Seminar: Trends in Enterprise Interoperability - Privacy Preservation

Hajautetut järjestelmät ja tietoliikenne
Syventävät opinnot
Vuosi Lukukausi Päivämäärä Periodi Kieli Vastuuhenkilö
2016 kevät 19.01-03.05. 3-4 Englanti Lea Kutvonen


Aika Huone Luennoija Päivämäärä
Ti 14-16 C220 Lea Kutvonen 19.01.2016-01.03.2016
Ti 14-16 C220 Lea Kutvonen 15.03.2016-03.05.2016

Information for international students

Materials and schedules

Added slides for the first session and presentation scedules

Extended abstract deadline and presentation session: 9.2. (meeting)

  • 5 min presentation on your own topic; if you email them beforehand, they will be loaded onto the same laptop with others;
  • bring or email an extended abstract with a few key references; these will be placed available for the group.

Paper deadline: 1.3 (no meeting)

Peer review deadline: 20.3; meeting to discuss reviews on 23.3. in D221 

Final paper deadline:  10.4

Presentation sessions: see link above




Capabilities of networked collaboration between independent organisations has become a critical success factor both in private sector (enterprises, companies) and public sector (governmental organisations, 3rd party actors). Computer science and software engineering can provide efficient collaboration environments for such networked collaboration, despite of the business domain at hand (healthcare, forest industry, new innovative application areas) by providing service ecosystem infrastructure support for the independent organisations. This support includes facilities such as selecting partners for networked business, interoperability management, collaboration contract management, and breach resolution. These facilities are essential elements of service oriented computing (SOC, SOA) as well.

Enterprise interoperability

Enterprise interoperability denotes the capability of enterprises (e.g., companies, organisations from public sector, independent units within organisations) to govern mutual activities with the help of their independent computing systems.

Obstacles for enterprise interoperability can arise from conceptual and technological domains, but also from the organisational domain. Examples of conceptual barriers include mismatches on the essential concepts on the business area, like one security-service producer considering security to include physical security measures only, while the client acts on software licencing where software tools would be more relevant. Examples of technological barriers include mismatches in computing platforms and their communciation. Finally, organisational barriers arise in the mismatches on expected responsibility and authority structures used in partner enterprises, causing mismatches on decision-making and approval processes involving all partner enterprises.

Therefore, enterprise interoperability is addressed by multidiciplinary research: social, organisational, economical, business sciences; computer science and software engineering; and modeling of organisations, software and systems. Research methods involved also vary depending on the aspect under study, but due to the nature of the field, should always combine the user requirements (enterprise, people, interoperation from enterprise to another) with the aligned  computing solutions.

Privacy preservation 

Concept of privacy is most often associated with individual persons, and especially, in the persons' needs of hiding their identity, location or use of certain services, or event further, being member of some groups. However, the privacy preservation concepts can be drawn a lot further:

  • The subjects wishing to preserve their privacy may include individuals, organisations (both private and public), group, or collaboration of organisations or persons. 
  • Privacy is the right of subjects to determine themselves for whom, for what purpose, to what extent, and how information about them or information held by them is communicated to others.
  • Privacy violation is circumstances where information is held or used in a way that breaches the privacy declaration by the information owning subject.

While the ownership of the protected subjects or assets is not straightforwardly the creator of the information, nor is there necessarily a single owner,  privacy declarations by the subjects must be possible and privacy control actions must be supported by the operating infrastructure or environment, before we can discuss about trustworthy  enterprise interoperability. The same applies for more restricted forms of service interoperability challenges. 

Privacy declarations are intended to protect assets of the subject, including identity, subject profile and context, collaboration relationships, service usage, behaviour, group membership,  and privately held or created information. 

Privacy control actions need to interpret the provided declarations and enforce the restrictions they cause for the interoperability opportunities. For privacy reasons, documents or pieces of information may be retained, as they would cause the revealment of identities of involved persons or private details of their profile informaltion or service usage. 

Potential seminar tasks

The area of privacy preservation architectures is still rather mixed. Potential topics for seminar papers include the following:

  • description of a privacy preservation architecture and analysis of its effectiveness against various privacy threat categories; as material for this, a number of EU FP7 projects have addressed the topic, for example, PRECIOSA, PRISM;
  • comparison of protective efficiency by algorithms that predict the risks revealing new information carries in terms of causing identity or other asset of the subject to be revealed for other collaborative partners; for example, k-anonymity, l-diversity; 
  • methods for hiding identity, such as pseudonyms or proxies, while still preserving traceability that is required in service ecosystems;
  • methods for hiding location from others while still benefiting location-based services;
  • protecting data or metadata from being misused or used without authorisation, and even tracing the guilty party back from the misused data unit; solutions such as that in sticky policies;
  • role-based authorisation to certain use modes of data, with opportunity to emergency overrides; example systems borderlining with trust management systems such as Sultan;
  • privacy policy languages comparison.

Working methods

The seminar starts with an opening lecture and discussion based on predefined compulsory reading material. The actual topic areas are then selected by each student in a private discussion, where goals for the work are set according to the available background on the field and the writing or research skill goals set together. In a joint session, each student describes the topic idea for the others and hands in an extended abstract or work plan, which ever wording feels better for that initial draft statge. During the writing process, additional private discussions take place to guide the process. Full paper deadline is followed by peer review round and improbement cycle of the papers. In the end, each paper gets presented and the topic discussed in the group from a wider perspective as well.

In this seminar, it is possible to do a shared work in  a group, for example to produce a larger comparions of architectures or languages for privacy  In that case, a few initial sessions are required for joint setting of comparision criteria together, splitting for each student  a clear slice to study (one language, one system - or rather a function of a system), and eventually, a few joint discussions for formulating the joint conclusions. This kind of group work may even lead to publications if the joint reseach questions is set in a topical manner.

Materials / some suggestions for initial readings

  • NOTE: a list of joint compulsory reading  will be posted here before the initial introductory lecture

Zhou, Bin, and Jian Pei. "The k-anonymity and l-diversity approaches for privacy preservation in social networks against neighborhood attacks."Knowledge and Information Systems 28.1 (2011): 47-77.

Maximilien, E. M., Grandison, T., Sun, T., Richardson, D., Guo, S., & Liu, K. (2009, May). Privacy-as-a-service: Models, algorithms, and results on the facebook platform. In Proceedings of Web (Vol. 2).

Other texts by T Grandison (

Vicente, C. R., Freni, D., Bettini, C., & Jensen, C. S. (2011). Location-related privacy in geo-social networks. Internet Computing, IEEE15(3), 20-27.

Yang, J., Yessenov, K., & Solar-Lezama, A. (2012, January). A language for automatically enforcing privacy policies. In ACM SIGPLAN Notices (Vol. 47, No. 1, pp. 85-96). ACM.

Karjoth, G., & Schunter, M. (2002). A privacy policy model for enterprises. InComputer Security Foundations Workshop, 2002. Proceedings. 15th IEEE (pp. 271-281). IEEE.

Kagal, L., Finin, T., & Joshi, A. (2003, June). A policy language for a pervasive computing environment. In Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on (pp. 63-74). IEEE.

Shen, Y., Miettinen, M., Moen, P., & Kutvonen, L. (2011, August). Privacy preservation approach in service ecosystems. In Enterprise Distributed Object Computing Conference Workshops (EDOCW), 2011 15th IEEE International(pp. 283-292). IEEE.

Kargl, F., Schaub, F., & Dietzel, S. (2010). Mandatory enforcement of privacy policies using trusted computing principles. AAAI.


Policy workshop / Sympositum of policy in distributed systems