Provenance and security are intimately related. Cheney et al. [3] show that the dependencies underlying provenance information also underly information flow security policies. Provenance information can also play a role in history-based access control policies [1]. Many real applications have the need to combine a variety of security policies with provenance tracking. For instance, an online stock trading website might restrict access to certain premium features it offers using an access control policy, while at the same time using an information flow policy to ensure that a user’s sensitive trading information is not leaked to other users. Similarly, the application might need to track the provenance of transaction information to support an annual financial audit while also using provenance to attest to the reliability of stock analyses that it presents to its users. We have been exploring the interaction between provenance and security policies while developing a document management system we call the Collaborative Planning Application (CPA). The CPA is written in SELINKS, our language for supporting user-defined, label-based security policies [7]. SELINKS is an extension of the Links web-programming language [4] with means to express labelbased security policies. Labels are associated with the data they protect by using dependent types which, along with some syntactic restrictions, suffice to ensure that user-defined policies enjoy complete mediation and cannot be circumvented [6]. Our interest in provenance and security policies is thus part of a broader exploration of how security policies can be encoded, composed, and reasoned about within SELINKS. In this paper, we describe the architecture of the CPA and its approach to label-based provenance and security policies (Section 2) and we sketch directions for further exploration on the interaction between the two (Section 3).
[1]
Martín Abadi,et al.
Access Control Based on Execution History
,
2003,
NDSS.
[2]
Michael Hicks,et al.
Fable: A Language for Enforcing User-defined Security Policies
,
2008,
2008 IEEE Symposium on Security and Privacy (sp 2008).
[3]
Nikhil Swamy,et al.
Verified Enforcement of Security Policies for Cross-Domain Information Flows
,
2007,
MILCOM 2007 - IEEE Military Communications Conference.
[4]
James Cheney,et al.
Provenance management in curated databases
,
2006,
SIGMOD Conference.
[5]
Philip Wadler,et al.
Links: Web Programming Without Tiers
,
2006,
FMCO.
[6]
James Cheney,et al.
Provenance as Dependency Analysis
,
2007,
DBPL.