ABSTRACT
Provenance is meta-data about how data items become what they are. A variety of provenance-aware access control models and policy languages have been recently discussed in the literature. However, the issue of eliciting access control requirements related to provenance and of elaborating them as provenance-aware access control policies (ACPs) has received much less attention. This paper explores the approach to engineering provenance-aware ACPs since the beginning of software development. Specifically, this paper introduces a typed provenance model (TPM) to abstract complex provenance graph and presents a TPM-centric process for identification, specification, and refinement of provenance-aware ACPs. We illustrate this process by means of a homework grading system.
- U. Braun and A. Shinnar. A security model for provenance. Technical Report TR-04-06, Harvard University Computer Science, Jan 2006.Google Scholar
- U. Braun, A. Shinnar, and M. Seltzer. Secure provenance. In The 3rd USENIX Workshop on Hot Topics in Sec., pages 1--5, Berkeley, CA, USA, 2008. Google ScholarDigital Library
- P. Buneman, S. Khanna, and W. C. Tan. Data provenance: Some basic issues. FST TCS 2000, pages 87--93, 2000. Google ScholarDigital Library
- T. Cadenhead, V. Khadilkar, and et al. A language for provenance access control. CODASPY'11, pages 133--144, 2011. Google ScholarDigital Library
- R. Crook, D. Ince, and B. Nuseibeh. On modelling access policies: relating roles to their organisational context. RE'05, pages 157--166, 2005. Google ScholarDigital Library
- B. Fabian, S. Gurses, and et al. A comparison of security requirements engineering methods. Requir. Eng., 15(1):7--40, Mar. 2010. Google ScholarDigital Library
- P. Groth, S. Jiang, and et al. An architecture for provenance systems. Technical report, University of Southampton, February 2006.Google Scholar
- J. Y. Halpern and V. Weissman. Using first-order logic to reason about policies. ACM Trans. Inf. Syst. Secur., 11(4):21:1--21:41, July 2008. Google ScholarDigital Library
- R. Hasan, R. Sion, and M. Winslett. Introducing secure provenance: problems and challenges. StorageSS'07, pages 13--18, 2007. Google ScholarDigital Library
- C. Lim, S. Lu, A. Chebotko, and F. Fotouhi. Opql: A first OPM-level query language for scientific workflow provenance. SCC'11, pages 136--143, 2011. Google ScholarDigital Library
- S. Miles, P. Groth, and et al. Prime: A methodology for developing provenance-aware applications. ACM Trans. Softw. Eng. Methodol., 20(3):8:1--8:42, 2011. Google ScholarDigital Library
- L. Moreau, B. Clifford, and et al. The open provenance model -- core specification (v1.1). Future Generation Computer Systems, December 2009. Google ScholarDigital Library
- D. Nguyen, J. Park, and R. Sandhu. Dependency path patterns as the foundation of access control in provenance-aware systems. Tapp 2012, 2012. Google ScholarDigital Library
- Q. Ni, S. Xu, E. Bertino, R. Sandhu, and W. Han. An access control language for a general provenance model. SDM'09, pages 68--88, 2009. Google ScholarDigital Library
- J. Park, D. Nguyen, and R. Sandhu. A provenance-based access control model. In 10th Annual Conf. on Privacy, Security and Trust, 2012. Google ScholarDigital Library
- R. W. Reeder, L. Bauer, and et al. Expandable grids for visualizing and authoring computer security policies. CHI'08, pages 1473--1482, 2008. Google ScholarDigital Library
- P. Samarati and S. D. C. d. Vimercati. Access control: Policies, models, and mechanisms. FOSAD'00, pages 137--196, London, UK, 2001. Springer-Verlag. Google ScholarDigital Library
- R. Sandhu and P. Samarati. Access control: principle and practice. Communications Magazine, IEEE, 32(9):40--48, sept. 1994. Google ScholarDigital Library
- M. Strembeck. Scenario-driven role engineering. IEEE Security and Privacy, 8:28--35, 2010. Google ScholarDigital Library
- L. Sun and G. Huang. Towards accuracy of role-based access control configurations in component-based systems. J. Syst. Archit., 57(3):314--326, Mar. 2011. Google ScholarDigital Library
- L. Sun, G. Huang, and et al. An approach for generation of J2EE access control configurations from requirements specification. QSIC'08, pages 87--96. IEEE Computer Society, 2008. Google ScholarDigital Library
- L. Sun, G. Huang, and H. Mei. Validating access control configurations in J2EE applications. CBSE'08, pages 64--79, 2008. Google ScholarDigital Library
Index Terms
- Engineering access control policies for provenance-aware systems
Recommendations
Prospective and Retrospective Provenance Collection in Scientific Workflow Environments
SCC '10: Proceedings of the 2010 IEEE International Conference on Services ComputingProvenance, a record of the derivation history of scientific results, is critical for scientific workflows to support reproducibility, result interpretation, and problem diagnosis. Both prospective provenance, which captures an abstract workflow ...
OPQL: A First OPM-Level Query Language for Scientific Workflow Provenance
SCC '11: Proceedings of the 2011 IEEE International Conference on Services ComputingProvenance, which is one kind of metadata that captures the derivation history of a data product, including its original data sources, intermediate products, and the steps that were applied to produce it, has become increasingly important in services ...
Provenance-Based Access Control in the Cloud
SCC '13: Proceedings of the 2013 IEEE International Conference on Services ComputingThis paper describes a provenance-based access control system for the cloud. The system combines both provenance and access-control models together with a rule-based mechanism. The system allows rule propagation (in the cloud) and a central execution ...
Comments