Towards secure provenance-based access control in cloud environments

Bates, Adam; Mood, Ben; Valafar, Masoud; Butler, Kevin

doi:10.1145/2435349.2435389

Cited by 59 publications

(36 citation statements)

References 14 publications

(17 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The situation trust values which have been averaged over all situations to determine the trust in an agent of interest as has been described in [44]. A provenance system has been defined [4,45] on collection of subjects s, objects o, and attributes a. A subject s1 with attribute set a1 performs an action.…”

Section: Provenance Graph Computational Trust and Hierarchy Of Rolesmentioning

confidence: 99%

“…A migration policy decision has been taken based on input object o1 and attribute set a1 associated with subject s1 and the state reached as a result of migration. The information transfer model developed in our work which includes network issues has relevance to the work described in [4]. The issue of network congestion and measuring its relevance has been described in [46][47][48].…”

Section: Provenance Graph Computational Trust and Hierarchy Of Rolesmentioning

confidence: 99%

“…The granularity of provenance information influencing communication and processing overhead has been described in [2]. A networked provenance system with migration of information between network nodes has been described in [3,4]. The use of concepts of provenance applied to news reports analysis has been described in [5][6][7][8][9].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Learning topic description from clustering of trusted user roles and event models characterizing distributed provenance networks: a reinforcement learning approach

Mukherjee

Bandyopadhyay

2017

J Big Data

View full text Add to dashboard Cite

This paper proposes a reinforcement learning based message transfer model for transferring news report messages through a selected path in a trusted provenance network with the objective of maximizing the reward values based on trust or importance based and network congestion or utility based cost measures. The reward values are calculated along a dynamically defined policy path connecting start topic or event node to a goal topic or event or issue nodes for incrementally defined time windows for a given network congestion situation. A hierarchy of agents of trusted roles is used to accomplish the sub-goals associated with sub-story or subtopic in the provenance structure where an agent role may assume the semantic role of the associated subtopic. The twitted news story thread or plan of events is defined in this work from the starting topic or event node to the goal topic or event node for incrementally defined intervals of time. The graphs are clustered into subtopic and these sub-goals or sub topic nodes of a topic node at every level of granularity are associated with cluster of news reports which describe activities associated with sub-goal or sub-topic events. Such cluster of nodes may also represent drilled down sequence of sub-events describing a sub-topic or sub-goal node. The policy path in a topic or story graph model is defined by applying reinforcement learning principles on dynamically defined event models associated with evolution of topic definition observed from incrementally acquired samples of input training data spanning multiple time windows. We provide a methodology for unifying similar provenance graph models for adapting and averaging the policy path classifiers associated with individual models to produce a reduced set of unified models derived during training. A minimum set cover of classifiers is identified for the models and a clustering procedure of the models is suggested based on these classifiers. Other database clustering methods have also been suggested as alternatives for clustering these models. A collection of unified models are identified from the models identified within a cluster and the policy path classifiers associated with these models provide the story or topic descriptions destined to goal topic or event nodes characterizing these models within a cluster.

show abstract

Section: Provenance Graph Computational Trust and Hierarchy Of Rolesmentioning

confidence: 99%

Section: Provenance Graph Computational Trust and Hierarchy Of Rolesmentioning

confidence: 99%

See 1 more Smart Citation

Learning topic description from clustering of trusted user roles and event models characterizing distributed provenance networks: a reinforcement learning approach

Mukherjee

Bandyopadhyay

2017

J Big Data

View full text Add to dashboard Cite

show abstract

“…O acesso é controlado por um procedimento que estabelece a identidade do cliente com algum grau de confiança (autenticação), e só então concede determinados privilégios (autorização) de acordo com esta identidade (BATES et al, 2013).…”

Section: Aspectos Críticos Abordadosunclassified

“…Essa variação está relacionada à quantidade de clientes. Bates et al (2013) propõem um modelo de controle de acesso para o problema de armazenamento de dados em computação em nuvem em data centers geograficamente distribuídos, nos quais podem haver problemas relacionados à proveniência dos dados. Os autores consideraram o gerenciamento e validação dos metadados de um sistema de proveniência confiável, e introduziram protocolos que permitem a transferência segura de metadados entre hospedeiros finais e entidades da nuvem.…”

Section: Análise Dos Mecanismosunclassified

Modelos de negócio para ambientes de computação em nuvem que consideram atributos de qos relacionados a desempenho e a segurança

Batista¹

View full text Add to dashboard Cite

Lightweight key management on sensitive data in the cloud

Cui

Zhu

Chi

2013

Security Comm Networks

View full text Add to dashboard Cite

As cloud servers may not be trusted, sensitive data have to be transmitted and stored in an encrypted form. Major challenges for users are from the management (storage, update, protection, backup, and recoverability) of keys that can help users to decrypt authorized data available on the servers. In this paper, we propose a versatile approach for extremely lightweight key management, which is one of the most basic security tasks in cloud systems. In the multiple data owners scenario, each user only needs to manage a single key by our approach. With the help of the single key and a set of public information stored on the server, users can decrypt all authorized data from different data owners. Specifically, our paper proposes a novel access control model, proves the correctness and security, and analyzes the complexity of the model. Experimental results show that our approach significantly outperforms the single‐layer derivation encryption and double‐layer derivation encryption on the lightweight performance. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

Towards secure provenance-based access control in cloud environments

Cited by 59 publications

References 14 publications

Learning topic description from clustering of trusted user roles and event models characterizing distributed provenance networks: a reinforcement learning approach

Learning topic description from clustering of trusted user roles and event models characterizing distributed provenance networks: a reinforcement learning approach

Modelos de negócio para ambientes de computação em nuvem que consideram atributos de qos relacionados a desempenho e a segurança

Lightweight key management on sensitive data in the cloud

Contact Info

Product

Resources

About