Kairos: An Architecture for Securing Authorship and Temporal Information of Provenance Data in Grid-Enabled Workflow Management Systems

Gadelha, Luiz M. R.; Mattoso, Marta

doi:10.1109/escience.2008.161

Cited by 17 publications

(14 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We identify the assurance of correct attribution of scientific results as an important security requirement for these systems. For this purpose, we proposed Kairos [5], a security architecture for provenance that uses cryptographic timestamps [6] and digital signatures. We are working with the Swift [13] parallel scripting system to extend its provenance system [4] with appropriate security controls.…”

Section: Discussionmentioning

confidence: 99%

“…These controls must allow the verification of not only who executed an experiment but also when it was executed. A combination of digital signatures and cryptographic timestamps [6] were used in the Kairos [5] security architecture for provenance systems to provide these properties. Another desirable security property is fine-grained access control, where scientists can delegate to their collaborators access to provenance data, so it can be read or modified.…”

Section: Security Requirements For Provenance Systemsmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Threat Model for Provenance in e-Science

Gadelha

Mattoso

Wilde

et al. 2010

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Scientists increasingly rely on workflow management systems to perform large-scale computational scientific experiments. These systems often collect provenance information that is useful in the analysis and reproduction of such experiments. On the other hand, this provenance data may be exposed to security threats which can result, for instance, in compromising the analysis of these experiments, or in illegitimate claims of attribution. In this work, we describe our ongoing work to trace security requirements for provenance systems in the context of e-Science, and propose some security controls to fulfill them.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Security Requirements For Provenance Systemsmentioning

confidence: 99%

Towards a Threat Model for Provenance in e-Science

Gadelha

Mattoso

Wilde

et al. 2010

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…For the confidentiality mechanism, Hasan et al use a broadcast and threshold encryption, and they do not propose a specific access control model. Gadelha et al implement a simple time-stamp mechanism for protecting the provenance [25] in a grid system. In their scheme, the provenance is signed by the data owner and hash of the signature is sent to a Time-Stamp Authority (TSA) that appends a timestamp to the hash.…”

Section: Related Workmentioning

confidence: 99%

Securing Provenance of Distributed Processes in an Untrusted Environment

Syalim

Nishide

Sakurai

2012

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYRecently, there is much concern about the provenance of distributed processes, that is about the documentation of the origin and the processes to produce an object in a distributed system. The provenance has many applications in the forms of medical records, documentation of processes in the computer systems, recording the origin of data in the cloud, and also documentation of human-executed processes. The provenance of distributed processes can be modeled by a directed acyclic graph (DAG) where each node represents an entity, and an edge represents the origin and causal relationship between entities. Without sufficient security mechanisms, the provenance graph suffers from integrity and confidentiality problems, for example changes or deletions of the correct nodes, additions of fake nodes and edges, and unauthorized accesses to the sensitive nodes and edges. In this paper, we propose an integrity mechanism for provenance graph using the digital signature involving three parties: the process executors who are responsible in the nodes' creation, a provenance owner that records the nodes to the provenance store, and a trusted party that we call the Trusted Counter Server (TCS) that records the number of nodes stored by the provenance owner. We show that the mechanism can detect the integrity problem in the provenance graph, namely unauthorized and malicious "authorized" updates even if all the parties, except the TCS, collude to update the provenance. In this scheme, the TCS only needs a very minimal storage (linear with the number of the provenance owners). To protect the confidentiality and for an efficient access control administration, we propose a method to encrypt the provenance graph that allows access by paths and compartments in the provenance graph. We argue that encryption is important as a mechanism to protect the provenance data stored in an untrusted environment. We analyze the security of the integrity mechanism, and perform experiments to measure the performance of both mechanisms.

show abstract

“…Gadelha [166] considers some security properties of provenance -integrity, confidentiality and availability -in the context of intellectual property conflict claim resolution and of the reliable chronological reconstitution of scientific experiments. To address these, they secure data authorship and temporal information of provenance records.…”

Section: Provenance Integritymentioning

confidence: 99%

The Foundations for Provenance on the Web

Moreau

2010

FNT in Web Science

168

View full text Add to dashboard Cite

Provenance, i.e., the origin or source of something, is becoming an important concern, since it offers the means to verify data products, to infer their quality, to analyse the processes that led to them, and to decide whether they can be trusted. For instance, provenance enables the reproducibility of scientific results; provenance is necessary to track attribution and credit in curated databases; and, it is essential for reasoners to make trust judgements about the information they use over the Semantic Web.As the Web allows information sharing, discovery, aggregation, filtering and flow in an unprecedented manner, it also becomes very difficult to identify, reliably, the original source that produced an information item on the Web. Since the emerging use of provenance in niche applications is undoubtedly demonstrating the benefits of provenance, we contend that provenance can and should reliably be tracked and exploited on the Web, and we survey the necessary foundations to achieve such a vision.Using multiple data sources, we have compiled the largest bibliographical database on provenance so far. This large corpus allows us to analyse emerging trends in the research community. Specifically, using the CiteSpace tool, we identify clusters of papers that constitute research fronts, from which we derive characteristics that we use to structure our foundational framework for provenance on the Web. We note that such an endeavour requires a multi-disciplinary approach, since it requires contributions from many computer science sub-disciplines, but also other non-technical fields given the human challenge that is anticipated.To develop our vision, it is necessary to provide a definition of provenance that applies to the Web context. Our conceptual definition of provenance is expressed in terms of processes, and is shown to generalise various definitions of provenance commonly encountered. Furthermore, by bringing realistic distributed systems assumptions, we refine our definition as a query over assertions made by processes.Given that the majority of work on provenance has been undertaken by the database, workflow and e-science communities, we review some of their work, contrasting approaches, and focusing on important topics we believe to be crucial for bringing provenance to the Web, such as abstraction, collections, storage, queries, workflow evolution, semantics and activities involving human interactions.However, provenance approaches developed in the context of databases and workflows essentially deal with closed systems. By that, we mean that workflow or database management systems are in full control of the data they manage, and track their provenance within their own scope, but not beyond. In the context of the Web, a broader approach is required by which chunks of provenance representation can be brought together to describe the provenance of information flowing across multiple systems. This is the specific purpose of the Open Provenance Vision, which is an approach that consists of controlled voc...

show abstract

Kairos: An Architecture for Securing Authorship and Temporal Information of Provenance Data in Grid-Enabled Workflow Management Systems

Cited by 17 publications

References 10 publications

Towards a Threat Model for Provenance in e-Science

Towards a Threat Model for Provenance in e-Science

Securing Provenance of Distributed Processes in an Untrusted Environment

The Foundations for Provenance on the Web

Contact Info

Product

Resources

About