Privacy preserving service selection using fully homomorphic encryption scheme on untrusted cloud service platform

Knowledge-Based Systems 180 (2019) 104–115

Contents lists available at ScienceDirect

Knowledge-Based Systems journal homepage: www.elsevier.com/locate/knosys

Privacy preserving service selection using fully homomorphic encryption scheme on untrusted cloud service platform✩ ∗

Mohammad Saidur Rahman , Ibrahim Khalil, Abdulatif Alabdulatif, Xun Yi Computer Science and Software Engineering, School of Science, RMIT University, Melbourne, Victoria 3000, Australia

article

info

Article history: Received 13 September 2018 Received in revised form 13 May 2019 Accepted 15 May 2019 Available online 24 May 2019 Keywords: Service privacy Fully homomorphic encryption Service selection Untrusted cloud Cloud services MapReduce

a b s t r a c t In this paper, we present a privacy-preserving service selection framework for cloud-based service systems. In the cloud-based service system, a cloud provider selects the best service from a set of services based on their Quality-of-Service (QoS) information. The QoS information of services is sensitive from the service provider’s point of view. We claim that the service selection process in the cloud can be biased. A service provider can bribe a dishonest employee of the cloud provider for taking unfair advantage during a service selection process. Therefore, it is important to execute the service selection tasks keeping QoS information private. We use a fully homomorphic encryption (FHE) scheme in this paper for encrypting QoS values. Service selection task is performed by the cloud provider on encrypted QoS values to ensure privacy. In order to reduce computation overhead, we propose a MapReduce model for parallel execution. We conduct several experiments to evaluate the performance of our proposed privacy preserving service selection framework using synthetic QoS dataset. © 2019 Elsevier B.V. All rights reserved.

1. Introduction The cloud computing technology is a key service delivery platform in the field of service computing [1]. The technology enables a cloud service ecosystem that allows multiple service providers to participate and provision their services to end users [2]. Individuals and organizations register as service providers and publish their service related data in the cloud. The service-related data is abstracted as a service. A cloud provider acts as an intermediary for selecting services based on the better quality-of-service (QoS) parameters. We argue that the service selection process executed by the cloud can be biased. The cloud-based service ecosystems are designed under the assumption that a cloud provider is fundamentally trusted [2]. However, the cloud cannot be fully trusted from the data privacy point-of-view [3–6]. The QoS values of services are stored in the cloud as plaintexts. Therefore, it is hard to keep a cloud provider, or disgruntled employees of the cloud provider, from introspecting on the QoS values. The QoS values of services can be manipulated during service selection phase to give the advantage to a particular service provider. As a result, ✩ No author associated with this paper has disclosed any potential or pertinent conflicts which may be perceived to have impending conflict with this work. For full disclosure statements refer to https://doi.org/10.1016/j.knosys. 2019.05.022. ∗ Corresponding author. E-mail addresses: [email protected] (M.S. Rahman), [email protected] (I. Khalil), [email protected] (A. Alabdulatif), [email protected] (X. Yi). https://doi.org/10.1016/j.knosys.2019.05.022 0950-7051/© 2019 Elsevier B.V. All rights reserved.

the service from that service provider is selected most of the time during service selection phase. This leads to is clearly a threat to the privacy of service providers. A great amount of work existing work considers issues of QoS-aware services selection. The QoS-aware service selection solutions in [7–15] focus on different aspects of finding the optimal service selection. However, none of the aforementioned research works takes into account the privacy of users and service providers. Only few works have investigated privacy issues in service selection [16,17] and composition [18–21]. Aforementioned research work focuses on user’s privacy. More specifically, existing privacy aware service selection and composition approaches model a relationship between user and service provider privacy preferences. In particular, existing works fails to provide privacy of QoS-aware service selection at the cloud keeping service QoS values private. To the best of our knowledge, no research work exists that perform service selection keeping corresponding QoS values private. 1.1. Problem statement In order to discuss the privacy issue in the cloud-based service system, we consider a generic service scenario. Assume that the cloud has several components: service registry, Quality-of-Service (QoS) database, QoS Monitor, and service mediator. A service registry stores service instances and their functional information. A service needs to be registered in the service registry by its service provider to be considered in the selection process. The QoS

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

105

Fig. 1. Privacy threat in the cloud based QoS-aware service selection.

repository is the database that stores values of Quality-of-Services (QoSs) or nonfunctional properties associated with registered services. QoS values in the QoS repository are used to find the best service during service selection. A service monitor is a component of the cloud that monitors services in service registry, determines QoS values, and updates QoS values in the QoS database. The service mediator takes service request from service users and selects best services based on QoS properties of stored in QoS database. Afterward, the service mediator sends a list of selected services to the service user. There exists a privacy threat in the aforementioned service system. The threat scenario is illustrated in Fig. 1. It is possible that a dishonest employee of the cloud provider takes a bribe from service providers to manipulate QoS values stored in the QoS database. For example, the dishonest employee observes the other QoS values in the QoS database and changes the QoS values of the bribing service provider to get advantage. The privacy of other service providers is breached. As a result, the service selection tasks executed using the QoS values stored in the QoS database will be biased. From that perspective, a privacy-preserving service system is required for ensuring unbiased service selection. 1.2. Our contributions In this paper, we present a novel privacy preserving service selection framework for the cloud-based service system. We assume that the cloud provider is not trusted. Hence, we introduce a trusted third-party or TTP in this paper. A TTP is composed of a service registry and service monitor. There are several service providers that publish their service information in the service registry. The cloud provider abstracts the service information as service. The service monitor observes published services and determines QoS values. The QoS values are encrypted using the service monitor’s secret key and stored in an encrypted QoS database placed in the cloud. We use the Fully homomorphic

encryption (FHE) scheme [22] in this paper for encrypting QoS values. More specifically, we use Brakerski–Gentry–Vaikuntanathan (BGV) [23] FHE scheme for encrypting QoS values. The service selection process is performed by the cloud on encrypted QoS values to ensure service providers’ privacy. We use the service selection approach that is presented in [15]. The service selection tasks on encrypted QoS data introduces computational overhead. Therefore, we design a MapReduce [24] based parallel task distribution model for reducing the computational overhead of our proposed privacy-preserving service selection framework. The contributions of this paper are highlighted as follows: 1. A novel privacy preserving service selection framework using Brakerski–Gentry–Vaikuntanathan (BGV ) FHE scheme is presented. 2. A MapReduce based parallel task distribution model is designed and implemented to deal with the involved computational overheads. 3. A comprehensive evaluation of the proposed framework is presented. Experimental results demonstrate that the proposed privacy-preserving service selection framework works efficiently when compared to the results obtained using plaintext QoS values. 1.3. Organization of the paper The rest of the paper is organized as follows: Section 2 presents preliminary concepts that are used in this paper. The proposed privacy preserving service selection framework is described in Section 3. Experimental results and evaluation are demonstrated in Section 4. Some of the key related work on service selection and privacy preservation in service computing are discussed in Section 5. Some of the alternative distributed programming models to MapReduce are discussed in Section 5 as well. Finally, Section 6 concludes this paper.

106

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

2. Preliminaries We discuss some preliminary concepts that are used in this paper. The discussion includes the overview of fully homomorphic encryption (FHE) scheme and Brakerski−Gentry− Vaikuntanathan (BGV) FHE scheme. The BGV is public-key cryptography based FHE scheme. Additionally, we discuss the MapReduce model based distribution approach. 2.1. Fully homomorphic encryption (FHE) scheme The fully homomorphic encryption (FHE) scheme is a cryptographic approach introduced by Gentry in his work [22]. The FHE scheme supports basic arithmetic computations on encrypted data. Hence, the FHE is used as a privacy-preserving technique. The work in [22] follows properties of ideal lattices [25]. FHE supports an unlimited number of arithmetic operations. As a consequence of the work in [22], several homomorphic encryption schemes are proposed based on three branches: latticebased [26,27], integer-based and learning with errors (LWE) [28] or ring-learning-with-errors (RLWE) [29] based encryption. In spite of being a potential cryptographic technique, some of the FHE schemes remain quite impractical for real-world applications due to their computational overhead and the number of resources that they require for computations. Several FHE implementations are done as libraries for simplifying FHE operations. The three most prospective efforts are: HElib [30], FHEW [31] and Microsoft’s SEAL [32]. Each of them is based on a different encryption scheme. The HElib uses BGV, FHEW is based on FFTW, and SEAL uses FV. The FHEW is the smallest and fastest among all the libraries. Nevertheless, it only supports boolean circuits currently. Therefore, arithmetic operations must be encoded as boolean circuits in order to be used. SEAL supports arithmetic and polynomial evaluation over the integers and rational numbers. In general, SEAL takes the longest amount of time to compute an encrypted polynomial. HElib is based on the Number Theory Library (NTL) and supports arithmetic and polynomial operations over the integers. The HElib has special tuning code to enhance performance. Moreover, HElib has the richest API compared to other libraries. It speeds up the performance from 36 h in homomorphic AES scheme to 3 h [33]. Furthermore, HElib algorithms have variety of mathematical capabilities that makes HElib better than other implementations. A comprehensive survey on practical FHE schemes is shown in [34]. In this paper, we exploit the advantage of HElib implementation to improve its mathematical capabilities to meet our analytic services requirements. We use HElib library because it is a well-known published implementation and the most practical.

For the BGV algorithm we use R = (Z )[x]/f (x) where f (x) is the irreducible polynomial defined above. In this construction n = 1. We use the notation Rq = R/qR. If v is a vector in R then v[i] denotes the ith element of v. If u is another vector in R then the notation ⟨u, v⟩ is the product of these two vectors in R, which ∑dot n can be written as i=1 u[i].v[i] which is also a member of R. Since R is a polynomial ring, if r is a member of this ring then ∥r ∥ is the Euclidean norm of r, that is, it is the square root of the sum of the squares of the coefficients of r. The expansion factor γR is equal to max(∥ab∥/∥a∥∥b∥) where the maximum ranges over all a and b in R. Using √ the Cauchy–Schwarz inequality it is easy to see that γR <= d. If q is an odd prime, and therefore not a power of two, we may write ⌈log(q)⌉ = 1 + ⌊log(q)⌋. Finally we use χ to denote any distribution over R. 2.2.2. BGV algorithm The BGV algorithm is parameterized by several quantities: the security parameter λ, the modulus q, the exponent d, the dimension n (which is always 1 in our implementation), and the ‘noise’ distribution χ . We add an additional parameter N, which is the integer ⌈(2n + 1)log(q)⌉. For simplicity, we assume that the plaintext space for m is {0, 1}, although the more general case can also be handled easily. The BGV algorithm has five components: initialization (E .Setup), secret key generation (E .SecretKeyGen), public key generation (E .PubKeyGen), encryption (E .Enc) and decryption (E .Dec). We describe each of these components below:

• E.Setup(1λ , 1µ , bsel): In the general case we use the bit bsel to denote whether we are using the ring of integers (d = 1) or the ring of polynomials (n = 1). For the purposes of this description we always assume the latter, so that bsel = 1. The value µ denotes the number of bits in the modulus q. We write params = (q, d, n, N , χ ). • E.SecretKeyGen(params): Choose s′ = χ n and set the secret key sk = s ← (1, s′ [1], . . . , s′ [n]) ∈ Rnq+1 . • E.PublicKeyGen(params,sk): Generate a matrix A′ ← RnN q uniformly, and also a vector e ← χ N . Then set b ← A′ s′ + 2e. Then set the matrix A to be the (n + 1) column matrix consisting of b followed by the n columns of −A′ . Observe that A · s = 2e. Set the public key pk = A. • E.Enc(params,pk,m): set the vector m ← (m, . . . , 0) which is in Rnq+1 . Sample r ← RN and then output the ciphertext c ← m + AT r. Observe that c is an element of Rnq+1 . • E.Dec(params,sk, c): output m ← [[⟨c, s⟩]q ]2 . 2.3. MapReduce model

2.2. The BGV fully homomorphic encryption algorithm 2.2.1. Notation Let λ denote the security parameter of the algorithm. If q is a prime (the modulus) then we use the expression [·]q to denote reduction of the argument to the range [−q/2, q/2). The symbol Z refers to the integers, while the symbol Z[x] denote all polynomials of a single variable x with integer coefficients. If d is a power of two, then we refer to f (x) = xd + 1 as the irreducible polynomial of degree d. The letter b will be used to denote a bit, while bw will denote a string of b bits of length w . We use R to denote a ring, and Rn to denote the space of ntuples of R elements; n is known as the dimension of the space Rn . The plaintext is m, the ciphertext is c, and the secret key is s. Note that c ∈ Rn and also s ∈ Rn . Observe that we use bold font to denote a vector of elements.

The MapReduce [24] is one of the most efficient programming models for big data solutions. This programming model is developed for parallel and distributed execution of large-scale data-intensive applications in clusters [35]. MapReduce consists of two basic elements: mappers and reducers. Mappers work as map functions that are used for generating a set of intermediate key/value pairs. On the other hand, reducers are shuffling or combining functions that merge all of the intermediate values that are associated with the same intermediate key. The primary advantage of the MapReduce algorithm is that operations are eligible to run in parallel on different keys and lists of data if mappers and reducers are independent of each other. There are three core functions of MapReduce: Map(), Combining()/Shuffling(), and Reduce(). However, the aforementioned core functions are decomposed as follows:

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

107

Fig. 2. The MapReduce processes for counting words in a text.

1. Prepare the input: Initially, the MapReduce system delegates map processors (or worker nodes). Next, the system assigns the input key value K1 to each of the delegated processors. Finally, MapReduce provides all of the input data associated with that key value to each processor. 2. The Map() step: Each worker node executes the Map() function using local data and stores the output to a temporary storage space. The code of Map() function is executed exactly once for each K1 key value. Newly generated output are assigned new key values K2 by a master node. The key values in K2 ensures that the redundant copies of input data are processed only once. 3. The Shuffle() step: The output generated by the Map() step is sent to the reducer processors and assigned key values in K2 . All of the reducer processors are provided with all of the map-generated data associated with that key value in a way so that all data under one key are located on the same worker node. 4. The Reduce() step: Designated worker nodes process their corresponding group of output data (per key) in parallel. The parallel execution is performed according to the userprovided Reduce() code. Each function is run exactly once for each key value in K2 produced by the map step. 5. Produce the final output: The MapReduce system collects all of the outputs obtained from Reduce() step and sorts them according to key values in K2 for producing the final outcome.

Table 1 The summary of symbols. Symbol

Description

TTP SR SM Si n SP P CS

Trusted third party Service Repository Service Monitor ith abstract service Number of services in SR Service pool Service provider Composite service Service mediator Encrypted QoS database Set of possible CSs Virtual Machine BGV public-key BGV secret-key Number of positive QoS parameters Number of negative QoS parameters The utility score of the ith composite service CSi The weight of the lth negative QoS parameter The weight of the kth positive QoS parameter The value of lth negative QoS parameter of qth service Siq in CSi The value of kth positive QoS parameter of qth service Siq in CSi The minimum and maximum values of lth negative QoS parameter of qth SP, respectively The minimum and maximum values of kth positive QoS parameter of qth SP, respectively

M

Q PCS VM pk sk x y U(CSi ) Wl Wk Ql (Siq ) Qk (Siq ) Qlmax , Qlmin Qkmax , Qkmin

Fig. 2 shows the classical ‘‘word count problem’’ using the MapReduce model. As shown in Fig. 2, a process splits the data into a subset of chunks initially. These chunks are processed by the mappers later. A shuffling process is initiated for combining key values under the same worker node once the key/values are generated by mappers. The reduce functions are used to count the words that generate a common output at the end. The final count value is used as a result of the algorithm. The final output is a sorted list of word counts from the original text input.

preserving service selection approach is built. Fourth, our proposed fully homomorphic encryption based privacy-preserving service selection approach is described. Fifth, a MapReduce model based parallel execution of privacy-preserving service selection task is proposed. Finally, an analysis of privacy preservation in our proposed framework is presented. The list of used notations in this paper is presented in Table 1.

3. Proposed privacy preserving service selection framework in untrusted cloud service platform

We define the architecture of our proposed privacy preserving cloud service framework in this section. An illustration of the architecture of our proposed framework is shown in Fig. 3. The architecture mainly consists of two components: cloud and trusted third party. Each component contains sub-components. We discuss each component in detail below:

In this section, we discuss our proposed privacy-preserving service selection framework in detail. First, we discuss the architecture of the proposed framework. Second, the QoS model of the framework is described. Third, we present the original QoSaware service selection approach on top of which our privacy

3.1. The architecture of privacy preserving cloud service framework

Trusted third party (TTP). We consider a trusted third party (TTP) that is trusted by all of the participants in the system. TTP can

108

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

Fig. 3. The architecture of the proposed privacy preserving service selection framework.

be considered as an entity similar to the certification authority in the traditional network systems. TTP has a service repository (SR) and service monitor (SM). An SR can be denoted as a set SR = {S1 , S2 , . . . , Sn }, where Si (1 ≤ i ≤ n) is an abstract service and n is number of services in SR. Each service provider registers their service-related data in SR. The SR has multiple service pools (SPs). An SP contains several services with similar functionality. To make it more clear, if a cloud provides n functionality then there are n service pools available. A service (S) can be defined as a piece of functionality that is offered by a service provider (P) and can be used by cloud users. P can be any individual organization or software application that offers one or more services. The SM monitors services in SR and determines QoS values of each service. Additionally, SM encrypts the QoS values with a secret key using BGV FHE scheme for generating encrypted QoS values. Finally, the SM stores encrypted QoS data in the cloud. Cloud. The cloud is the entity that works as a service agent for both users and providers of the service system. A user of the cloud can request for a service to the cloud. In our scenario, the requested service is a collection of services (i.e. composite service (CS)). The cloud has two components: service mediator(M) and encrypted QoS database(Q). The service mediator(M) selects a service from each service pool, builds a composite service, and sends the composite service back to requesting user. The encrypted QoS database(Q) stores encrypted values of QoS parameters for each service. M uses encrypted QoS data from Q and performs the service selection tasks on the encrypted QoS data to build a composite service. A CS consists of a set of services respectively selected from different service pools. More precisely, one service per service pool is selected to constitute a CS. The M has the set PCS of all possible CSs.

3.2. QoS model for privacy preserving service selection framework There can be multiple services that offer the same functionality. In order to differentiate one service from another, nonfunctional properties of services are considered. In general, nonfunctional properties are known as Quality-of-Service (QoS) parameters. Values of QoS parameters are used for optimization purposes [12]. The QoS model for Cloud Services formally defines a set of quality parameters for cloud services. QoS parameters of services contribute differently to evaluate the overall quality of services. There are some QoS parameters that improve the overall quality of services if their values are higher. In contrast, some QoS parameters may reduce the overall quality of service when their values are higher. In [12], five typical QoS criteria are specified that are divided into two categories: negative quality and positive quality. The specified QoS parameters are execution price, execution time, reputation, successful execution rate, and availability. We discuss the negative and positive quality parameters in detail below:

• Negative quality: The negative quality indicates lower quality for its higher value. For example, execution time and execution price are two negative quality. The execution price gives the dollar amount required to execute a service. The execution price quality can be obtained based on the service providers’ advertisement in the service description. The execution time is measure of time required to execute a service. Execution time is calculated as: ExecutionTime = EndTime − StartTime. The execution time is calculated by the cloud itself. • Positive quality: The positive quality indicates higher quality for its higher value. Successful execution rate, reputation, and availability are few examples of the positive quality. The reputation of a service is a measure of the service’s trustworthiness. It mainly depends on the ratio to which the actual

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

provision of the service is compliant with its promised one. The reputation is determined based on the ranking of the cloud users. The successful execution rate depends on the ratio to which the number of successful execution over to total number of times the service is invoked. The availability is the probability that the service is accessible. Both successful execution rate and availability are calculated by the cloud itself. 3.3. QoS-aware service selection approach Available services in a service pool with overlapping or identical functionality may have different QoS values. Hence, a choice is required to determine which service matches most to a user’s expectation. Most of the time, a combination of different services are required to fulfill a user requirement. In other words, a composite service needs to be created from the set of different type of services. Therefore, a service should be selected from each type in a way such that the resulting composite service becomes the best composite service. We consider that there are m types of services in the service system. A composite service is a collection of m services having one service from each type. The QoS-aware service selection can be defined as a process that selects a service from each type of services in SP such that the resulting composite service becomes the best composite service from set of possible composite service that mostly satisfies user requirement. To make it clear, only those services should be selected that contribute to form the best composite service. A utility score is computed for each candidate composite service using a utility function. A utility function is presented in [15] to determine the desirability of a composite service. This utility function relies on Multiple Criteria Decision Making (MCDM) and Simple Additive Weighting (SAW) technique [36]. Following the idea of QoS model of services presented in Section 3.2, we use the function for calculating the utility score of a composite service presented in [15]. The utility function can be depicted as follows: U(CSi ) =

n ∑

(

q=1

+

x ( max ∑ Q − Ql (Siq ) l

l=1

Qlmax − Qlmin

y ( ∑ Qk (Siq ) − Q min k

k=1

Qkmax − Qkmin

) × Wl

)) × Wk

.

(1)

In (3), there are x negative criteria and y positive criteria. Moreover, U(CSi ) represents the utility value of a candidate composite service CSi , where CSi ∈ PCS. Wl is the weight of the lth negative quality criterion of associated with a user’s preference, and Wk is the weight of the kth positive ∑x quality ∑ycriterion associated with a user’s preference. Here, W + l k=1 Wk = 1. Ql (Siq ) denotes l=1 the value of the lth negative quality criterion of qth service Si q in CSi . Qk (Siq ) denotes the value of the kth positive quality criterion of qth service Siq in CSi . Qlmax and Qlmin are maximum and minimum values of its lth negative quality criterion in qth service pool SPiq , respectively. They are computed by the participant services’ lth negative quality criterion in a certain way. Qkmax and Qkmin are the CSi ’s maximum and minimum values of its kth positive quality criterion in qth service pool SPiq , respectively. They are computed by the participant services’ kth positive quality criterion with a certain way. Therefore, an objective function, i.e., Max(U(CSi )), is used for maximizing the user satisfaction expressed as utility functions over QoS attributes.

109

service registry SR based on encrypted QoS values of services. We use BGV fully homomorphic encryption (FHE) scheme as discussed in Section 2.2 for encrypting the QoS values of service. In order to maintain the privacy of services, service monitor encrypts QoS values using BGV Homomorphic encryption scheme E˜ before storing into QoS repository. Firstly, service monitor initializes encryption parameter using the component ˜ The encryption parameter can be deE˜ .Setup(1λ , 1µ , bsel) of E. noted as params = (q, d, n, N , χ ). Secondly, a secret key sk is generated using E˜ .SecretKeyGen(params). Thirdly, A public key pk is generated using E˜ .PublicKeyGen(params, sk). Service monitor shares pk with service mediator for future computation. Finally, each evaluated QoS value Qij is encrypted using E˜ .Enc (params, pk, Qij ). The encrypted value of jth QoS parameter of ith ˜ ij ). Each E(Q ˜ ij ) is stored in QoS repository. service is denoted as E(Q Service mediator finds the best composite service based on user’s request. In general, multiple component services need to be selected to from different service pools to fulfill a user’s request. Service mediator calculates utility score for different combinations of component services based on encrypted QoS values available in QoS repository. In order to calculate utility score based on encrypted QoS values, we need mathematical operations such as fully homomorphic addition (⊕), subtraction (⊖), multiplication (⊗), division (⊘) and homomorphic summation ∑ (⊙ ). The fully homomorphic summation operation is in fact a series of homomorphic addition. The utility function in (1) to ˜ calculate encrypted utility score E(U(CS i )) of composite service CSi can be represented using homomorphic operators as follows:

( ) n ∑ ˜ C )=⊙ ˜ S ) ⊕ E(P ˜ S ) , E(U E(N Si iq iq

(2)

q=1

˜ S ) is the function that computes encrypted negative where, E(N iq ˜ S ) is the function that computes encrypted utility score, and E(P iq positive utility score of the composite service Si for all q num˜ S ) and E(P ˜ S ) can be represented using ber of services. The E(N iq iq following equations: ˜ S )=⊙ E(N iq

x ( ∑

) ˜E(Qlmax ) ⊖ E(Q ˜ l (Siq ))

(l=1 ) ˜ lmax ) ⊖ E(Q ˜ lmin ) ⊗ Wl , ⊘ E(Q

(3)

and

˜ S )=⊙ E(P iq

y ( ∑

) ˜E(Qk (Siq )) ⊖ E(Q ˜ kmin )

k=1 ( ) ˜ kmax ) ⊖ E(Q ˜ kmin ) ⊗ Wk , ⊘ E(Q

(4)

˜ l (Siq )) denotes the encrypted value of the lth negative Here, E(Q ˜ k (Siq )) denotes the quality criterion of qth service Si q in CSi . E(Q value of the kth positive quality criterion of qth service Siq in CSi . ˜ max ) and E(Q ˜ min ) are maximum and minimum values of its E(Q l l lth negative quality criterion in qth service pool SPiq , respectively. ˜ max ) and E(Q ˜ min ) are the CSi ’s maximum and minimum valE(Q k k ues of its kth positive quality criterion in qth service pool SPiq , respectively.

3.4. Proposed privacy preserving QoS-aware service selection using fully homomorphic cryptography

3.5. Privacy preserving service selection based on a MapReduce model

We present our proposed privacy preserving QoS-aware service selection approach in this section. The key idea of our proposed technique is to select a set of component services from

In this section, we describe a parallel processing approach for service selection tasks using virtual machines (VMs) based on MapReduce model. Fig. 4 illustrates the structure of parallel

110

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

Fig. 4. Privacy preserving service selection based on a MapReduce model.

Fig. 5. Case Scenario-I: Car brokerage application.

processing for service selection based on MapReduce model. The computational overheads associated with fully homomorphic encryption (FHE) is reduced by using distributing service selection tasks. As a result, the performance of privacy preserving service selection is significantly enhanced while keeping the accuracy of service selection computations. We have two main components in the MapReduce model: (1) A mapper where independent computational tasks of service selection can be distributed among a set of mappers (Virtual Machines (VMs)), (2) A reducer where the results from all of the mappers (VMs) are aggregated to accomplished campsite service selection task and choose optimal utility score. In our model, we consider implementing independent utility score computation function for each service type in a single mapper. The reducers aggregate and compute final composite score for the service selection. The MapReduce model is described in Algorithm 1.

from each type to build a composite service. For simplicity, let us consider that the computational overhead of the BGV encryption scheme is constant as the required times for encrypting all of the QoS values are almost similar. The computational complexity of the conventional service selection task in a centralized system is O(nm ), which can be reduced by using MapReduce based task distribution. The computational complexity of the MapReduce model comprises the complexity of mapper and reducer. Assume that there are k virtual machines (VMs) available. Hence, the computational complexity of mapper for the service selection process is O(nm /k). On the other hand, the computational complexity of reducer having k VMs is O(log(k)). Overall, the complexity of the MapReduce based distributed service selection model is O(nm /k + log(k)).

3.5.1. Computational complexity Assume that there are total n number of services of m types. Total m number of services to be selected taking one service

The security of our proposed privacy preserving framework depends on two things. Firstly, the usage of a trusted third party (TTP). In our framework, TTP is a party that is trusted by everyone.

3.6. Analysis of privacy preservation

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

111

Algorithm 1 Distributed privacy preserving service selection tasks using MapReduce model Input: Set of Services S in SR and Encrypted QoS data Q ˜ C )) Output: Max(E(U Si Procedure mapper() begin ˜ C )) := 0 Initialization : Maxk (E(U S i

1:

for each Sij ∈ S k , where S k ⊂ S do

2:

˜ C ) using (2), (3) and (4) find E(U S

3:

˜ C ) ≥ Maxk (E(U ˜ C ))) then if (E(U S S

4: 5: 6: 7:

8: 9: 10: 11: 12: 13:

i

i

i

˜ C )) = E(U ˜ C ) Maxk (E(U Si Si end if end for ˜ C ))) output(key = k,v alue = Maxk (E(U Si end ˜ C ))) Procedure reducer(key = k,v alue = Set of Maxk (E(U Si begin ˜ C )) := 0 Initialization : Max(E(U Si for each k do ˜ C )) ≥ Max(E(U ˜ C ))) then if (Maxk (E(U S S i

i

˜ C )) = Maxk (E(U ˜ C )) Max(E(U Si Si end if end for ˜ C )) end return Max(E(U S

Fig. 6. Case Scenario-II: Travel booking application.

i

Here, TTP can be considered as an entity similar to the certification authority in the traditional network systems. Secondly, the usage of public-key cryptography based FHE scheme (i.e. BGV encryption algorithm). TTP uses BGV FHE scheme to generate a key-pair. The key-pair consists of two keys: public (pk) and secret (sk) key. TTP encrypts each of QoS data by its pk and stores in the QoS repository in the cloud. TTP never discloses its sk to anyone. However, pk of TTP is accessible by the cloud. The service mediator of cloud performs the service selection tasks on the encrypted QoS data without knowing sk. To make it clear, the service mediator can see only the encrypted QoS values and results produced using them. According to the security assumption of public-key cryptography, it is computationally unattainable to determine the secret key from corresponding public key. If the security assumptions of BGV scheme holds, sk of TTP cannot be recovered from corresponding pk. Therefore, our proposed framework is able to preserve the privacy during the service selection process. 4. Experimental results and discussion We conduct a set of experiments for evaluating performance of our proposed privacy preserving QoS-aware service selection framework. 4.1. Running examples In order to evaluate the performance and testing the applicability of our proposed model, we consider two case scenarios. The case scenarios are discussed below: Case-I. In the first case scenario, we use a car brokerage application (see Fig. 5). Typically, the scenario would have a customer, say Jenny, planning to buy a used car having a specific model, make, and mileage. She naturally wants to get the best deal. Assume that Mary has access to a service infrastructure where

the different entities that play a role in the car purchase are represented by Web services. Examples of services that need to be accessed include car purchase (CP), car insurance (CI), financing (FI), and roadside assistance (RA). There are several providers for each type of services. The service mediator is responsible for selecting best services for each type of services to constitute the best composite service. The services are evaluated based on their respective QoS parameters. We consider five QoS parameters for the car brokerage scenario according to the research work in [37]: latency, reliability, availability, fee and reputation. Among the aforementioned QoS parameters, reliability, availability and reputation are considered as positive QoS parameters. On the other hand, fee and latency are considered as negative QoS parameters. Case-II. In the second scenario, we consider a travel booking application that provides multiple functionalities related to a travel (see Fig. 6). Assume that a customer, say John, wants to get a travel itinerary to attend a conference. The required services can be, for example, hotel reservation (HR), airline ticket booking (AT), and car rental (CR). The travel booking application finds best matches for John. Quality attributes may include response time, cost, and ratings. Here, response time and cost are considered as negative QoS, and ratings as the positive QoS parameter. 4.2. Experimental setup To the best of our knowledge, there is no considerable service test case available in the public domain and that can be used for experimentation purposes. Therefore, we evaluate the proposed approach by using synthetic QoS data. For our experiments, we generate a dataset with 4500 services of four different types of services for Case-I. Each record contains five QoS values for an atomic service. For the dataset of case-II, 6500 services are generated with three QoS vales for each record. The QoS values of service instances are generated using an interval: Qi ∈ [0, 1]. During experiments, we randomly choose different number of services from each service type for both cases. For the sake of

112

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

Fig. 7. The comparison of required times for generating encrypted QoS databases having different number of services of PP-QSS, PP-QSS-4, PP-QSS-6 and PP-QSS-8: (a) Case-I, and (b) Case-II.

Fig. 8. The comparison of service selection times of PT-QSS, PP-QSS, PP-QSS-4, PP-QSS-6 and PP-QSS-8: (a) Case-I, and (b) Case-II.

Fig. 9. The comparison of scalability of PT-QSS, PP-QSS, PP-QSS-4, PP-QSS-6 and PP-QSS-8: (a) Case-I, and (b) Case-II.

simplicity, we consider that weights of the QoS parameters are equal in both scenarios. In order to implement Fully Homomorphic Encryption (FHE), we use HElib[38]. The HElib is a C++ based software library that implements fully homomorphic encryption (FHE). Current version of HElib implements Brakerski–Gentry–Vaikuntanathan (BGV) scheme. Several optimization approaches are used in this library to make homomorphic evaluation run faster. The implementation mostly focuses on using Smart-Vercauteren ciphertext packing techniques and the Gentry–Halevi–Smart optimization effectively. Nevertheless, current version of HElib does not support arithmetic operations on floating-point numbers. The research work in [6] proposes a floating-point operation using HElib. In our experiments, we use the implementation of the work in [6] for performing arithmetic operations on floating-point number. We use C++ for implementing our algorithms. We run

the experiments on 3.40 GHz Intel Core i7 processor and 8 GB RAM operated under Ubuntu 16 operating System. Initially, we run the QoS-aware service selection approach on plaintext QoS data. Later, we run the proposed privacy preserving QoS-aware service selection approach on encrypted QoS data. We observe the performance of the following methods: 1. The QoS-aware service selection approach on plaintext QoS data without MapReduce (PT-QSS) 2. The privacy preserving QoS-aware service selection approach on encrypted QoS data without MapReduce (PPQSS) 3. The privacy preserving QoS-aware service selection approach on encrypted QoS data with MapReduce model (PP-QSS-MR). We implement the PP-QSS-MR with different number of virtual machines (VMs): PP-QSS-MR with 4

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

Fig. 10. The comparison of execution times of the proposed framework for different number of QoS parameters. The number of services from each type is 100.

VMs ( PP-QSS-MR-4), 6 VMs (PP-QSS-MR-6), and 8 VMs (PP-QSS-MR-8). 4.3. Experimental results and performance evaluation We run a set of experiments for evaluating the performance of our proposed privacy preserving service selection model. For each case scenario and method stated in Section 4.2, we execute our experiments 100 times and take the average results. We use our experimental results to evaluate the followings using five different methods: PT-QSS, PP-QSS, PP-QSS-MR-4, PP-QSS-MR-6, and PP-QSS-MR-8: 1. Time required to generate the encrypted QoS database for different number of services and QoS parameters. 2. Time required for single request to select the best service from each service type. 3. Time required for different number of requests to select best services from each service type. 4. Time required for single request to select the best service with variable number of QoS parameters from fixed number of services in each service type. Fig. 7 illustrates the comparison of required times for generating the encrypted QoS databases of PP-QSS, PP-QSS-4, PP-QSS-6 and PP-QSS-8. We show results for both Case-I (Fig. 7(a)) and Case-II (Fig. 7(b)). We consider QoS databases with different number of services for both Case-I and Case-II. Results show that the required time to generate an encrypted QoS database increases if the number of services increases. The Case-II requires about one-fourth less time than that of the Case-I. Therefore, the required time depends on the number of QoS parameters in a dataset. From the result, we can state that the required time reduces by using MapReduce model with higher number of VMs. Fig. 8 illustrates the comparison of service selection times of PT-QSS, PP-QSS, PP-QSS-4, PP-QSS-6 and PP-QSS-8. The result of Case-I is presented in Fig. 8(a). Fig. 8(b)) shows the result for Case-II. We randomly choose different numbers of services from each type of services. Initially, we run QoS-aware service selection approach on plaintext QoS dataset using (1) and observe the execution times. Later, we run our proposed privacy preserving QoS aware service selection methods on encrypted data without MapReduce model for the same set of services using (2), (3), and

113

(4). From Fig. 8, we find that PP − QSS takes much longer time compared to PT − QSS if the number of services in each type is higher. The execution time increases exponentially when the number of services in each type increases. For both Case-I and Case-II, the execution time of PP − QSS is almost 5 times and 10 times greater than that of PT − QSS when there are 300 and 500 services in each type, respectively. In order to compensate for the execution time of our proposed framework, we run our experiment using the MapReduce model. Similar to the previous experiment, we randomly choose different numbers of services from each type of services. The execution times for different numbers of VMs are shown here. For our current experimental setup, we see that MapReduce models significantly improves the performance of our proposed model. The execution times of PP − QSS get closer to that of PT − QSS if the number of VMs is increased. In Fig. 9, we demonstrate the scalability of our proposed privacy preserving method for both Case-I and case-II. We randomly select 100 services from each type of services in both of the cases to compute the time required to select services for PT-QSS, PP-QSS and PP-QSS-MR with different number of VMs. Fig. 9(a) presents the variations in required times for Case-I, and Fig. 9(b) shows the same for Case-II. From the results, we can state that the higher number of user requests at a time increases the execution time of our proposed privacy preserving service selection approach. However, the usage of MapReduce model significantly improves the performance of our proposed method by reducing the required time. Fig. 10 shows the comparison of service selection times by our proposed privacy-preserving framework with the different number of QoS parameters. The execution time is shown in seconds. We consider five types of services and 500 randomly chosen services from each type for this experiment. Results indicate that the execution time of our proposed model is very less if the number of QoS parameters is less than or equal to 3. However, the execution times increase exponentially if the number of QoS parameter is greater than 3. The execution time reduces significantly when the MapReduce model is used. 5. Related work In this section, we discuss some key research works on QoS aware service selection and privacy preserving service selections. Additionally, we briefly discuss some of the distributed data processing models alternative to the MapReduce model that can be used to reduce the computational overhead in the proposed privacy-preserving Service selection framework. QoS-aware service selection. Quality-of-Service (QoS) aware service composition has been fully investigated in [7–15]. The paper in [7] proposes the concept of generalized component services (GCSs), which is defined in a semantic manner, to expand the selection scope so as to achieve a better solution. A QoS-aware multigranularity service composition model is formulated and how to identify all the GCSs for a composite service is elaborated. A backtracking-based algorithm and an extended genetic algorithm are proposed to optimize the resulting composite service instance. In [8], the transactional properties of services are investigated first. Next, how to compose individual services in a transactional manner is focused. Finally, the problem of transactional and QoS-aware dynamic service composition is formulated. By modeling the problem as a constrained directed acyclic graph, the ant colony optimization algorithm is utilized to seek a nearto-optimal solution efficiently. The work in [9] shows a service selection method for workflow reconfiguration based on interface operation matching. A concept of generalized component services to expand the selection scope to achieve a better solution is

114

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115

presented in [10]. The problem of QoS-aware multi-granularity service composition is then formulated and how to discover candidates for each generalized component service is elaborated. A genetic algorithm based approach is proposed to optimize the resulting composite service instance. In [11–13], the authors propose a per-service-class optimization as well as a global optimization using integer programming. As opposed to integer programming, in [14], a genetic algorithm based approach is proposed, where the genome length is determined by the number of abstract services that require a choice to be made. The GA-based approach focuses on dealing with nonlinear constraints. It has the advantage that it is scalable when the number of concrete services per abstract service increases. Considering that more and more functionally equivalent services are available on Internet, the work in [15] proposes an interesting mechanism for cutting through the search space of candidate web-services, by using skyline queries [15] offline. Skyline queries identify non-dominated web services on at least one QoS criteria. A non-dominated web-service means a Web-service that has at least one QoS dimension where it is strictly better than any other Web service and at least equal on all other QoS dimensions. None of the aforementioned research work considers privacy issue during the service selection process. Privacy preserving service selection. To the best of our knowledge, only a few works have investigated privacy issues in service selection [16,17] and composition [18–21]. The role of privacy in service composition has been investigated in [20], where only services requiring the disclosure of less sensitive information and offered by trusted providers are selected in the composition. Users’ privacy concerns are often addressed by providing automated techniques for matching provider’s privacy policies with customer’s preferences [19,21,39–41]. The most prominent solution for policy matching is P3P (Platform for Privacy Preferences Project) [39]. P3P aims to assist service providers in specifying their privacy practices on the Web, and users in matching such practices against their preferences. In [40] service composition is the result of a negotiation phase between user privacy preferences (describing the type of access to each piece of personal information) and the Web service policy statement (specifying which information is mandatory and which is optional to use a service). Here, the outcome of the negotiation indicates what personal information the user should disclose to the service provider. However, these techniques only focus on the relation between a server and a client. Privacy-aware service selection is addressed in [17] which presents a comprehensive framework to protect users’ and service providers’ privacy needs at selection time. Users’ criteria are matched against Web services’ attributes in a private fashion such that both criteria and service attributes are kept private. This approach mainly focuses on protection of service provision rules from unwanted disclosure, while our goal is to select the most privacy preserving composition. Massacci et al. [16] present an approach to service selection based on the sensitivity of data to be disclosed for the service provision. The research work in [18] propose a privacy-preserving Web service composition and selection approach that makes it possible to verify the compliance between users’ privacy requirements and providers’ privacy policies. Additionally, the work ranks the composite Web services with respect to the privacy level they offer. Distributed data processing models. The MapReduce [24] model is exclusively designed for batch processing in large-scale dataintensive applications in cluster [35]. However, this model is not the only solution to large scale data processing. Dremel [42] and Pregel [43] are developed by Google as alternatives to the MapReduce. The prior model is designed for interactive SQL queries and

later is for iterative graph algorithms. Spark [44], developed by Apache, is a unified engine for distributed data processing. Spark uses a programming model similar to the MapReduce. Additionally, it has an extended data-sharing abstraction called Resilient Distributed Datasets (RDDs) [45]. With this extension, Spark can capture a wide range of processing workloads that previously needed separate engines. The workloads include SQL, streaming, machine learning, and graph processing [46–48]. Apache Storm [49] is another tool used for large scale data analysis. The key advantage of Storm is that it can do parallel processing in real time. There are many other models alternative to the MapReduce. A complete list can be found in [50]. 6. Conclusion In conclusion, we present novel privacy preserving QoS-aware service selection framework using fully homomorphic encryption scheme. We mainly focus on the novelty of privacy preservation during the service selection process in an untrusted cloud service platform rather than proposing any new service selection algorithm. We conduct several experiments in both centralized and distributed computing environment to evaluate the performance of proposed privacy preserving service selection framework using synthetic QoS dataset. For the distribution of tasks, we use the MapReduce model with a different number of virtual machines (VMs). Experimental results show that the execution time for the computation on the encrypted dataset is larger than that of plaintext dataset when performed in a centralized computing environment. However, our proposed MapReduce model significantly reduces the execution time of the privacy-preserving service selection process. As we have used the fully homomorphic encryption scheme to encrypt QoS dataset and the encrypted QoS dataset is stored in the cloud, the cloud has no useful information about QoS data. Therefore, the key achievement is that our proposed framework successfully preserves the privacy and prevents any disclosure of QoS data. We believe that the performance of our proposed privacy preserving service selection approach with the MapReduce model can be improved. In this paper, we use an optimization approach based on Multiple Criteria Decision Making (MCDM) and Simple Additive Weighting (SAW) technique [36]. However, any modern optimization approach, such as Genetic Algorithm (GA) [7,10], to optimize the resulting composite service instances. For the sake of simplicity, we do not consider the aforementioned optimization techniques in this paper and set them as our future work. Other distributed programming models, such as Apache Spark and Storm can be used to improve the efficiency of our proposed privacy-preserving service selection framework. References [1] L.-J. Zhang, H. Cai, J. Zhang, Services Computing, Springer, 2007. [2] A. Bestavros, O. Krieger, Toward an open cloud marketplace: Vision and first steps, IEEE Internet Comput. 18 (1) (2014) 72–77. [3] M. Ali, S.U. Khan, A.V. Vasilakos, Security in cloud computing: Opportunities and challenges, Inform. Sci. 305 (2015) 357–383. [4] J. Li, Q. Wang, C. Wang, N. Cao, K. Ren, W. Lou, Fuzzy keyword search over encrypted data in cloud computing, in: Infocom, 2010 Proceedings Ieee, IEEE, 2010, pp. 1–5. [5] M.S. Rahman, I. Khalil, X. Yi, A lossless dna data hiding approach for data authenticity in mobile cloud based healthcare systems, Int. J. Inf. Manage. (2018). [6] A. Alabdulatif, I. Khalil, H. Kumarage, A.Y. Zomaya, X. Yi, Privacy-preserving anomaly detection in the cloud for quality assured decision-making in smart cities, J. Parallel Distrib. Comput. (2018). [7] Q. Wu, F. Ishikawa, Q. Zhu, D.-H. Shin, Qos-aware multigranularity service composition: Modeling and optimization, IEEE Trans. Syst. Man Cybern. Syst. 46 (11) (2016) 1565–1577.

M.S. Rahman, I. Khalil, A. Alabdulatif et al. / Knowledge-Based Systems 180 (2019) 104–115 [8] Q. Wu, Q. Zhu, Transactional and qos-aware dynamic service composition based on ant colony optimization, Future Gener. Comput. Syst. 29 (5) (2013) 1112–1119. [9] H. Gao, W. Huang, X. Yang, Y. Duan, Y. Yin, Toward service selection for workflow reconfiguration: An interface-based computing solution, Future Gener. Comput. Syst. (2018). [10] Q. Wu, Q. Zhu, X. Jian, Qos-aware multi-granularity service composition based on generalized component services, in: International Conference on Service-Oriented Computing, Springer, 2013, pp. 446–455. [11] B. Benatallah, M. Dumas, Q.Z. Sheng, A.H. Ngu, Declarative composition and peer-to-peer provisioning of dynamic web services, in: Data Engineering, 2002. Proceedings. 18th International Conference on, IEEE, 2002, pp. 297–308. [12] L. Zeng, B. Benatallah, A.H. Ngu, M. Dumas, J. Kalagnanam, H. Chang, Qosaware middleware for web services composition, IEEE Trans. Softw. Eng. 30 (5) (2004) 311–327. [13] L. Zeng, B. Benatallah, M. Dumas, J. Kalagnanam, Q.Z. Sheng, Quality driven web services composition, in: Proceedings of the 12th International Conference on World Wide Web, ACM, 2003, pp. 411–421. [14] G. Canfora, M. Di Penta, R. Esposito, M.L. Villani, An approach for qosaware service composition based on genetic algorithms, in: Proceedings of the 7th Annual Conference on Genetic and Evolutionary Computation, ACM, 2005, pp. 1069–1075. [15] M. Alrifai, D. Skoutas, T. Risse, Selecting skyline services for qos-based web service composition, in: Proceedings of the 19th International Conference on World Wide Web, ACM, 2010, pp. 11–20. [16] F. Massacci, J. Mylopoulos, N. Zannone, Hierarchical hippocratic databases with minimal disclosure for virtual organizations, VLDB J. Int. J. Very Large Data Bases 15 (4) (2006) 370–387. [17] A. Squicciarini, B. Carminati, S. Karumanchi, A privacy-preserving approach for web service selection and provisioning, in: Web Services (ICWS), 2011 IEEE International Conference on, IEEE, 2011, pp. 33–40. [18] E. Costante, F. Paci, N. Zannone, Privacy-aware web service composition and ranking, in: Web Services (ICWS), 2013 IEEE 20th International Conference on, IEEE, 2013, pp. 131–138. [19] S.-E. Tbahriti, M. Mrissa, B. Medjahed, C. Ghedira, M. Barhamgi, J. Fayn, Privacy-aware daas services composition, in: International Conference on Database and Expert Systems Applications, Springer, 2011, pp. 202–216. [20] R. Hewett, P. Kijsanayothin, Privacy and recovery in composite web service transactions, Int. J. Inf. 3 (2) (2010) 240–248. [21] W. Xu, V. Venkatakrishnan, R. Sekar, I. Ramakrishnan, A framework for building privacy-conscious composite web services, in: Web Services, 2006. ICWS’06. International Conference on, IEEE, 2006, pp. 655–662. [22] C. Gentry, A Fully Homomorphic Encryption Scheme, Stanford University, 2009. [23] Z. Brakerski, C. Gentry, V. Vaikuntanathan, (Leveled) fully homomorphic encryption without bootstrapping, ACM Trans. Comput. Theory (TOCT) 6 (3) (2014) 13. [24] J. Dean, S. Ghemawat, Mapreduce: simplified data processing on large clusters, Commun. ACM 51 (1) (2008) 107–113. [25] V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings, J. ACM 60 (6) (2013) 43. [26] C. Gentry, S. Halevi, Implementing gentry’s fully-homomorphic encryption scheme, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2011, pp. 129–148. [27] C. Gentry, S. Halevi, Fully homomorphic encryption without squashing using depth-3 arithmetic circuits, in: Foundations of Computer Science (FOCS), 2011 IEEE 52nd Annual Symposium on, IEEE, 2011, pp. 107–109. [28] Z. Brakerski, et al., Efficient fully homomorphic encryption from (standard) lwe, focs (2011). [29] Z. Brakerski, V. Vaikuntanathan, Fully homomorphic encryption from ringlwe and security for key dependent messages, in: Annual Cryptology Conference, Springer, 2011, pp. 505–524. [30] S. Halevi, V. Shoup, Efficient fully homomorphic encryption from (standard) lwe, focs (2014).

115

[31] L. Ducas, D. Micciancio, Fhew: bootstrapping homomorphic encryption in less than a second, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2015, pp. 617–640. [32] H. Chen, K. Laine, R. Player, Simple encrypted arithmetic library-seal v2. 1, in: International Conference on Financial Cryptography and Data Security, Springer, 2017, pp. 3–18. [33] J.A. Garay, R. Gennaro, Advances in Cryptology–CRYPTO 2014: 34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2014, Proceedings, Vol. 8617, Springer, 2014. [34] C. Moore, M. O’Neill, E. O’Sullivan, Y. Doroz, B. Sunar, Practical homomorphic encryption: A survey, in: Circuits and Systems (ISCAS), 2014 IEEE International Symposium on, IEEE, 2014, pp. 2792–2795. [35] M. Zaharia, A. Konwinski, A.D. Joseph, R.H. Katz, I. Stoica, Improving mapreduce performance in heterogeneous environments., in: Osdi, Vol. 8, 2008, p. 7. [36] C. Huang, K. Yoon, Multiple Criteria Decision Making: Methods and Applications, in: Lecture Notes in Economics and Mathematical Systems, vol. 186, Springer-Verlag, New York, NY, USA, 1981. [37] Q. Yu, A. Bouguettaya, Framework for web service query algebra and optimization, ACM Trans. Web (TWEB) 2 (1) (2008) 6. [38] Helib 1.3 implementing homomorphic encryption (apr 2015), http://shaih. github.io/HElib/index.html. [39] L. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall, J. Reagle, The platform for privacy preferences 1.0 (p3p1. 0) specification. W3C recommendation 16 (2002). [40] A. Tumer, A. Dogac, I. Toroslu, A semantic-based user privacy protection framework for web services, in: Intelligent Techniques for Web Personalization, Springer, 2005, pp. 289–305. [41] Å.A. Nyre, K. Bernsmed, S. Bo, S. Pedersen, A server-side approach to privacy policy matching, in: Availability, Reliability and Security (ARES), 2011 Sixth International Conference on, IEEE, 2011, pp. 609–614. [42] S. Melnik, A. Gubarev, J.J. Long, G. Romer, S. Shivakumar, M. Tolton, T. Vassilakis, Dremel: interactive analysis of web-scale datasets, Proc. VLDB Endowment 3 (1–2) (2010) 330–339. [43] G. Malewicz, M.H. Austern, A.J. Bik, J.C. Dehnert, I. Horn, N. Leiser, G. Czajkowski, Pregel: a system for large-scale graph processing, in: Proceedings of the 2010 ACM SIGMOD International Conference on Management of Data, ACM, 2010, pp. 135–146. [44] M. Zaharia, R.S. Xin, P. Wendell, T. Das, M. Armbrust, A. Dave, X. Meng, J. Rosen, S. Venkataraman, M.J. Franklin, et al., Apache spark: a unified engine for big data processing, Commun. ACM 59 (11) (2016) 56–65. [45] M. Zaharia, M. Chowdhury, T. Das, A. Dave, J. Ma, M. McCauley, M.J. Franklin, S. Shenker, I. Stoica, Resilient distributed datasets: A fault-tolerant abstraction for in-memory cluster computing, in: Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, USENIX Association, 2012, p. 2. [46] M. Armbrust, R.S. Xin, C. Lian, Y. Huai, D. Liu, J.K. Bradley, X. Meng, T. Kaftan, M.J. Franklin, A. Ghodsi, et al., Spark sql: Relational data processing in spark, in: Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data, ACM, 2015, pp. 1383–1394. [47] J.E. Gonzalez, R.S. Xin, A. Dave, D. Crankshaw, M.J. Franklin, I. Stoica, Graphx: Graph processing in a distributed dataflow framework., in: OSDI, Vol. 14, 2014, pp. 599–613. [48] M. Zaharia, T. Das, H. Li, T. Hunter, S. Shenker, I. Stoica, Discretized streams: Fault-tolerant streaming computation at scale, in: Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, ACM, 2013, pp. 423–438. [49] Apache storm project, http://storm.apache.org. [50] A. Fernández, S. del Río, V. López, A. Bawakid, M.J. del Jesus, J.M. Benítez, F. Herrera, Big data with cloud computing: an insight on the computing environment, mapreduce, and programming frameworks, Wiley Interdiscip. Rev. Data Min. Knowl. Discov. 4 (5) (2014) 380–409.