A survey of data provenance in e-science
ACM SIGMOD Record
Provenance-aware storage systems
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Introducing secure provenance: problems and challenges
Proceedings of the 2007 ACM workshop on Storage security and survivability
Special Issue: The First Provenance Challenge
Concurrency and Computation: Practice & Experience - The First Provenance Challenge
Provenance for Computational Tasks: A Survey
Computing in Science and Engineering
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
The case of the fake Picasso: preventing history forgery with secure provenance
FAST '09 Proccedings of the 7th conference on File and storage technologies
Scalable access controls for lineage
TAPP'09 First workshop on on Theory and practice of provenance
An Access Control Language for a General Provenance Model
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
FAST'10 Proceedings of the 8th USENIX conference on File and storage technologies
Trusted computing and provenance: better together
TAPP'10 Proceedings of the 2nd conference on Theory and practice of provenance
Towards a secure and efficient system for end-to-end provenance
TAPP'10 Proceedings of the 2nd conference on Theory and practice of provenance
A language for provenance access control
Proceedings of the first ACM conference on Data and application security and privacy
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Issues in automatic provenance collection
IPAW'06 Proceedings of the 2006 international conference on Provenance and Annotation of Data
A position paper on data sovereignty: the importance of geolocating data in the cloud
HotCloud'11 Proceedings of the 3rd USENIX conference on Hot topics in cloud computing
Hi-Fi: collecting high-fidelity whole-system provenance
Proceedings of the 28th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
As organizations become increasingly reliant on cloud computing for servicing their data storage requirements, the need to govern access control at finer granularities becomes particularly important. This challenge is increased by the lack of policy supporting data migration across geographic boundaries and through organizations with divergent regulatory policies. In this paper, we present an architecture for secure and distributed management of provenance, enabling its use in security-critical applications. Provenance, a metadata history detailing the derivation of an object, contains information that allows for expressive, policy-independent access control decisions. We consider how to manage and validate the metadata of a provenance-aware cloud system, and introduce protocols that allow for secure transfer of provenance metadata between end hosts and cloud authorities. Using these protocols, we develop a provenance-based access control mechanism for Cumulus cloud storage, capable of processing thousands of operations per second on a single deployment. Through the introduction of replicated components, we achieve overhead costs of just 14%, demonstrating that provenance-based access control is a practical and scalable solution for the cloud.