History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Introducing secure provenance: problems and challenges
Proceedings of the 2007 ACM workshop on Storage security and survivability
Efficient lineage tracking for scientific workflows
Proceedings of the 2008 ACM SIGMOD international conference on Management of data
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
An Access Control Language for a General Provenance Model
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
A language for provenance access control
Proceedings of the first ACM conference on Data and application security and privacy
The Open Provenance Model core specification (v1.1)
Future Generation Computer Systems
Transforming provenance using redaction
Proceedings of the 16th ACM symposium on Access control models and technologies
Surrogate parenthood: protected and informative graphs
Proceedings of the VLDB Endowment
A provenance-based access control model
PST '12 Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)
Towards provenance and risk-awareness in social computing
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
Engineering access control policies for provenance-aware systems
Proceedings of the third ACM conference on Data and application security and privacy
Hi-index | 0.00 |
A unique characteristics of provenance data is that it forms a directed acyclic graph (DAG) in accordance with the underlying causality dependencies between entities (acting users, action processes and data objects) involved in transactions. Data provenance raises at least two distinct security-related issues. One is how to control access to provenance data which we call Provenance Access control (PAC). The other is Provenance-based Access Control (PBAC) which focuses on how to utilize provenance data to control access to data objects. Both PAC and PBAC are built on a common foundation that requires security architects to define application-specific dependency path patterns of provenance data. Assigning application-specific semantics to these path patterns provides the foundation for effective security policy specification and administration. This paper elaborates on this common foundation of PAC and PBAC and identifies some of the differences in how this common foundation is applied in these two contexts.