PrIMe: a software engineering methodology for developing provenance-aware applications
Proceedings of the 6th international workshop on Software engineering and middleware
Integrity auditing of outsourced data
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
The provenance of electronic data
Communications of the ACM - The psychology of security: why do good users make bad decisions?
Data Protection: A Practical Guide to UK and EU Law
Data Protection: A Practical Guide to UK and EU Law
Electronically querying for the provenance of entities
IPAW'06 Proceedings of the 2006 international conference on Provenance and Annotation of Data
The case of the fake Picasso: preventing history forgery with secure provenance
FAST '09 Proccedings of the 7th conference on File and storage technologies
Preventing history forgery with secure provenance
ACM Transactions on Storage (TOS)
Towards a secure and efficient system for end-to-end provenance
TAPP'10 Proceedings of the 2nd conference on Theory and practice of provenance
The Foundations for Provenance on the Web
Foundations and Trends in Web Science
A provenance-based compliance framework
FIS'10 Proceedings of the Third future internet conference on Future internet
Enabling robust information accountability in E-healthcare systems
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
Hi-index | 0.00 |
Across the world, organizations are required to comply with regulatory frameworks dictating how to manage personal information. Despite these, several cases of data leaks and exposition of private data to unauthorized recipients have been publicly and widely advertised. For authorities and system administrators to check compliance to regulations, auditing of private data processing becomes crucial in IT systems. Finding the origin of some data, determining how some data is being used, checking that the processing of some data is compatible with the purpose for which the data was captured are typical functionality that an auditing capability should support, but difficult to implement in a reusable manner. Such questions are so-called provenance questions, where provenance is defined as the process that led to some data being produced. The aim of this paper is to articulate how data provenance can be used as the underpinning approach of an auditing capability in IT systems. We present a case study based on requirements of the Data Protection Act and an application that audits the processing of private data, which we apply to an example manipulating private data in a university.