优隐私授权问题的分析对减小服务组合的隐私危害具有重要的意义。
(5)基于以上方法和理论,设计和实现了Web服务组合隐私分析验证原型工具,利用该工具对服务组合进行隐私分析和验证,并通过一个实例说明本文所提方法和理论的正确性和实用性。
Service-Oriented Computing (SOC) is a kind of Internet-based distributed computing model, which proposes a promising paradigm of software development. SOC has efficiently solved the integration problem of distributed applications in a distributed, dynamic and heterogeneous environment by taking the Web service as basic components. Web services composition is one of the core technologies of realizing SOC. It satisfies the requirements of users to form new value-added services by composing existing services. The users have to release some personal private information to support the execution of the services composition to obtain the benefits of the services composition. Due to the characteristics of the service-oriented environment, i.e., open, autonomous, and dynamic, the provider of the services composition may access, use or disclose the private information without authorization after obtaining it, thus causing huge damages to the privacy of uses.
Facing with this privacy hazard, users worry about the security of their personal information. On one hand, they hope to accomplish the business tasks through the services composition; on the other hand, they also hope that the damage to their privacy can be minimized. Hence, how to minimize the damage to the users’privacy on the premise of satisfying the functional requirement of users is a key issue in realizing secure Web services composition. Many researchers at home and abroad have conducted extensive and profound investigations to the Web service composition, but few of them pays enough attention to protection of personal privacy. In view of the current limitations of the study, this thesis conducts the research on the privacy protection problem of Web service compositions, the major contributions are as follows:
(1) It investigates the privacy analysis and verification framework for Web services composition. Within this framework, users can express their personalized privacy policies, set the sensitive degree of the privacy data; and the service composer can check whether the design satisfies the privacy policy constraints of the users in the process of designing the services composition, and thus analyze the privacy disclosure and authorization of the Web services composition within this framework that can efficiently decrease the harm of privacy disclosure and provide basic conditions to improve the security and reliability of services composition.
(2) It studies the problem of privacy access control of Web services composition. It proposes a trust-based Web services privacy access control model. This model utilizes a trust degree to limit the access of the services to the privacy and presents an enforcement system of privacy policies. Besides, it analyzes the function components of the system as well as the executive process and presents the corresponding algorithm for the privacy authorization decision which is very important to the implementation of fine-grained privacy authorization.
(3) It explores the privacy modeling and verification problem of Web services composition. It proposes an interface automata model by extending privacy semantics, and utilizes this model to specify the privacy behaviors of the Web services and their compositions. It also presents a transformation method from BPEL process activities to privacy interface automata. On top of that, it transforms a privacy interface automata of a services composition to a state space reachability graph and presents a verification algorithm of the privacy authorization. This algorithm can verify whether there is violation in the reachability graph, and thus verify whether the services composition satisfies the privacy requirements of users. This algorithm provides an important foundation to improve the function correctness and privacy security of services.
(4) It inspects the privacy disclosure and authorization problem in Web services composition and presents an analysis method of the minimal privacy disclosure and optimal privacy authorization. Firstly it put forward a method to compute the privacy disclosure cost. This method assigns the privacy disclosure cost to a state space reachability graph which satisfies the privacy policy constraints so as to from the minimal privacy cost reachability graph. Then it proposes an algorithm to obtain the reachability path of the minimal privacy cost. It can be utilized to compute the privacy cost of the reachability path, and thus analyze the minimal privacy disclosure of the services composition. At last it offers an algorithm of setting the optimal privacy policy, with which the optimal privacy authorization of the services composition can be analyzed based on the minimal privacy cost reachability graph. The analysis on the problems like the minimal privacy disclosure and optimal privacy authorization is of great significance in decreasing the privacy disclosure hazard of services composition.
(5) Based on the above methods and theories, this thesis designs and implements a privacy analysis and verification tool for Web services composition. With this tool, the privacy analysis and verification to the services composition can be conducted. On top of that, this paper presents a case study of on-line shopping transactions to prove the correctness and efficiency of the methods and theories contributed by this thesis.
面对这些危害,用户越来越担心其个人信息的隐私安全,他们一方面希望通过组合服务来完成业务功能,另一方面他们也希望所遭遇的隐私危害最小,因此如何在满足用户功能需求的前提下最大可能的减小隐私危害是实现安全Web服务组合的一个关键问题。当前国内外研究者对Web服务组合开展了广泛而深入的研究,但很少关注保护用户的个人隐私。针对当前研究工作的不足,本文围绕Web服务组合中的隐私分析与验证问题展开研究,主要成果如下:
(1)研究了Web服务组合隐私分析与验证框架,该框架支持用户表达个性化的隐私策略、设置隐私数据的敏感度,并支持服务组合者在设计服务组合时,验证该组合是否满足用户的隐私策略约束,并且分析它的隐私暴露与授权问题,基于上述分析验证过程所组合的Web服务能减少对隐私数据的误用和危害,为提高组合服务的安全性和可靠性提供了基础。
(2)研究了Web服务组合隐私访问控制问题,提出一种基于信任度的Web服务组合隐私访问控制模型,该模型利用信任度作为服务访问隐私权限的资格条件,给出了隐私策略执行系统,分析了该系统的功能组件以及执行流程,并且给出了相应的隐私授权决策算法,为细粒度的隐私授权的实施提供了重要保障。
(3)研究了Web服务组合隐私建模与验证问题,提出一种扩展隐私语义的接口自动机模型,利用该模型对Web服务及其组合的隐私行为进行建模,给出了服务的BPEL流程活动到隐私接口自动机的转换方法;在此基础上将服务组合的自动机模型转换到它的相容状态空间可达图,然后提出了隐私授权验证算法,根据该算法检测可达图中是否存在隐私策略违背,从而验证服务组合是否满足用户的隐私策略约束,为提高组合服务的功能正确性和隐私安全性提供了重要保障。
(4)研究了Web服务组合中的隐私暴露与授权问题,提出一种Web服务组合最小隐私暴露与最优隐私授权分析方法。首先给出了隐私暴露代价的计算方法,对满足隐私策略约束的相容状态空间可达图加注隐私暴露代价形成隐私代价可达图;然后提出了最小隐私代价可达路径算法,使用它对隐私代价可达图中的路径进行暴露代价计算,从而分析服务组合中的最小隐私暴露问题;最后提出了最优隐私策略设置算法,利用该算法在最小隐私代价可达图的基础上分析了服务组合中的最优隐私授权。最小隐私暴露和最优隐私授权问题的分析对减小服务组合的隐私危害具有重要的意义。
(5)基于以上方法和理论,设计和实现了Web服务组合隐私分析验证原型工具,利用该工具对服务组合进行隐私分析和验证,并通过一个实例说明本文所提方法和理论的正确性和实用性。
Service-Oriented Computing (SOC) is a kind of Internet-based distributed computing model, which proposes a promising paradigm of software development. SOC has efficiently solved the integration problem of distributed applications in a distributed, dynamic and heterogeneous environment by taking the Web service as basic components. Web services composition is one of the core technologies of realizing SOC. It satisfies the requirements of users to form new value-added services by composing existing services. The users have to release some personal private information to support the execution of the services composition to obtain the benefits of the services composition. Due to the characteristics of the service-oriented environment, i.e., open, autonomous, and dynamic, the provider of the services composition may access, use or disclose the private information without authorization after obtaining it, thus causing huge damages to the privacy of uses.
Facing with this privacy hazard, users worry about the security of their personal information. On one hand, they hope to accomplish the business tasks through the services composition; on the other hand, they also hope that the damage to their privacy can be minimized. Hence, how to minimize the damage to the users’privacy on the premise of satisfying the functional requirement of users is a key issue in realizing secure Web services composition. Many researchers at home and abroad have conducted extensive and profound investigations to the Web service composition, but few of them pays enough attention to protection of personal privacy. In view of the current limitations of the study, this thesis conducts the research on the privacy protection problem of Web service compositions, the major contributions are as follows:
(1) It investigates the privacy analysis and verification framework for Web services composition. Within this framework, users can express their personalized privacy policies, set the sensitive degree of the privacy data; and the service composer can check whether the design satisfies the privacy policy constraints of the users in the process of designing the services composition, and thus analyze the privacy disclosure and authorization of the Web services composition within this framework that can efficiently decrease the harm of privacy disclosure and provide basic conditions to improve the security and reliability of services composition.
(2) It studies the problem of privacy access control of Web services composition. It proposes a trust-based Web services privacy access control model. This model utilizes a trust degree to limit the access of the services to the privacy and presents an enforcement system of privacy policies. Besides, it analyzes the function components of the system as well as the executive process and presents the corresponding algorithm for the privacy authorization decision which is very important to the implementation of fine-grained privacy authorization.
(3) It explores the privacy modeling and verification problem of Web services composition. It proposes an interface automata model by extending privacy semantics, and utilizes this model to specify the privacy behaviors of the Web services and their compositions. It also presents a transformation method from BPEL process activities to privacy interface automata. On top of that, it transforms a privacy interface automata of a services composition to a state space reachability graph and presents a verification algorithm of the privacy authorization. This algorithm can verify whether there is violation in the reachability graph, and thus verify whether the services composition satisfies the privacy requirements of users. This algorithm provides an important foundation to improve the function correctness and privacy security of services.
(4) It inspects the privacy disclosure and authorization problem in Web services composition and presents an analysis method of the minimal privacy disclosure and optimal privacy authorization. Firstly it put forward a method to compute the privacy disclosure cost. This method assigns the privacy disclosure cost to a state space reachability graph which satisfies the privacy policy constraints so as to from the minimal privacy cost reachability graph. Then it proposes an algorithm to obtain the reachability path of the minimal privacy cost. It can be utilized to compute the privacy cost of the reachability path, and thus analyze the minimal privacy disclosure of the services composition. At last it offers an algorithm of setting the optimal privacy policy, with which the optimal privacy authorization of the services composition can be analyzed based on the minimal privacy cost reachability graph. The analysis on the problems like the minimal privacy disclosure and optimal privacy authorization is of great significance in decreasing the privacy disclosure hazard of services composition.
(5) Based on the above methods and theories, this thesis designs and implements a privacy analysis and verification tool for Web services composition. With this tool, the privacy analysis and verification to the services composition can be conducted. On top of that, this paper presents a case study of on-line shopping transactions to prove the correctness and efficiency of the methods and theories contributed by this thesis.
引文
[1] M. P. Papazoglou, P. Traverso, S. Dustdar, et al. Service-Oriented Computing Research Roadmap. Technical report paper on Service oriented computing European Union Information Society Technologies(IST), 2006.
[2] W3C, Web Services Description Language (WSDL) version 2.0, http://www.w3.org/TR/wsdl, 2003.
[3] W3C, Universal Description, Discovery, and Integration (UDDI), http://uddi.org/pubs/uddi_v3.htm, 2004.
[4] W3C, Simple Object Access Protocol (SOAP) Specification 1.2, http://www.w3.org/TR/soap/.
[5] A. Tsalgatidou, T. Pilioura. An overview of standards and related technology in Web services. Distributed Parallel Databases, 2002, 12(2):135–162.
[6] M. P. Singh. Physics of service composition. IEEE Internet Computing, 2001, 5(3).
[7] H. Zhu. Challenges to reusable services. In Proceeding of the IEEE International Conference on Services Computing (SCC 2005), Orlando, Florida, USA, 2005:243-244.
[8] J. Zhang, C. K. Chang, L. J. Zhang and P. C. K. Hung. Toward a service-oriented development through a case study. IEEE Transaction on Systems, Man, Cybernetics, Part A, 2007, 37(6):955-969.
[9] Q. Yu, X. M. Liu, A. Bouguettays et al.. Deploying and managing Web services: issues, solutions, and directions. The VlDB Journal 2008, 17(3):537-572.
[10] J. Kolter, T. Kernchen, G. Pernul. Collaborative privacy management, Computers & Security, 2001, 29(5): 580-591.
[11] B. Berendt, O. Gunther, and S. Spiekermann. Privacy in E-commerce: Stated Preferences vs. Actual Behavior. Communications of the ACM, 2005, 48(4):101–106.
[12] M. S. Ackerman, L. Cranor, and J. Reagle. Privacy in E-commerce: Examining User Scenarios and Privacy Preferences. In Proceedings of the 1th ACM Conference on Electronic Commerce (EC’99), 1999: 1–8.
[13] A. Rezgui, M. Ouzzani, A. Bouguettaya, B. Medjahed. Preserving privacy in Web services. In Proceedings of the 4th ACM Workshop on Information and Data Management (WIDM’02), 2002.
[14] F. Massaci, J. Mylopouos, N. Zannone. Hierarchical Hippocratic databases with minimaldisclosure for virtual organizations. The VLDB Journal, 2006, 15(4): 370-387.
[15] K. L. Hui, B. C. Y. Tan, C. Y. Goh. Online information disclosure: Motivators and measurements. ACM Transaction on Internet Technology, 2006 6(4): 415-441.
[16] G. Bansal, F. M. Zahedi, D. Gefen. The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decision Support Systems, 2010, 49(2):138-150.
[17] M. P. Singh. Privacy for Telecom Services. IEEE Internet Computing, 2002, 6(1): 4-5.
[18] A. Rezgui, A. Bouguettaya and M. Eltoweissy. Privacy on the Web: facts, challenges, and solutions. IEEE Security & Privacy, 2003, 1(6):40–49.
[19] L. Kagal, M. Paolucci, N. Srinivasan et al. Authorization and Privacy for Semantic Web Services. IEEE Intelligent Systems, 2004, 19(4): 50-56.
[20] G. Yee. A privacy controller approach for privacy protection in web services. In Proceeding of the 2007 ACM work shop on Secure web services (SWS 2007), 2007:44-51.
[21] S. Spiekermann and L. F. Cranor. Engineering privacy. IEEE Transaction on Software Engineering, 2009, 35(1):67-82.
[22] P. Guarda, N. Zannone. Towards the development of privacy-aware systems. Information and Software Technology, 2009, 51(2):337–350.
[23] B. Carminati, E. Ferrari, P. C. K. Huang. Exploring Privacy Issues in Web Services Discovery Agencies. IEEE Security and Privacy, 2005, 3(5):14-21.
[24] W. Xu, V. N. Venkatakrishnan, R. Sekar and I. V. Ramakrishnan. A Framework for building privacy-conscious composite Web services. In Proceeding of the International conference on Web services (ICWS 2006), 2006:655-662.
[25] L. Liu, Z. Huang, H. Zhu. Role-based consistency verification for privacy-aware Web services. In proceeding of the 7th Int. Symposium on Collaborative Technologies and Systems (CTS 2009), Irvine, CA, USA, 2009:399-407.
[26] A. Barth, C. Mitchell, A. Datta et al. Privacy and utility in business processes. In Proceedings of the 20th IEEE Computer Security Foundations Symp(CSF 2007), 2007:279-294.
[27] M. Hassina, B. Salima. A dynamic privacy model for web services. Computer Standards & Interfaces, 2010:32(15-26).
[28] W3C, The Platform for Privacy Preferences (P3P) 1.1 Specification. W3C Working Group Note, http://www.w3.org/P3P, 2002.
[29] I. K. Reay, P. Beatty, S. Dick, and J. Miller. A Survey and Analysis of the P3P Protocol’s Agents, Adoption, Maintenance, and Future. IEEE Transactions on Dependable SecureComputing, 2007, 4(2):151–164.
[30] R. Agrawal, J. Kiernan, R. Srikant, Y. Xu. An XPath-based preference language for P3P, In Proceedings of World Wide Web, ACM Press, 2003:629–639.
[31] W3C, A P3P Preference Exchange Language 1.0 (APPEL 1.0), April 2002.
[32] OASIS, Extensible access control markup language version 2.0 (XACML), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf, 2005.
[33] OASIS, Privacy policy profile of XACML v2.0, OASIS Standard, http://docs.oasis-open.org/xacml/2.0/access_control-xa cml-2.0-privacy_profile-spec-os.pdf/, 2005.
[34] G. Yee and L. Korba. Privacy policy compliance for Web services. In Proceedings of 2004 IEEE International Conference on Web Services (ICWS 2004), 2004:158-165.
[35] G. Yee. An Automatic Privacy Policy Agreement Checker for E-services. In Proceedings of the Forth International Conference on Availability, Reliability and Security(ARES’2009), 2009: 307-315.
[36] Y. H. Li, S. Benbernou. Representing and Reasoning About Privacy Abstractions. In Proceeding of 6th International Conference on Web Information Systems Engineering (WISE’2005), 2005: 390-403.
[37]魏志强,康密军,贾东宁等.普适计算隐私保护策略研究.计算机学报, 2010, 33(1):128-138.
[38] F. Huang, Z. Q. Huang, L. Y. Liu. A DL-based Method for Access Control Policy Conflict Detecting. In Proceeding of the Asia-Pacific Symposium on Internetware (Internetware 09), 2009: 45-52.
[39] G. Yee, L. Korba. Bilateral e-services negotiation under uncertainty, In International Symposium on Applications and the Internet (SAINT 2003), 2003:352–355.
[40] K. El-Khatib. A privacy negotiation protocol for web services. Workshop on Collaboration Agents: Autonomous Agents for Collaborative Environments Halifax, 2003:85–92.
[41] A. Ankolekar, M. Burstein et al.. DAML-S: Web Service Description for the Semantic Web. In Proceeding of 1th International Semantic Web Conference (ISWC), Sardinia, Italy, 2001.
[42] K. E. Seamons, M. Winslett, T. Yu. Limiting the disclosure access control policies during automated trust negotiation. In Proceeding of Network and Distributed System Security Symposium, 2001.
[43] J. W. Byun, E. Bertino, N. Li. Purpose based access control of complex data for privacy protection. In Proceedings of 10th ACM Symposium on Access Control Models andTechnologies (SACMAT 2005), ACM Press, 2006:102–110.
[44] S. Kenny, L. Korba. Adapting Digital Rights Management to Privacy Rights Management, Computer & Security, 2002, 21(7):648-664.
[45] S. Claub, D. Kesdogan, and T. Kolsch. Privacy Enhancing Identity Management: Protection Against Re-identification and Profiling. In Proceedings of the 2005 Workshop on Digital Identity Management (DIM’05), 2005: 84–93.
[46] T. M. Eap, M. Hatala, D. Gasevic. Enabling User Control with Personal Identity Management. In Proceedings of the IEEE International Conference on Services Computing (SCC 2007), 2007: 60–67.
[47] E. Gabber, P. B. Gibbons, D. M. Kristol, Y. Matias, and A. Mayer. Consistent, yet anonymous web access with lpwa. Communications of the ACM, 1998, 42(2).
[48] M. K. Reiter and A. D. Rubin. Anonymous web transactions with crowds. Communications of the ACM, 1999, 42(2).
[49]喻坚,韩燕波.面向服务的计算-原理与应用.北京:清华大学出版社,2006.
[50]邓水光. Web服务自动组合与形式化验证的研究, [博士学位论文].浙江大学, 2007.
[51] C. Peltz. Web Services Orchestration and Choreography. IEEE Computer, 2003, 36(10):46-52.
[52] OASIS, Web Services Business Process Execution Language (WS-BPEL) Version2.0, http://docs.oasis-open.org/wsbpel/2.0/ CS01/wsbpel-v2.0-CS01.html, 2007
[53] W3C, Web Services Choreography Description Language(WS-CDL), Version 1.0, http://www.w3.org/TR/2004/WD-ws-cdl-10-20040427/, April 2004.
[54] IBM, Web Services Flow Language (WSFL), http://xml. coverpages.org/ws.html, 2003.
[55] Microsoft, Web Services for Business Process Design (XLANG). http://xml.coverpages.org/xlang.html, 2003.
[56] E. Sirin, B. Parsia, J. Hendler. Filtering and selecting semantic web services with interactive composition techniques. IEEE Intelligent System, 2004, 19(4):42-49.
[57] X. T. Li, Y. S Fan, Q. Z. Sheng et al.. A Petri Net Approach to Analyzing Behavioral Compatibility and Similarity of Web Services. IEEE Transaction on Systems, Man and Cybernetics, Part A: System and Humans, to appear in 2011.
[58] R. Milner. A Calculus of Communicating System. Lecture Notes in Computer Science, 1980, 92:5-95.
[59] C. A. R. Hoare. Communicating Sequential Processes. Communications of the ACM, 1978, 21(8):666-677.
[60] R. Milner, J. Parrow, D. Walker. A Calculus of Mobile Processes. Information and Computation,1992, 100:1-77.
[61] N. Busi, R. Gorrieri, C. Guidi, R. Lucchi and G. Zavattaro. Choreography and Orchestration Conformance for System Design. In Proceeding of the 8th International Conference on Coordination Models and Languages (COORDINATION 2006), LNCS 4038, Springer-Verlag, 2006:63-81.
[62] A. Brogi, C. Canal, E. Pimentel et al.. Formalizing Web service choreographies, Electronic Notes in Theoretical Computer Science, 2004, 105:73–94.
[63] W3C, Web Service Choreography Interface (WSCI). http://www.w3.org/TR/wsci/, 2003.
[64] F. X. Xiao, Z. Q. Huang, L. Y. Liu et al. Modelling cost-aware Web services composition using PTCCS. In Proceeding of the International conference on Web services (ICWS 2009), 2009.
[65]肖芳雄,黄志球等.基于价格进程代数的Web服务组合描述和成本分析.计算机研究与发展, 2009, (5):832-840.
[66] R. Kazhamiakin, M. Pistore. Choreography conformance analysis: asynchronous communications and information alignment. In Proceeding of the 3th International workshop Web Services and Formal Methods (WS-FM 2006), LNCS 4184, springer-Verlag, 2006:227-241.
[67]侯丽珊,金芝,吴步丹.需求驱动的Web服务建模及其验证:一个基于本体的方法.中国科学E辑, 2006, 36(10):1189?1219.
[68]廖军,谭浩,刘锦德.基于Pi-演算的Web服务组合的描述和验证.计算机学报, 2005,28(4):635-643.
[69] N. Desai, A. U. Mallya, A. K. Chopra. Interaction Protocols as Design Abstractions for Business Processes. IEEE Transaction on Software Engineering, 2005, 31(12): 1015-1027.
[70]邓水光,李莹,吴健等. Web服务行为兼容性的判定与计算.软件学报, 2007, 18(12):3001-3014.
[71]刘方方,史玉良,张亮等.基于进程代数的Web服务合成的替换分析.计算机学报, 2007, 30(11): 2033-2039.
[72] J. L. Peterson. Petri Net Theory and the Modeling of Systems. Prentice Hall PTR Upper Saddle River, 1981:1-288.
[73]郭玉彬,杜玉越,奚建清. Web服务组合的有色网模型及运算性质.计算机学报, 2006, 29(7):1067-1075.
[74]钱珠中,陆桑璐,谢立.基于Petri网的Web服务自动组合研究.计算机学报, 2006, 29(7):1057-1066.
[75]汤宪飞,蒋昌俊,丁志军等.基于Petri网的语义Web服务自动组合方法.软件学报, 2007,18(12):2991-3000.
[76]杨璐,柳溪,王林章,陈鑫,李宣东.面向基于场景规约的Web服务消息流分析与验证.计算机学报, 2009, 32(9):1759-1772.
[77]周航,黄志球,张广泉,祝义,胡军.基于PTCPN的网构软件建模与分析方法.软件学报, 2010, 21(6): 1254-1267.
[78] M. Conti, M. Kumar, S. K. Das, B. A. Shirazi. Quality of Service Issues in Internet Web Services. IEEE Transaction on Computer, 2003, 51(6), 593–594.
[79] W. Tan, Y. H. Fan, M. C. Zhou. A Petri Net-Based Method for Compatibility Analysis and Composition of Web Services in Business Process Execution Language, IEEE Transaction on Automation Science and Engineering, 2009, 6(1): 94-106.
[80] X. Fu, T. Bultan, J. W. Su. Analysis of interacting BPEL web services. In Proceeding of the international Conference on World Wide Web(WWW 2004), 2004: 621-630.
[81] X, Fu Formal Specification and Verification of Asynchronously Communicating Web Services, [Phd Thesis], USA: University of California, 2004.
[82] X. Fu, T. Bultan, J. W. Su. Synchronizability of Conversations among Web Services. IEEE Transaction on Software Engineering, 2005, 31(12): 1042-1055.
[83]雷丽晖,段振华.一种基于扩展有限自动机验证组合Web服务的方法.软件学报, 2007, 18(12): 2980?2990.
[84] H. Foster, S. Uchitel, J. Magee and J. Kramer. Compatibility verification for Web service choreography. In Proceeding of the International Conference on Web Service (ICWS 2004), 2004: 738?741.
[85] F. Pacim, M. Ouzzani, M. Mecella. Verification of Access Control Requirements in Web Services Choreography. In Proceeding of the IEEE International Conference on Services Computing(SCC 2008), 2008:5-12.
[86] J. Ponge, B. Benatallah, F. Casati, et al.. Analysis and applications of timed service protocols. ACM Transaction on Software Engineering and Methodology, 2010, 19(4).
[87] G. Alonso, F. Casati, H. Kuno, V. Machiraju. Web Services: Concepts, Architecture, and Applications, Berlin Heidelberg New York: Springer, 2003.
[88] M. P. Papazoglou, J. Dubray. A Survey of Web Service technologies. Technical report DIT-04-058, University of Trento, 2004.
[89] S. Dustdar, W. Schreine. A survey on web services composition. International Journal of Web and Grid Services, 2005, 1(1), 1-30.
[90] B. Medjahed, B. Benatallah, A. Bouguettaya, A. H. H. Ngu, A. K. Elmagarmid.Business-to-business interactions: issues and enabling technologies. The VLDB Journal, 2003, 12(1):59–85.
[91] M. P. Papazoglou, W. J. Heuvel. Web services management: a survey. IEEE Internet Computing. 2005, 9(6): 58–64.
[92] S. A. Mcllraith, T. Son, H. Zeng. Semantic Web services, IEEE Intelligent System, 2001, 16(2):46-53.
[93] J. B. Young. Introduction: A Look at Privacy. In J. B. Young, editor, Privacy. John Wiley & Sons, Chichester, New York, 1978.
[94] S. D. Warren, L. D. Brandeis. The Right to Privacy. Harvard Law Review, 1890, 4(5):193-220.
[95] A. F. Westin. The Right to privacy. Atheneum, 1967.
[96] I. Goldberg, D. Wagner, E. Brewer. Privacy-Enhancing Technologies for the Internet, Proceedings, In Proceedings of the 42nd IEEE International Computer Conference(COMPCON’97), 1997:103-109.
[97] C. Jensen, C. Potts, C. Jensen. Privacy Practices of Internet Users: Self-reports versus Observed Behavior. International Journal of Human-Computer Studies, 2005, 63(1-2):203–227.
[98] B. Malin. K-Unlinkability: A Privacy Protection Model for Distributed Data. Data and Knowledge Engineering, 2008, 64(1):294–311.
[99] H. S. JEROME and D. S. MICHAEL. The protection of information in computer system. In Proceedings of the IEEE 1975, 63(9):1278-1308.
[100] E. Bertino, R. Sandhu. Database security-concepts, approaches, and challenges. IEEE Transaction on Dependable and Security Computing, 2005, 2(1): 2–9
[101] European Parliament, EU-Directive 95/46/EC, Official Journal of the European Communities No L 281 31, October 1995.
[102] B. A. Huberman, E. Adar, and L. R. Fine. Valuating Privacy. IEEE Security andPrivacy, 3(5):22–25, 2005.
[103] A. Kobsa. Privacy-Enhanced Personalization. Communications of the ACM, 50(8):24–33, 2007.
[104] Organisation for Economic Co-operation and Development (OECD), OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, September 1980.
[105] Health Insurance Portability and Accountability Act (HIPAA), 1996.
[106] L. Y. Liu, Z. Q. Huang, H. B. Zhu, D. Q. Xie. A Role-Based Model for Web Services Privacy Delegation. In Proceeding of the International Conference on Computational Intelligence andSoftware Engineering (CiSE 2009), 2009:1-4.
[107] A. Barth, J.C. Mitchell, J. Rosenstein. Conflict and combination in privacy policy languages. In Proceedings of ACM Workshop on Privacy in the Electronic Society (WPES 04), ACM Press, 2004:45–46.
[108] R. Agrawal, J. Kiernan, R. Srikant. Hippocratic databases. In Proceeding of the 28th International Conference on Very Large Data Based (VLDB 2002), Hong Kong, China, 2002:143–154.
[109] D. F. Ferraiolo, R. S. Sandhu, S. I. Gavrila, D. R. Kuhn, R. Chandramouli. Proposed NIST standard: Role-based access control. ACM Transaction on Information System Security, 2001, 4(2): 224–274.
[110]刘逸敏,王智慧,周皓峰,汪卫.基于Purpose的隐私数据访问控制模型.计算机科学与探索,2010,4(3):222-230.
[111] E. Bertino, A. C. Squicciarini, L. Martino, F. Pacim. An adaptive access control model for web service. International Journal of Web Service Research, 2006, 3(3): 27–60.
[112] P. Federica, E. Bertino, C. Jason. An Access-Control Framework for WS-BPEL. International Journal of Web Service Research, 2008, 5(3): 20-43.
[113] A. A. E. Kalam, Y. Deswarte, A. Baina, M. Kaaniche. Access Control for Collaborative Systems: A Web Services Based Approach. In proceeding of the International conference on Web service(ICWS 2007), 2007:1064-1071.
[114] A. A. E. Kalam, S. Benferhat, A. Miege et al.. Organization-Based Access Control. In Proceeding of the IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), 2003: 120-121.
[115] N. A. Ghani, Z. M. Sidek. Personal Information Privacy Protection in E-Commerce, WSEAS Transaction on Information Science and Applications, 2009, 3(6):407-416.
[116] L. Y. Liu, Z. Q. Huang, H. B. Zhu. Verification of Privacy Requirements in Web Services Composition. In Proceeding of the International Symposium on Data, Privacy and E-commerce, 2010:245-252.
[117]张鹏程.Web服务组合建模和验证技术研究.[博士学位论文],东南大学,2009.
[118] Y. H. Li, H. Y. Paik, B. Benatallah. Formal consistency verification between BPEL process and privacy policy. In proceeding of the 2006 International Conference on Privacy, Security and Trust. Markham, Ontario, Canada, 2006.
[119] R. Hamadi, H. Y. Paik B. Benatallah et al. Conceptual modeling of privacy-aware Web service protocols. In proceeding of the 19th International conference on Advanced Information SystemEngineering (CAiSE 2007), 2007:233-248.
[120] N. Guermouche, S. Benbernou, E. Coquery et al. Privacy-aware Web service protocol replaceability. In ProceediSng of the International conference on Web services (ICWS 2007), 2007:1048-1055.
[121] K. Mokhtari, S. Benbernou, M. Hacid, E. Coquery and F. Leymann. Verification of Privacy Timed Properties in Web Service Protocols. In Proceeding of the IEEE Inernational Confenrence on Services Computing(SCC 2008), 2008:593-594.
[122] K. Mokhtari, S. Benbernou, M. Hacid. Privacy Time-Related Analysis in Business Protocols. In proceeding of the International conference on Web service, 2009: 141-148.
[123] M. Massimo, O. Mourad, P. Federica and B. Elisa. Access Control enforcement for Conversation-based Web Services. In Proceeding of 15th International World Wide Web Conf. (WWW’2006), Edinburgh, Scotland, UK, May 2006:257-226.
[124] L. de Alfaro and T. A. Henzinger. Interface automata. In Proceeding of the Joint 8th European Software Engineering Conference and 9th ACM SIGSOFT International symposium on the Foundations of Software Engineering (ESEC/FSE 2001), Vienna, Austria, 2001:109?120.
[125] L. de Alfaro, T. A. Henzinger. Interface theories for component-based design. In Proceeding of the First International workshop on Embedded Software (EMSOFT 2001), 2001:148?165.
[126] L. de Alfaro, T. A. Henzinger. Timed Interfaces. In Proceedings of the 2th International Conference on Embedded Software, Springer, 2002:108-122.
[127] A. Chakrabarti, L. de Alfaro, T. A. Henzinger. Resource Interfaces. In Proceedings of the 3th International Conference on Embedded Software, Springer, 2003:117-133.
[128]胡军,于笑丰,章岩等.基于场景构件式实时软件设计的一致性检验.软件学报, 2006, 20(2):48-58.
[129]胡军,于笑丰,张岩等.检验基于场景规约的构件式设计.计算机学报, 2006, 29(4):513-525.
[130] L. Y. Liu, H. B. Zhu, Z. Q Huang, D. Q. Xie. Minimal privacy authorization in web services collaboration. Computer Standards and Interfaces, 2011, 33(3): 332-343.
[131] L. Y. Liu, H. B. Zhu, Z. Q Huang. Analysis of the minimal privacy disclosure for web services collaborations with role mechanisms. Expert System with Application, 2011, 38(4): 4540-4549.
[132] J. Kolter, N. Michael, G. Pernul. Visualizing Past Personal Data Disclosures. International Conference on Availability, Reliability and Security (ARES’2010), 2010: 131-139.
[133] G. Yee: Visual Analysis of Privacy Risks in Web Services. In Proceeding of the International conference on Web service(ICWS 2009), 2009:671-678.
[134] L. de Alfaro, B. T. Adler, M. Faella, et al.. Ticc: http://dvlab.cse.ucsc.edu/Ticc
[135] B. T. Alder, L. Alfaro, L. D. Silva et al.. Ticc: A Tool for Interface Compatibility and Composition. In Proceedings of the 18th Computer Aided Verification(CAV’2006), 2006: 59-62.
[136] L. Cranor, P. Guduru, and M. Arjula. User Interfaces for Privacy Agents. ACM Transactions on Computer-Human Interaction (TOCHI), 2006, 13(2):135–178.
[137] B. Paola. TRUSTe: An Online Privacy Seal Program. Communications of the ACM, 1999, 42(2):56–59.
[138] PRIME. R. Leenes, J. Schallabock, and M. Hansen. PRIME White Paper version 3, https://www.prime-project.eu/prime products/whitepaper/, 2008.
[139] J. Kolter, T. Kernchen, G. Pernul. Collaborative Privacy–A Community based Privacy Infrastructure. In Proceedings of the 24th IFIP TC-11 International Information Security Conference (SEC 2009), 2009:226–236.
[140] J. Kolter and G. Pernul. Generating User-understandable Privacy Preferences. In Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES 2009), Fukuoka, Japan, 2009.
[2] W3C, Web Services Description Language (WSDL) version 2.0, http://www.w3.org/TR/wsdl, 2003.
[3] W3C, Universal Description, Discovery, and Integration (UDDI), http://uddi.org/pubs/uddi_v3.htm, 2004.
[4] W3C, Simple Object Access Protocol (SOAP) Specification 1.2, http://www.w3.org/TR/soap/.
[5] A. Tsalgatidou, T. Pilioura. An overview of standards and related technology in Web services. Distributed Parallel Databases, 2002, 12(2):135–162.
[6] M. P. Singh. Physics of service composition. IEEE Internet Computing, 2001, 5(3).
[7] H. Zhu. Challenges to reusable services. In Proceeding of the IEEE International Conference on Services Computing (SCC 2005), Orlando, Florida, USA, 2005:243-244.
[8] J. Zhang, C. K. Chang, L. J. Zhang and P. C. K. Hung. Toward a service-oriented development through a case study. IEEE Transaction on Systems, Man, Cybernetics, Part A, 2007, 37(6):955-969.
[9] Q. Yu, X. M. Liu, A. Bouguettays et al.. Deploying and managing Web services: issues, solutions, and directions. The VlDB Journal 2008, 17(3):537-572.
[10] J. Kolter, T. Kernchen, G. Pernul. Collaborative privacy management, Computers & Security, 2001, 29(5): 580-591.
[11] B. Berendt, O. Gunther, and S. Spiekermann. Privacy in E-commerce: Stated Preferences vs. Actual Behavior. Communications of the ACM, 2005, 48(4):101–106.
[12] M. S. Ackerman, L. Cranor, and J. Reagle. Privacy in E-commerce: Examining User Scenarios and Privacy Preferences. In Proceedings of the 1th ACM Conference on Electronic Commerce (EC’99), 1999: 1–8.
[13] A. Rezgui, M. Ouzzani, A. Bouguettaya, B. Medjahed. Preserving privacy in Web services. In Proceedings of the 4th ACM Workshop on Information and Data Management (WIDM’02), 2002.
[14] F. Massaci, J. Mylopouos, N. Zannone. Hierarchical Hippocratic databases with minimaldisclosure for virtual organizations. The VLDB Journal, 2006, 15(4): 370-387.
[15] K. L. Hui, B. C. Y. Tan, C. Y. Goh. Online information disclosure: Motivators and measurements. ACM Transaction on Internet Technology, 2006 6(4): 415-441.
[16] G. Bansal, F. M. Zahedi, D. Gefen. The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decision Support Systems, 2010, 49(2):138-150.
[17] M. P. Singh. Privacy for Telecom Services. IEEE Internet Computing, 2002, 6(1): 4-5.
[18] A. Rezgui, A. Bouguettaya and M. Eltoweissy. Privacy on the Web: facts, challenges, and solutions. IEEE Security & Privacy, 2003, 1(6):40–49.
[19] L. Kagal, M. Paolucci, N. Srinivasan et al. Authorization and Privacy for Semantic Web Services. IEEE Intelligent Systems, 2004, 19(4): 50-56.
[20] G. Yee. A privacy controller approach for privacy protection in web services. In Proceeding of the 2007 ACM work shop on Secure web services (SWS 2007), 2007:44-51.
[21] S. Spiekermann and L. F. Cranor. Engineering privacy. IEEE Transaction on Software Engineering, 2009, 35(1):67-82.
[22] P. Guarda, N. Zannone. Towards the development of privacy-aware systems. Information and Software Technology, 2009, 51(2):337–350.
[23] B. Carminati, E. Ferrari, P. C. K. Huang. Exploring Privacy Issues in Web Services Discovery Agencies. IEEE Security and Privacy, 2005, 3(5):14-21.
[24] W. Xu, V. N. Venkatakrishnan, R. Sekar and I. V. Ramakrishnan. A Framework for building privacy-conscious composite Web services. In Proceeding of the International conference on Web services (ICWS 2006), 2006:655-662.
[25] L. Liu, Z. Huang, H. Zhu. Role-based consistency verification for privacy-aware Web services. In proceeding of the 7th Int. Symposium on Collaborative Technologies and Systems (CTS 2009), Irvine, CA, USA, 2009:399-407.
[26] A. Barth, C. Mitchell, A. Datta et al. Privacy and utility in business processes. In Proceedings of the 20th IEEE Computer Security Foundations Symp(CSF 2007), 2007:279-294.
[27] M. Hassina, B. Salima. A dynamic privacy model for web services. Computer Standards & Interfaces, 2010:32(15-26).
[28] W3C, The Platform for Privacy Preferences (P3P) 1.1 Specification. W3C Working Group Note, http://www.w3.org/P3P, 2002.
[29] I. K. Reay, P. Beatty, S. Dick, and J. Miller. A Survey and Analysis of the P3P Protocol’s Agents, Adoption, Maintenance, and Future. IEEE Transactions on Dependable SecureComputing, 2007, 4(2):151–164.
[30] R. Agrawal, J. Kiernan, R. Srikant, Y. Xu. An XPath-based preference language for P3P, In Proceedings of World Wide Web, ACM Press, 2003:629–639.
[31] W3C, A P3P Preference Exchange Language 1.0 (APPEL 1.0), April 2002.
[32] OASIS, Extensible access control markup language version 2.0 (XACML), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf, 2005.
[33] OASIS, Privacy policy profile of XACML v2.0, OASIS Standard, http://docs.oasis-open.org/xacml/2.0/access_control-xa cml-2.0-privacy_profile-spec-os.pdf/, 2005.
[34] G. Yee and L. Korba. Privacy policy compliance for Web services. In Proceedings of 2004 IEEE International Conference on Web Services (ICWS 2004), 2004:158-165.
[35] G. Yee. An Automatic Privacy Policy Agreement Checker for E-services. In Proceedings of the Forth International Conference on Availability, Reliability and Security(ARES’2009), 2009: 307-315.
[36] Y. H. Li, S. Benbernou. Representing and Reasoning About Privacy Abstractions. In Proceeding of 6th International Conference on Web Information Systems Engineering (WISE’2005), 2005: 390-403.
[37]魏志强,康密军,贾东宁等.普适计算隐私保护策略研究.计算机学报, 2010, 33(1):128-138.
[38] F. Huang, Z. Q. Huang, L. Y. Liu. A DL-based Method for Access Control Policy Conflict Detecting. In Proceeding of the Asia-Pacific Symposium on Internetware (Internetware 09), 2009: 45-52.
[39] G. Yee, L. Korba. Bilateral e-services negotiation under uncertainty, In International Symposium on Applications and the Internet (SAINT 2003), 2003:352–355.
[40] K. El-Khatib. A privacy negotiation protocol for web services. Workshop on Collaboration Agents: Autonomous Agents for Collaborative Environments Halifax, 2003:85–92.
[41] A. Ankolekar, M. Burstein et al.. DAML-S: Web Service Description for the Semantic Web. In Proceeding of 1th International Semantic Web Conference (ISWC), Sardinia, Italy, 2001.
[42] K. E. Seamons, M. Winslett, T. Yu. Limiting the disclosure access control policies during automated trust negotiation. In Proceeding of Network and Distributed System Security Symposium, 2001.
[43] J. W. Byun, E. Bertino, N. Li. Purpose based access control of complex data for privacy protection. In Proceedings of 10th ACM Symposium on Access Control Models andTechnologies (SACMAT 2005), ACM Press, 2006:102–110.
[44] S. Kenny, L. Korba. Adapting Digital Rights Management to Privacy Rights Management, Computer & Security, 2002, 21(7):648-664.
[45] S. Claub, D. Kesdogan, and T. Kolsch. Privacy Enhancing Identity Management: Protection Against Re-identification and Profiling. In Proceedings of the 2005 Workshop on Digital Identity Management (DIM’05), 2005: 84–93.
[46] T. M. Eap, M. Hatala, D. Gasevic. Enabling User Control with Personal Identity Management. In Proceedings of the IEEE International Conference on Services Computing (SCC 2007), 2007: 60–67.
[47] E. Gabber, P. B. Gibbons, D. M. Kristol, Y. Matias, and A. Mayer. Consistent, yet anonymous web access with lpwa. Communications of the ACM, 1998, 42(2).
[48] M. K. Reiter and A. D. Rubin. Anonymous web transactions with crowds. Communications of the ACM, 1999, 42(2).
[49]喻坚,韩燕波.面向服务的计算-原理与应用.北京:清华大学出版社,2006.
[50]邓水光. Web服务自动组合与形式化验证的研究, [博士学位论文].浙江大学, 2007.
[51] C. Peltz. Web Services Orchestration and Choreography. IEEE Computer, 2003, 36(10):46-52.
[52] OASIS, Web Services Business Process Execution Language (WS-BPEL) Version2.0, http://docs.oasis-open.org/wsbpel/2.0/ CS01/wsbpel-v2.0-CS01.html, 2007
[53] W3C, Web Services Choreography Description Language(WS-CDL), Version 1.0, http://www.w3.org/TR/2004/WD-ws-cdl-10-20040427/, April 2004.
[54] IBM, Web Services Flow Language (WSFL), http://xml. coverpages.org/ws.html, 2003.
[55] Microsoft, Web Services for Business Process Design (XLANG). http://xml.coverpages.org/xlang.html, 2003.
[56] E. Sirin, B. Parsia, J. Hendler. Filtering and selecting semantic web services with interactive composition techniques. IEEE Intelligent System, 2004, 19(4):42-49.
[57] X. T. Li, Y. S Fan, Q. Z. Sheng et al.. A Petri Net Approach to Analyzing Behavioral Compatibility and Similarity of Web Services. IEEE Transaction on Systems, Man and Cybernetics, Part A: System and Humans, to appear in 2011.
[58] R. Milner. A Calculus of Communicating System. Lecture Notes in Computer Science, 1980, 92:5-95.
[59] C. A. R. Hoare. Communicating Sequential Processes. Communications of the ACM, 1978, 21(8):666-677.
[60] R. Milner, J. Parrow, D. Walker. A Calculus of Mobile Processes. Information and Computation,1992, 100:1-77.
[61] N. Busi, R. Gorrieri, C. Guidi, R. Lucchi and G. Zavattaro. Choreography and Orchestration Conformance for System Design. In Proceeding of the 8th International Conference on Coordination Models and Languages (COORDINATION 2006), LNCS 4038, Springer-Verlag, 2006:63-81.
[62] A. Brogi, C. Canal, E. Pimentel et al.. Formalizing Web service choreographies, Electronic Notes in Theoretical Computer Science, 2004, 105:73–94.
[63] W3C, Web Service Choreography Interface (WSCI). http://www.w3.org/TR/wsci/, 2003.
[64] F. X. Xiao, Z. Q. Huang, L. Y. Liu et al. Modelling cost-aware Web services composition using PTCCS. In Proceeding of the International conference on Web services (ICWS 2009), 2009.
[65]肖芳雄,黄志球等.基于价格进程代数的Web服务组合描述和成本分析.计算机研究与发展, 2009, (5):832-840.
[66] R. Kazhamiakin, M. Pistore. Choreography conformance analysis: asynchronous communications and information alignment. In Proceeding of the 3th International workshop Web Services and Formal Methods (WS-FM 2006), LNCS 4184, springer-Verlag, 2006:227-241.
[67]侯丽珊,金芝,吴步丹.需求驱动的Web服务建模及其验证:一个基于本体的方法.中国科学E辑, 2006, 36(10):1189?1219.
[68]廖军,谭浩,刘锦德.基于Pi-演算的Web服务组合的描述和验证.计算机学报, 2005,28(4):635-643.
[69] N. Desai, A. U. Mallya, A. K. Chopra. Interaction Protocols as Design Abstractions for Business Processes. IEEE Transaction on Software Engineering, 2005, 31(12): 1015-1027.
[70]邓水光,李莹,吴健等. Web服务行为兼容性的判定与计算.软件学报, 2007, 18(12):3001-3014.
[71]刘方方,史玉良,张亮等.基于进程代数的Web服务合成的替换分析.计算机学报, 2007, 30(11): 2033-2039.
[72] J. L. Peterson. Petri Net Theory and the Modeling of Systems. Prentice Hall PTR Upper Saddle River, 1981:1-288.
[73]郭玉彬,杜玉越,奚建清. Web服务组合的有色网模型及运算性质.计算机学报, 2006, 29(7):1067-1075.
[74]钱珠中,陆桑璐,谢立.基于Petri网的Web服务自动组合研究.计算机学报, 2006, 29(7):1057-1066.
[75]汤宪飞,蒋昌俊,丁志军等.基于Petri网的语义Web服务自动组合方法.软件学报, 2007,18(12):2991-3000.
[76]杨璐,柳溪,王林章,陈鑫,李宣东.面向基于场景规约的Web服务消息流分析与验证.计算机学报, 2009, 32(9):1759-1772.
[77]周航,黄志球,张广泉,祝义,胡军.基于PTCPN的网构软件建模与分析方法.软件学报, 2010, 21(6): 1254-1267.
[78] M. Conti, M. Kumar, S. K. Das, B. A. Shirazi. Quality of Service Issues in Internet Web Services. IEEE Transaction on Computer, 2003, 51(6), 593–594.
[79] W. Tan, Y. H. Fan, M. C. Zhou. A Petri Net-Based Method for Compatibility Analysis and Composition of Web Services in Business Process Execution Language, IEEE Transaction on Automation Science and Engineering, 2009, 6(1): 94-106.
[80] X. Fu, T. Bultan, J. W. Su. Analysis of interacting BPEL web services. In Proceeding of the international Conference on World Wide Web(WWW 2004), 2004: 621-630.
[81] X, Fu Formal Specification and Verification of Asynchronously Communicating Web Services, [Phd Thesis], USA: University of California, 2004.
[82] X. Fu, T. Bultan, J. W. Su. Synchronizability of Conversations among Web Services. IEEE Transaction on Software Engineering, 2005, 31(12): 1042-1055.
[83]雷丽晖,段振华.一种基于扩展有限自动机验证组合Web服务的方法.软件学报, 2007, 18(12): 2980?2990.
[84] H. Foster, S. Uchitel, J. Magee and J. Kramer. Compatibility verification for Web service choreography. In Proceeding of the International Conference on Web Service (ICWS 2004), 2004: 738?741.
[85] F. Pacim, M. Ouzzani, M. Mecella. Verification of Access Control Requirements in Web Services Choreography. In Proceeding of the IEEE International Conference on Services Computing(SCC 2008), 2008:5-12.
[86] J. Ponge, B. Benatallah, F. Casati, et al.. Analysis and applications of timed service protocols. ACM Transaction on Software Engineering and Methodology, 2010, 19(4).
[87] G. Alonso, F. Casati, H. Kuno, V. Machiraju. Web Services: Concepts, Architecture, and Applications, Berlin Heidelberg New York: Springer, 2003.
[88] M. P. Papazoglou, J. Dubray. A Survey of Web Service technologies. Technical report DIT-04-058, University of Trento, 2004.
[89] S. Dustdar, W. Schreine. A survey on web services composition. International Journal of Web and Grid Services, 2005, 1(1), 1-30.
[90] B. Medjahed, B. Benatallah, A. Bouguettaya, A. H. H. Ngu, A. K. Elmagarmid.Business-to-business interactions: issues and enabling technologies. The VLDB Journal, 2003, 12(1):59–85.
[91] M. P. Papazoglou, W. J. Heuvel. Web services management: a survey. IEEE Internet Computing. 2005, 9(6): 58–64.
[92] S. A. Mcllraith, T. Son, H. Zeng. Semantic Web services, IEEE Intelligent System, 2001, 16(2):46-53.
[93] J. B. Young. Introduction: A Look at Privacy. In J. B. Young, editor, Privacy. John Wiley & Sons, Chichester, New York, 1978.
[94] S. D. Warren, L. D. Brandeis. The Right to Privacy. Harvard Law Review, 1890, 4(5):193-220.
[95] A. F. Westin. The Right to privacy. Atheneum, 1967.
[96] I. Goldberg, D. Wagner, E. Brewer. Privacy-Enhancing Technologies for the Internet, Proceedings, In Proceedings of the 42nd IEEE International Computer Conference(COMPCON’97), 1997:103-109.
[97] C. Jensen, C. Potts, C. Jensen. Privacy Practices of Internet Users: Self-reports versus Observed Behavior. International Journal of Human-Computer Studies, 2005, 63(1-2):203–227.
[98] B. Malin. K-Unlinkability: A Privacy Protection Model for Distributed Data. Data and Knowledge Engineering, 2008, 64(1):294–311.
[99] H. S. JEROME and D. S. MICHAEL. The protection of information in computer system. In Proceedings of the IEEE 1975, 63(9):1278-1308.
[100] E. Bertino, R. Sandhu. Database security-concepts, approaches, and challenges. IEEE Transaction on Dependable and Security Computing, 2005, 2(1): 2–9
[101] European Parliament, EU-Directive 95/46/EC, Official Journal of the European Communities No L 281 31, October 1995.
[102] B. A. Huberman, E. Adar, and L. R. Fine. Valuating Privacy. IEEE Security andPrivacy, 3(5):22–25, 2005.
[103] A. Kobsa. Privacy-Enhanced Personalization. Communications of the ACM, 50(8):24–33, 2007.
[104] Organisation for Economic Co-operation and Development (OECD), OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, September 1980.
[105] Health Insurance Portability and Accountability Act (HIPAA), 1996.
[106] L. Y. Liu, Z. Q. Huang, H. B. Zhu, D. Q. Xie. A Role-Based Model for Web Services Privacy Delegation. In Proceeding of the International Conference on Computational Intelligence andSoftware Engineering (CiSE 2009), 2009:1-4.
[107] A. Barth, J.C. Mitchell, J. Rosenstein. Conflict and combination in privacy policy languages. In Proceedings of ACM Workshop on Privacy in the Electronic Society (WPES 04), ACM Press, 2004:45–46.
[108] R. Agrawal, J. Kiernan, R. Srikant. Hippocratic databases. In Proceeding of the 28th International Conference on Very Large Data Based (VLDB 2002), Hong Kong, China, 2002:143–154.
[109] D. F. Ferraiolo, R. S. Sandhu, S. I. Gavrila, D. R. Kuhn, R. Chandramouli. Proposed NIST standard: Role-based access control. ACM Transaction on Information System Security, 2001, 4(2): 224–274.
[110]刘逸敏,王智慧,周皓峰,汪卫.基于Purpose的隐私数据访问控制模型.计算机科学与探索,2010,4(3):222-230.
[111] E. Bertino, A. C. Squicciarini, L. Martino, F. Pacim. An adaptive access control model for web service. International Journal of Web Service Research, 2006, 3(3): 27–60.
[112] P. Federica, E. Bertino, C. Jason. An Access-Control Framework for WS-BPEL. International Journal of Web Service Research, 2008, 5(3): 20-43.
[113] A. A. E. Kalam, Y. Deswarte, A. Baina, M. Kaaniche. Access Control for Collaborative Systems: A Web Services Based Approach. In proceeding of the International conference on Web service(ICWS 2007), 2007:1064-1071.
[114] A. A. E. Kalam, S. Benferhat, A. Miege et al.. Organization-Based Access Control. In Proceeding of the IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), 2003: 120-121.
[115] N. A. Ghani, Z. M. Sidek. Personal Information Privacy Protection in E-Commerce, WSEAS Transaction on Information Science and Applications, 2009, 3(6):407-416.
[116] L. Y. Liu, Z. Q. Huang, H. B. Zhu. Verification of Privacy Requirements in Web Services Composition. In Proceeding of the International Symposium on Data, Privacy and E-commerce, 2010:245-252.
[117]张鹏程.Web服务组合建模和验证技术研究.[博士学位论文],东南大学,2009.
[118] Y. H. Li, H. Y. Paik, B. Benatallah. Formal consistency verification between BPEL process and privacy policy. In proceeding of the 2006 International Conference on Privacy, Security and Trust. Markham, Ontario, Canada, 2006.
[119] R. Hamadi, H. Y. Paik B. Benatallah et al. Conceptual modeling of privacy-aware Web service protocols. In proceeding of the 19th International conference on Advanced Information SystemEngineering (CAiSE 2007), 2007:233-248.
[120] N. Guermouche, S. Benbernou, E. Coquery et al. Privacy-aware Web service protocol replaceability. In ProceediSng of the International conference on Web services (ICWS 2007), 2007:1048-1055.
[121] K. Mokhtari, S. Benbernou, M. Hacid, E. Coquery and F. Leymann. Verification of Privacy Timed Properties in Web Service Protocols. In Proceeding of the IEEE Inernational Confenrence on Services Computing(SCC 2008), 2008:593-594.
[122] K. Mokhtari, S. Benbernou, M. Hacid. Privacy Time-Related Analysis in Business Protocols. In proceeding of the International conference on Web service, 2009: 141-148.
[123] M. Massimo, O. Mourad, P. Federica and B. Elisa. Access Control enforcement for Conversation-based Web Services. In Proceeding of 15th International World Wide Web Conf. (WWW’2006), Edinburgh, Scotland, UK, May 2006:257-226.
[124] L. de Alfaro and T. A. Henzinger. Interface automata. In Proceeding of the Joint 8th European Software Engineering Conference and 9th ACM SIGSOFT International symposium on the Foundations of Software Engineering (ESEC/FSE 2001), Vienna, Austria, 2001:109?120.
[125] L. de Alfaro, T. A. Henzinger. Interface theories for component-based design. In Proceeding of the First International workshop on Embedded Software (EMSOFT 2001), 2001:148?165.
[126] L. de Alfaro, T. A. Henzinger. Timed Interfaces. In Proceedings of the 2th International Conference on Embedded Software, Springer, 2002:108-122.
[127] A. Chakrabarti, L. de Alfaro, T. A. Henzinger. Resource Interfaces. In Proceedings of the 3th International Conference on Embedded Software, Springer, 2003:117-133.
[128]胡军,于笑丰,章岩等.基于场景构件式实时软件设计的一致性检验.软件学报, 2006, 20(2):48-58.
[129]胡军,于笑丰,张岩等.检验基于场景规约的构件式设计.计算机学报, 2006, 29(4):513-525.
[130] L. Y. Liu, H. B. Zhu, Z. Q Huang, D. Q. Xie. Minimal privacy authorization in web services collaboration. Computer Standards and Interfaces, 2011, 33(3): 332-343.
[131] L. Y. Liu, H. B. Zhu, Z. Q Huang. Analysis of the minimal privacy disclosure for web services collaborations with role mechanisms. Expert System with Application, 2011, 38(4): 4540-4549.
[132] J. Kolter, N. Michael, G. Pernul. Visualizing Past Personal Data Disclosures. International Conference on Availability, Reliability and Security (ARES’2010), 2010: 131-139.
[133] G. Yee: Visual Analysis of Privacy Risks in Web Services. In Proceeding of the International conference on Web service(ICWS 2009), 2009:671-678.
[134] L. de Alfaro, B. T. Adler, M. Faella, et al.. Ticc: http://dvlab.cse.ucsc.edu/Ticc
[135] B. T. Alder, L. Alfaro, L. D. Silva et al.. Ticc: A Tool for Interface Compatibility and Composition. In Proceedings of the 18th Computer Aided Verification(CAV’2006), 2006: 59-62.
[136] L. Cranor, P. Guduru, and M. Arjula. User Interfaces for Privacy Agents. ACM Transactions on Computer-Human Interaction (TOCHI), 2006, 13(2):135–178.
[137] B. Paola. TRUSTe: An Online Privacy Seal Program. Communications of the ACM, 1999, 42(2):56–59.
[138] PRIME. R. Leenes, J. Schallabock, and M. Hansen. PRIME White Paper version 3, https://www.prime-project.eu/prime products/whitepaper/, 2008.
[139] J. Kolter, T. Kernchen, G. Pernul. Collaborative Privacy–A Community based Privacy Infrastructure. In Proceedings of the 24th IFIP TC-11 International Information Security Conference (SEC 2009), 2009:226–236.
[140] J. Kolter and G. Pernul. Generating User-understandable Privacy Preferences. In Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES 2009), Fukuoka, Japan, 2009.