We describe aframeworkfor capturing Data Provenance information to support Information Assurance attributes like Availability, Authentication, Confidentiality, Integrity and Non-Repudiation. Our approach is applicable to Multi-Level Secure systems where it is not always possible to directly provide data source and data transformation information. We achieve this by combining the subjective and objective trust in data as a "FigureofMerit" value that can cross security boundaries. Our architecture captures the Data Provenance information around the 'invariant'part ofa message in an XML-based SOA architecture. We also introduce the notion of 'wrappers' so that Data Provenance can be added on while minimizing impact to an existing workflow. We outline a simulation-basedframeworkthat allows us to inject faults to model various threats and attacks. We also discuss a dashboard view of a workflow that brings together the intrinsic Information Assurance attributes ofa workflow as it was designed as well as its execution in a deployed system. The dashboard can also be used for "what-if' analysis to understand vulnerabilities and determine impactofcompromised assets.
[1]
Paul T. Groth,et al.
Security Issues in a SOA-Based Provenance System
,
2006,
IPAW.
[2]
Thomas Macklin,et al.
Achieving Cross-Domain Collaboration in Heterogeneous Environments
,
2005
.
[3]
Yogesh L. Simmhan,et al.
A survey of data provenance in e-science
,
2005,
SGMD.
[4]
Raymond A. Paul,et al.
A New SOA Data-Provenance Framework
,
2007,
Eighth International Symposium on Autonomous Decentralized Systems (ISADS'07).
[5]
Nikhil Swamy,et al.
Verified Enforcement of Security Policies for Cross-Domain Information Flows
,
2007,
MILCOM 2007 - IEEE Military Communications Conference.
[6]
Raymond A. Paul,et al.
Data provenance in SOA: security, reliability, and integrity
,
2007,
Service Oriented Computing and Applications.
[7]
Yolanda Gil,et al.
A survey of trust in computer science and the Semantic Web
,
2007,
J. Web Semant..