An Access Control Language for a General Provenance Model

Ni, Qun; Xu, Shouhuai; Bertino, Elisa; Sandhu, Ravi; Han, Weili

doi:10.1007/978-3-642-04219-5_5

Cited by 48 publications

(33 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cadenhead et al [35] proposes an extension to the ACL [36] with regular expression grammar, to operate on provenance graphs (OPM). This allows the policies to take OPM's node and edge names into account when declaring policies.…”

Section: Literature Reviewmentioning

confidence: 99%

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

Ali

Moreau

2013

2013 International Conference on Cloud and Green Computing

View full text Add to dashboard Cite

Abstract-Provenance plays a pivotal in tracing the origin of something and determining how and why something had occurred. With the emergence of the cloud and the benefits it encompasses, there has been a rapid proliferation of services being adopted by commercial and government sectors. However, trust and security concerns for such services are on an unprecedented scale. Currently, these services expose very little internal working to their customers; this can cause accountability and compliance issues especially in the event of a fault or error, customers and providers are left to point finger at each other. Provenance-based traceability provides a mean to address part of this problem by being able to capture and query events occurred in the past to understand how and why it took place. However, due to the complexity of the cloud infrastructure, the current provenance models lack the expressibility required to describe the inner-working of a cloud service. For a complete solution, a provenance-aware policy language is also required for operators and users to define policies for compliance purpose. The current policy standards do not cater for such requirement.To address these issues, in this paper we propose a provenance (traceability) model cProv, and a provenance-aware policy language (cProvl) to capture traceability data, and express policies for validating against the model. For implementation, we have extended the XACML3.0 architecture to support provenance, and provided a translator that converts cProvl policy and request into XACML type.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

Ali

Moreau

2013

2013 International Conference on Cloud and Green Computing

View full text Add to dashboard Cite

show abstract

“…In [17], the authors used the formal properties of graph transformation to detect and resolve inconsistencies within the specification of access control policies. References [4,26,21] focus on the unique features of provenance with respect to the security of provenance itself. While [21] prescribes a generalized access control model, the flow of information between various sources and the causal relationships among entities are not immediately obvious in this work.…”

Section: Related Workmentioning

confidence: 99%

“…References [4,26,21] focus on the unique features of provenance with respect to the security of provenance itself. While [21] prescribes a generalized access control model, the flow of information between various sources and the causal relationships among entities are not immediately obvious in this work. Our work is also motivated by [4,6,20,27] where the focus is on representing provenance as a directed graph structure.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Transforming provenance using redaction

Cadenhead

Khadilkar

Kantarcıoğlu

et al. 2011

Proceedings of the 16th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

Ongoing mutual relationships among entities rely on sharing quality information while preventing release of sensitive content. Provenance records the history of a document for ensuring both, the quality and trustworthiness; while redaction identifies and removes sensitive information from a document. Traditional redaction techniques do not extend to the directed graph representation of provenance. In this paper, we propose a graph grammar approach for rewriting redaction policies over provenance. Our rewriting procedure converts a high level specification of a redaction policy into a graph grammar rule that transforms a provenance graph into a redacted provenance graph. Our prototype shows that this approach can be effectively implemented using Semantic Web technologies.

show abstract

“…Nagappan et al [10] present a model for sharing provenance data that uses role-based access control techniques where the user dynamically select its confidentiality level. A common approach for protecting provenance information [2] [10] [11] is to use access control mechanisms to prevent unauthorized access to this information. None of these approaches allow for non-restricted dissemination of provenance information with maintenance of correct attribution, a requirement in the context of e-Science.…”

Section: Security Requirements For Provenance Systemsmentioning

confidence: 99%

Towards a Threat Model for Provenance in e-Science

Gadelha

Mattoso

Wilde

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Scientists increasingly rely on workflow management systems to perform large-scale computational scientific experiments. These systems often collect provenance information that is useful in the analysis and reproduction of such experiments. On the other hand, this provenance data may be exposed to security threats which can result, for instance, in compromising the analysis of these experiments, or in illegitimate claims of attribution. In this work, we describe our ongoing work to trace security requirements for provenance systems in the context of e-Science, and propose some security controls to fulfill them.

show abstract

An Access Control Language for a General Provenance Model

Cited by 48 publications

References 22 publications

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

Transforming provenance using redaction

Towards a Threat Model for Provenance in e-Science

Contact Info

Product

Resources

About