Provenance security guarantee from origin up to now in the e-Science environment

The e-Science environment provides science researchers with an online laboratory. Objects, including research data and related information, are transferred and shared in electronic form easily in an e-Science environment. Provenance, as a complete record of the changes applied to an object, provides a basis to trust an object. At this point, this paper proposes the ''Provenance Security from Origin up to Now (PSecON)'' scheme to solve the problem of how to trust provenance which is used for object trust. Through PSecON, while tracing the real source of an object transferred between e-Science environments, researchers can ensure the integrity of the object and its provenance, and confirm its actual origin. PSecON satisfies transparent audits and audit availability as well as the confidentiality and privacy of data and its provenance. These are provided by the history pool as an open board and by information hashing, respectively. PSecON supports forgery prevention and detection for provenance as well via two-way certification. Moreover, PSecON is scalable and ensures efficient and fast tracking of provenance. Based on the detailed description of PSecON in the e-Science domain, this paper demonstrates the soundness of PSecON to ensure provenance security and its easy applicability to real-world systems by analyzing the time, space and transmission overhead.

[1]  Paul T. Groth,et al.  The Requirements of Using Provenance in e-Science Experiments , 2007, Journal of Grid Computing.

[2]  Jing Zhang,et al.  Do You Know Where Your Data's Been? - Tamper-Evident Database Provenance , 2009, Secure Data Management.

[3]  Luc Moreau,et al.  Recording and Reasoning over Data Provenance in Web and Grid Services , 2003, OTM.

[4]  Yogesh L. Simmhan,et al.  Performance Evaluation of the Karma Provenance Framework for Scientific Workflows , 2006, IPAW.

[5]  Rajendra Bose A conceptual framework for composing and managing scientific data lineage , 2002, Proceedings 14th International Conference on Scientific and Statistical Database Management.

[6]  Margo I. Seltzer,et al.  Securing Provenance , 2008, HotSec.

[7]  Marianne Winslett,et al.  Preventing history forgery with secure provenance , 2009, TOS.

[8]  PlaleBeth,et al.  A survey of data provenance in e-science , 2005 .

[9]  Heon Young Yeom,et al.  A Task Pipelining Framework for e-Science Workflow Management Systems , 2008, 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID).

[10]  David W. Chadwick,et al.  ‘R‐What?’ Development of a role‐based access control policy‐writing tool for e‐Scientists , 2005, Softw. Pract. Exp..

[11]  Juliana Freire,et al.  Provenance and scientific workflows: challenges and opportunities , 2008, SIGMOD Conference.

[12]  Marianne Winslett,et al.  The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance , 2009, FAST.

[13]  Beth Plale,et al.  Towards Low Overhead Provenance Tracking in Near Real-Time Stream Filtering , 2006, IPAW.

[14]  Heon Young Yeom,et al.  HVEM DataGrid: Implementation of a Biologic Data Management System for Experiments with High Voltage Electron Microscope , 2006, GCCB.

[15]  Jia Xu,et al.  Remote Integrity Check with Dishonest Storage Server , 2008, ESORICS.

[16]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[17]  Marianne Winslett,et al.  Introducing secure provenance: problems and challenges , 2007, StorageSS '07.

[18]  James Cheney,et al.  First workshop on on Theory and practice of provenance , 2009 .

[19]  Heon Young Yeom,et al.  A Stateful Web Service with Scalable Security on HVEM DataGrid , 2007, Third IEEE International Conference on e-Science and Grid Computing (e-Science 2007).

[20]  Ian T. Foster,et al.  Globus Toolkit Version 4: Software for Service-Oriented Systems , 2005, Journal of Computer Science and Technology.

[21]  Ian T. Foster,et al.  A Multipolicy Authorization Framework for Grid Security , 2006, Fifth IEEE International Symposium on Network Computing and Applications (NCA'06).

[22]  David W. Chadwick,et al.  ‘ R-Whatq ’ Development of a role-based access control policy-writing tool for e-Scientists: Research Articles , 2005 .

[23]  Stephen Chong Towards Semantics for Provenance Security , 2009, Workshop on the Theory and Practice of Provenance.

[24]  Leon Gommans,et al.  Domain Based Access Control Model for Distributed Collaborative Applications , 2006, 2006 Second IEEE International Conference on e-Science and Grid Computing (e-Science'06).

[25]  Uri Braun,et al.  A Security Model for Provenance , 2006 .

[26]  Paul T. Groth,et al.  An Architecture for Provenance Systems , 2006 .

[27]  Samir Khuller,et al.  Bistro: a scalable and secure data transfer service for digital government applications , 2003, CACM.

[28]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[29]  Paulo S. L. M. Barreto,et al.  Demonstrating data possession and uncheatable data transfer , 2006, IACR Cryptol. ePrint Arch..

[30]  Heon Young Yeom,et al.  HVEM Grid: Experiences in Constructing an Electron Microscopy Grid , 2006, APWeb.

[31]  Brajendra Panda,et al.  Provenance Tracking with Bit Vectors , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[32]  Elisa Bertino,et al.  Trust Evaluation of Data Provenance , 2008 .

[33]  Ian T. Foster Globus Toolkit Version 4: Software for Service-Oriented Systems , 2005, NPC.

[34]  Sami Noponen,et al.  Information Security of Remote File Transfers with Mobile Devices , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[35]  Ian T. Foster,et al.  The data grid: Towards an architecture for the distributed management and analysis of large scientific datasets , 2000, J. Netw. Comput. Appl..