terza serzione related con aggiornamento file biblio

bib_on_BigDataAccessControl.bib

@@ -860,15 +860,66 @@ @article{VANDENBROEK2018330
 }
 
 @article{needtobalance,
-author = {Hotz, V. and Bollinger, Chris and Komarova, Tatiana and Manski, Charles and Moffitt, Robert and Nekipelov, Denis and Sojourner, Aaron and Spencer, Bruce},
-year = {2022},
-month = {08},
-pages = {},
-title = {Balancing data privacy and usability in the federal statistical system},
-volume = {119},
-journal = {Proceedings of the National Academy of Sciences},
-doi = {10.1073/pnas.2104906119}
+	author = {Hotz, V. and Bollinger, Chris and Komarova, Tatiana and Manski, Charles and Moffitt, Robert and Nekipelov, Denis and Sojourner, 	Aaron and Spencer, Bruce},
+	year = {2022},
+	month = {08},
+	pages = {},
+	title = {Balancing data privacy and usability in the federal statistical system},
+	volume = {119},
+	journal = {Proceedings of the National Academy of Sciences},
+	doi = {10.1073/pnas.2104906119}
 }
 
+@INPROCEEDINGS{secureWScomposition,
+	author={Carminati, Barbara and Ferrari, Elena and K. Hung, Patrick C.},
+	booktitle={2006 IEEE International Conference on Web Services (ICWS'06)}, 
+	title={Security Conscious Web Service Composition}, 
+	year={2006},
+	volume={},
+	number={},
+	pages={489-496},
+	keywords={Security;Web services;XML;Simple object access protocol;Service oriented architecture;Privacy;Software systems;Software design;Web and internet services;Computer architecture},
+	doi={10.1109/ICWS.2006.115}
+}
+
+@article{SELLAMI2020102732,
+	title = {On the use of big data frameworks for big service composition},
+	journal = {Journal of Network and Computer Applications},
+	volume = {166},
+	pages = {102732},
+	year = {2020},
+	issn = {1084-8045},
+	doi = {https://doi.org/10.1016/j.jnca.2020.102732},
+	url = {https://www.sciencedirect.com/science/article/pii/S108480452030206X},
+	author = {Mokhtar Sellami and Haithem Mezni and Mohand Said Hacid},
+	keywords = {Big data, Big service, Big service composition, Quality of big services, Fuzzy RCA, Spark},
+	abstract = {Over the last years, big data has emerged as a new paradigm for the processing and analysis of massive volumes of data. Big data processing has been combined with service and cloud computing, leading to a new class of services called “Big Services”. In this new model, services can be seen as an abstract layer that hides the complexity of the processed big data. To meet users' complex and heterogeneous needs in the era of big data, service reuse is a natural and efficient means that helps orchestrating available services' operations, to provide customer on-demand big services. However different from traditional Web service composition, composing big services refers to the reuse of, not only existing high-quality services, but also high-quality data sources, while taking into account their security constraints (e.g., data provenance, threat level and data leakage). Moreover, composing heterogeneous and large-scale data-centric services faces several challenges, apart from security risks, such as the big services' high execution time and the incompatibility between providers' policies across multiple domains and clouds. Aiming to solve the above issues, we propose a scalable approach for big service composition, which considers not only the quality of reused services (QoS), but also the quality of their consumed data sources (QoD). Since the correct representation of big services requirements is the first step towards an effective composition, we first propose a quality model for big services and we quantify the data breaches using L-Severity metrics. Then to facilitate processing and mining big services' related information during composition, we exploit the strong mathematical foundation of fuzzy Relational Concept Analysis (fuzzy RCA) to build the big services' repository as a lattice family. We also used fuzzy RCA to cluster services and data sources based on various criteria, including their quality levels, their domains, and the relationships between them. Finally, we define algorithms that parse the lattice family to select and compose high-quality and secure big services in a parallel fashion. The proposed method, which is implemented on top of Spark big data framework, is compared with two existing approaches, and experimental studies proved the effectiveness of our big service composition approach in terms of QoD-aware composition, scalability, and security breaches.}
+}
 
-  
+@ARTICLE{9844845,
+  author={Anisetti, Marco and Ardagna, Claudio Agostino and Bena, Nicola},
+  journal={IEEE Transactions on Services Computing}, 
+  title={Multi-Dimensional Certification of Modern Distributed Systems}, 
+  year={2023},
+  volume={16},
+  number={3},
+  pages={1999-2012},
+  keywords={Software;Behavioral sciences;Microservice architectures;Art;Monitoring;Focusing;Codes;Assurance;certification;security;service selection},
+  doi={10.1109/TSC.2022.3195071}
+}
+
+@InProceedings{Lseverity,
+author="Vavilis, Sokratis
+and Petkovi{\'{c}}, Milan
+and Zannone, Nicola",
+editor="Atluri, Vijay
+and Pernul, G{\"u}nther",
+title="Data Leakage Quantification",
+booktitle="Data and Applications Security and Privacy XXVIII",
+year="2014",
+publisher="Springer Berlin Heidelberg",
+address="Berlin, Heidelberg",
+pages="98--113",
+abstract="The detection and handling of data leakages is becoming a critical issue for organizations. To this end, data leakage solutions are usually employed by organizations to monitor network traffic and the use of portable storage devices. These solutions often produce a large number of alerts, whose analysis is time-consuming and costly for organizations. To effectively handle leakage incidents, organizations should be able to focus on the most severe incidents. Therefore, alerts need to be prioritized with respect to their severity. This work presents a novel approach for the quantification of data leakages based on their severity. The approach quantifies leakages with respect to the amount and sensitivity of the leaked information as well as the ability to identify the data subjects of the leaked information. To specify and reason on data sensitivity in an application domain, we propose a data model representing the knowledge in the domain. We validate our approach by analyzing data leakages within a healthcare environment.",
+isbn="978-3-662-43936-4"
+}

related.tex

@@ -33,5 +33,13 @@ \subsection{Data governance and data protection}\label{sec:datagov}
 \subsection{Service Selection based on data quality}\label{sec:servicesel}
 %%%%%%%%%%%%%%%%%%%
 
-%Quality of Service (QoS) is a critical factor in the selection of services within a big data environment. Several studies have explored the integration of QoS metrics into service selection algorithms to ensure that selected services meet specific performance, reliability, and security standards. These studies emphasize the importance of considering both functional and non-functional requirements in service selection to optimize overall system performance and user satisfaction. The evaluation of QoS metrics often involves assessing various parameters, such as response time, availability, throughput, and security features, to ensure that services align with the desired quality standards.
+The selection and composition of services is a recent topic in the era of big data, originating from the Web service scenario but facing additional challenges due to the volume and velocity of data, as well as to the heterogeneity of services, domains, and hosting infrastructures. In the context of big data, Quality of Service (QoS) is particularly crucial for service selection: as organizations leverage vast amounts of data to enhance decision-making and operational efficiency, it is imperative to choose appropriate services for processing, analyzing, and interpreting this data. In particular, the selection process must account for both functional and non-functional requirements, including performance, scalability, reliability, and security standards. Despite its critical nature, security is often one of the least considered metrics in service selection \cite{SELLAMI2020102732}. Even when security is taken into account, it is not always evaluated in relation to data quality. 
 
+Related works include \cite{secureWScomposition}, where Web services are composed according to the security requirements of both service requestors and providers. However, the range of expressible requirements is limited, such as the type of encryption algorithm or authentication method (e.g., SSO), and data sanitization is not considered. Thus, the selection algorithm is just a matching rather than a ranking with respect to a security metrics.
+
+Another relevant study \cite{9844845} implements a certification-based service selection process, ranking services according to their certified non-functional properties and corresponding user requirements. In this approach, certified services are assumed to be functionally equivalent, offering the same functionality while meeting users' functional requirements.
+
+The most related work to ours is \cite{SELLAMI2020102732}, where the authors address the challenges of big service composition, particularly QoS and security issues. Similarly to what we do with our pipeline template, they define a quality model for big services by extending the traditional QoS model of Web services to include ``big data"-related characteristics, and Quality of Data (QoD) attributes, such as completeness, accuracy, and timeliness. In order to address security issues, in their model, each service is assigned an L-Severity level \cite{Lseverity} that represents the potential severity of data leakages when consuming its data chunks. 
+Their approach aims to select the optimal composition plan that not only maximizes QoS and QoD attributes such as timeliness (TL), completeness (CP), and consistency (CS), but it also minimizes L-Severity (LS), data sources and communication costs. 
+
+%TWEB??