Trusted Computing and Provenance: Better Together

It is widely realised that provenance systems can benefit from greater awareness of security principles and the use of security technology. In this paper, we argue that Trusted Computing, a hardware-based method for establishing platform integrity, is not only useful, but immediately applicable. We demonstrate how existing Trusted Computing mechanisms can be used for provenance, and identify the remarkable similarity and overlap between the two research areas. This is accomplished through presenting architectural ideas for a trusted provenance system, and by comparing the respective requirements and capabilities of trusted systems and provenance systems.

[1]  Jing Zhang,et al.  Do You Know Where Your Data's Been? - Tamper-Evident Database Provenance , 2009, Secure Data Management.

[2]  Yong Zhao,et al.  Tracking provenance in a virtual data grid , 2008, Concurr. Comput. Pract. Exp..

[3]  Xinwen Zhang,et al.  Remote Attestation of Attribute Updates and Information Flows in a UCON System , 2009, TRUST.

[4]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[5]  Richard Wolski,et al.  The Eucalyptus Open-Source Cloud-Computing System , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[6]  John Lyle Trustable Remote Verification of Web Services , 2009, TRUST.

[7]  PlaleBeth,et al.  A survey of data provenance in e-science , 2005 .

[8]  Marianne Winslett,et al.  The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance , 2009, FAST.

[9]  Bill Broyles Notes , 1907, The Classical Review.

[10]  Ahmad-Reza Sadeghi,et al.  Enhancing Grid Security Using Trusted Virtualization , 2007, ATC.

[11]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[12]  Marianne Winslett,et al.  Introducing secure provenance: problems and challenges , 2007, StorageSS '07.

[13]  Steven B. Lipner,et al.  The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.

[14]  Ian Foster,et al.  Special Issue: The First Provenance Challenge , 2008 .

[15]  Margo I. Seltzer,et al.  Securing Provenance , 2008, HotSec.

[16]  Xie Hui,et al.  A High Efficiency Protocol for Reporting Integrity Measurements , 2008, 2008 Eighth International Conference on Intelligent Systems Design and Applications.

[17]  Seiji Munetoh,et al.  Integrity Management Infrastructure for Trusted Computing , 2008, IEICE Trans. Inf. Syst..

[18]  Robert Thibadeau Trusted Computing for Disk Drives and Other Peripherals , 2006, IEEE Security & Privacy.

[19]  Paul T. Groth,et al.  Recording Process Documentation for Provenance , 2009, IEEE Transactions on Parallel and Distributed Systems.

[20]  Margo I. Seltzer,et al.  Provenance-Aware Storage Systems , 2006, USENIX ATC, General Track.

[21]  Milan Petkovic,et al.  Secure Data Management, 6th VLDB Workshop, SDM 2009, Lyon, France, August 28, 2009. Proceedings , 2009, Secure Data Management.

[22]  Cristina Urdiales,et al.  Agent Technology and e-Health (Whitestein Series in Software Agent Technologies and Autonomic Computing) , 2008 .

[23]  Yogesh L. Simmhan,et al.  Special Issue: The First Provenance Challenge , 2008, Concurr. Comput. Pract. Exp..

[24]  Andrew Martin,et al.  The ten-page introduction to Trusted Computing , 2008 .

[25]  Jeffrey F. Naughton,et al.  Transparently Gathering Provenance with Provenance Aware Condor , 2009, Workshop on the Theory and Practice of Provenance.

[26]  Yong Zhao,et al.  Tracking provenance in a virtual data grid , 2008 .

[27]  Paul T. Groth,et al.  The provenance of electronic data , 2008, CACM.

[28]  Yogesh L. Simmhan,et al.  A survey of data provenance in e-science , 2005, SGMD.

[29]  Shouhuai Xu,et al.  An Access Control Language for a General Provenance Model , 2009, Secure Data Management.

[30]  Paul T. Groth,et al.  An Architecture for Provenance Systems , 2006 .

[31]  Paul T. Groth,et al.  PrIMe: A methodology for developing provenance-aware applications , 2011, TSEM.

[32]  Cornelius Namiluko Trusted Infrastructure for the Campus Grid , 2008 .

[33]  James Frew,et al.  ES3: A Demonstration of Transparent Provenance for Scientific Computation , 2008, IPAW.

[34]  Paul T. Groth,et al.  Security Issues in a SOA-Based Provenance System , 2006, IPAW.

[35]  Andrew P. Martin,et al.  On the Feasibility of Remote Attestation for Web Services , 2009, 2009 International Conference on Computational Science and Engineering.

[36]  Geoffrey C. Fox,et al.  Examining the Challenges of Scientific Workflows , 2007, Computer.

[37]  Dave Stainforth,et al.  Security principles for public-resource modeling research , 2004, 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[38]  Margo I. Seltzer,et al.  Making a Cloud Provenance-Aware , 2009, Workshop on the Theory and Practice of Provenance.

[39]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[40]  James Cheney,et al.  Provenance in Databases: Why, How, and Where , 2009, Found. Trends Databases.

[41]  Jun Ho Huh,et al.  Trusted Logging for Grid Computing , 2008, 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference.

[42]  James Frew,et al.  Lineage retrieval for scientific data processing: a survey , 2005, CSUR.

[43]  Amin Vahdat,et al.  Transparent Result Caching , 1997, USENIX Annual Technical Conference.

[44]  James Cheney,et al.  First workshop on on Theory and practice of provenance , 2009 .

[45]  Jean-Pierre Seifert,et al.  A technical architecture for enforcing usage control requirements in service-oriented architectures , 2007, SWS '07.