Dependency path patterns as the foundation of access control in provenance-aware systems

Authors:
Dang Nguyen;Jaehong Park;Ravi Sandhu
Affiliations:
Institute for Cyber Security, University of Texas at San Antonio;Institute for Cyber Security, University of Texas at San Antonio;Institute for Cyber Security, University of Texas at San Antonio
Venue:
TaPP'12 Proceedings of the 4th USENIX conference on Theory and Practice of Provenance
Year:
2012

Citing 10
Cited 2

History-based access control for mobile code

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Introducing secure provenance: problems and challenges

Proceedings of the 2007 ACM workshop on Storage security and survivability
Efficient lineage tracking for scientific workflows

Proceedings of the 2008 ACM SIGMOD international conference on Management of data
Securing provenance

HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
An Access Control Language for a General Provenance Model

SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
A language for provenance access control

Proceedings of the first ACM conference on Data and application security and privacy
The Open Provenance Model core specification (v1.1)

Future Generation Computer Systems
Transforming provenance using redaction

Proceedings of the 16th ACM symposium on Access control models and technologies
Surrogate parenthood: protected and informative graphs

Proceedings of the VLDB Endowment
A provenance-based access control model

PST '12 Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)

Towards provenance and risk-awareness in social computing

Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
Engineering access control policies for provenance-aware systems

Proceedings of the third ACM conference on Data and application security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

A unique characteristics of provenance data is that it forms a directed acyclic graph (DAG) in accordance with the underlying causality dependencies between entities (acting users, action processes and data objects) involved in transactions. Data provenance raises at least two distinct security-related issues. One is how to control access to provenance data which we call Provenance Access control (PAC). The other is Provenance-based Access Control (PBAC) which focuses on how to utilize provenance data to control access to data objects. Both PAC and PBAC are built on a common foundation that requires security architects to define application-specific dependency path patterns of provenance data. Assigning application-specific semantics to these path patterns provides the foundation for effective security policy specification and administration. This paper elaborates on this common foundation of PAC and PBAC and identifies some of the differences in how this common foundation is applied in these two contexts.