Why and Where: A Characterization of Data Provenance
ICDT '01 Proceedings of the 8th International Conference on Database Theory
Introducing secure provenance: problems and challenges
Proceedings of the 2007 ACM workshop on Storage security and survivability
Proceedings of the 2008 ACM SIGMOD international conference on Management of data
The Open Provenance Model: An Overview
Provenance and Annotation of Data and Processes
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
The case of the fake Picasso: preventing history forgery with secure provenance
FAST '09 Proccedings of the 7th conference on File and storage technologies
Preventing history forgery with secure provenance
ACM Transactions on Storage (TOS)
A protocol for recording provenance in service-oriented grids
OPODIS'04 Proceedings of the 8th international conference on Principles of Distributed Systems
Provenance collection support in the kepler scientific workflow system
IPAW'06 Proceedings of the 2006 international conference on Provenance and Annotation of Data
A model for user-oriented data provenance in pipelined scientific workflows
IPAW'06 Proceedings of the 2006 international conference on Provenance and Annotation of Data
Demonstrating a lightweight data provenance for sensor networks
Proceedings of the 2012 ACM conference on Computer and communications security
Supporting secure provenance update by keeping "provenance" of the provenance
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Hi-index | 0.00 |
This paper describes how to preserve integrity and confidentiality of a directed acyclic graph (DAG) model of provenance database. We show a method to preserve integrity by using digital signature where both of the provenance owner and the process executors (i.e. contributors) sign the nodes and the relationships between nodes in the provenance graph so that attacks to integrity can be detected by checking the signatures. To preserve confidentiality of the nodes and edges in the provenance graph we propose an access control model based on paths on the provenance graph because an auditor who need to audit a result normally need to access all nodes that have causal relationship with the result (i.e. all nodes that have a path to the result). We also complement the path-based access control with a compartment-based access control where each node is classified into compartments and the auditor is not allowed to access the nodes included in a compartment that can not be accessed by him/her (because of the sensitivity of the compartment). We implement the path-based access control by encrypting the nodes and later store encrypted encryption's keys in the children of the nodes. The compartment-based access control is implemented by encrypting the nodes in different compartments with different keys.We developed a prototype of the model and performed experiments to measure the overhead of digital signature and the double encryptions.