“BPELanon” - Protect Business Processes on the Cloud

Marigianna Skouradaki, Vincenzo Ferme, Frank Leymann, Cesare Pautasso, Dieter H. Roller

2015

Abstract

The advent of Cloud computing supports the offering of many Business Process Management applications on a distributed, per-use basis environment through its infrastructure. Due to the fact that privacy is still an open issue in the Cloud, many companies are reluctant to move their Business Processes on a public Cloud. Since the Cloud environment can be beneficiary for the Business Processes, the investigation of privacy issues needs to be further examined. In order to enforce the Business Process sharing on the Cloud we propose a methodology (“BPELanon”) for the anonymization of Business Processes expressed in the Web Service Business Process Execution Language (BPEL). The method transforms a process to preserve its original structure and run-time behavior, while completely anonymizing its business semantics. In this work we set the theoretical framework of the method and define a five management layers architecture to support its realization. We developed a tool that implements the “BPELanon” method, validate its functionality and evaluate its performance against a collection of real-world process models that were conducted in the scope of research projects.

References

  1. Accorsi, R. (2011). Business process as a service: Chances for remote auditing. 35th IEEE COMPSACW, pages 398-403.
  2. Amziani, M., Melliti, T., and Tata, S. (2012). A generic framework for service-based business process elasticity in the cloud. BPM'12, pages 194-199, Berlin, Heidelberg. Springer-Verlag.
  3. Anstett, T., Leymann, F., Mietzner, R., and Strauch, S. (2009). Towards bpel in the cloud: Exploiting different delivery models for the execution of business processes. ICWS'09, pages 670-677. IEEE Computer Society.
  4. Apache Software Foundation (2013). Creating a process. http://ode.apache.org/creating-a-process.html.
  5. Bentounsi, M., Benbernou, S., Deme, C. S., and Atallah, M. J. (2012). Anonyfrag: An anonymization-based approach for privacy-preserving bpaas. Cloud-I 7812, pages 9:1-9:8, New York, NY, USA. ACM.
  6. Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., and Molina, J. (2009). Controlling data in the cloud: Outsourcing computation without outsourcing control. CCSW 7809, pages 85-90, New York, NY, USA. ACM.
  7. Doelitzscher, F., Reich, C., and Sulistio, A. (2010). Designing cloud services adhering to government privacy laws. CIT 7810, pages 930-935.
  8. Federal Ministry of Justice (1990). German Federal Data Protection Law.
  9. Hahn, M., Sáez, S. G., Andrikopoulos, V., Karastoyanova, D., and Leymann, F. (2014). SCEM T : A Multi-tenant Service Composition Engine. SOCA'14, pages 89-96. IEEE Computer Society.
  10. Jansen, W. (2011). Cloud hooks: Security and privacy issues in cloud computing. HICSS 7811, pages 1-10.
  11. Ko, S. Y., Jeon, K., and Morales, R. (2011). The hybrex model for confidentiality and privacy in cloud computing. HotCloud'11, pages 8-8, Berkeley, CA, USA. USENIX Association.
  12. Kunze, M., Luebbe, A., Weidlich, M., and Weske, M. (2011). Towards understanding process modeling - the case of the bpm academic initiative. volume 95 of BPMN 2011, pages 44-58. Springer Berlin Heidelberg.
  13. RightScale (2014). 2014 state of the cloud report from rightscale. http://www.rightscale.com/lp/2014-state-ofthe-cloud-report.
  14. SAPTechnical.COM (2007). Xml anonymizer bean in communication channel to remove namespace prefix in xml payload. http://www.saptechnical.com/ Tutorials/XI/XMLPayload/Index.htm.
  15. Sedayao, J. (2012). Enhancing cloud security using data anonymization. Intel IT, IT@ Intel White Paper. IT Best Practices, Cloud Computing and Information Security.
  16. Skouradaki, M., Roller, D., Pautasso, C., and Leymann, F. (2014). BPELanon: Anonymizing BPEL processes. ZEUS 7814, pages 9-15.
  17. Strauch, S., Breitenb ücher, U., Kopp, O., Leymann, F., and Unger, T. (2012). Cloud Data Patterns for Confidentiality. CLOSER 7812, pages 387-394. SciTePress.
  18. Wang, M., Bandara, K. Y., and Pahl, C. (2010). Process as a service. IEEE SCC 7810, pages 578-585. IEEE Computer Society.
  19. WinEdt (2000). WinEdt Dictionaries. http:// www.winedt.org/Dict/.
  20. XMLanonymizer (2010). XMLanonymizer - utility to anonymize data of an xml file. https://code. google.com/p/xmlanonymizer/.
  21. Zhang, X., Liu, C., Nepal, S., Yang, C., and Chen, J. (2014). Privacy preservation over big data in cloud systems. Security, Privacy and Trust in Cloud Systems, pages 239-257. Springer Berlin Heidelberg.
Download


Paper Citation


in Harvard Style

Skouradaki M., Ferme V., Leymann F., Pautasso C. and Roller D. (2015). “BPELanon” - Protect Business Processes on the Cloud . In Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-104-5, pages 241-250. DOI: 10.5220/0005427502410250


in Bibtex Style

@conference{closer15,
author={Marigianna Skouradaki and Vincenzo Ferme and Frank Leymann and Cesare Pautasso and Dieter H. Roller},
title={“BPELanon” - Protect Business Processes on the Cloud},
booktitle={Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2015},
pages={241-250},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005427502410250},
isbn={978-989-758-104-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - “BPELanon” - Protect Business Processes on the Cloud
SN - 978-989-758-104-5
AU - Skouradaki M.
AU - Ferme V.
AU - Leymann F.
AU - Pautasso C.
AU - Roller D.
PY - 2015
SP - 241
EP - 250
DO - 10.5220/0005427502410250