Securing Provenance-Based Audits

Given the significant increase of on-line services that require personal information from users, the risk that such information is misused has become an important concern. In such a context, information accountability is desirable since it allows users (and society in general) to decide, by means of audits, whether information is used appropriately. To ensure information accountability, information flow should be made transparent. It has been argued that data provenance can be used as the mechanism to underpin such a transparency. Under these conditions, an audit's quality depends on the quality of the captured provenance information. Thereby, the integrity of provenance information emerges as a decisive issue in the quality of a provenance-based audit. The aim of this paper is to secure provenance-based audits by the inclusion of cryptographic elements in the communication between the involved entities as well as in the provenance representation. This paper also presents a formalisation and an automatic verification of a set of security properties that increase the level of trust in provenance-based audit results.

[1]  Paul T. Groth,et al.  A model of process documentation to determine provenance in mash-ups , 2009, TOIT.

[2]  Luc Moreau,et al.  The Foundations for Provenance on the Web , 2010, Found. Trends Web Sci..

[3]  Gernot Stenz,et al.  E-SETHEO: An Automated3 Theorem Prover , 2000, TABLEAUX.

[4]  James A. Hendler,et al.  Information accountability , 2008, CACM.

[5]  Limin Jia,et al.  Evidence-Based Audit , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[6]  Gerome Miklau,et al.  Securing history: Privacy and accountability in database systems , 2007, CIDR.

[7]  Paul T. Groth,et al.  The provenance of electronic data , 2008, CACM.

[8]  Andrei Voronkov Proceedings of the 18th International Conference on Automated Deduction , 2002 .

[9]  Simon Miles Electronically Querying for the Provenance of Entities , 2006, IPAW.

[10]  Paul T. Groth,et al.  Security Issues in a SOA-Based Provenance System , 2006, IPAW.

[11]  Christoph Weidenbach,et al.  S PASS Version 2.0 , 2002, CADE.

[12]  Marianne Winslett,et al.  The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance , 2009, FAST.

[13]  Gerome Miklau,et al.  Threats to privacy in the forensic analysis of database systems , 2007, SIGMOD '07.

[14]  Marianne Winslett,et al.  Introducing secure provenance: problems and challenges , 2007, StorageSS '07.

[15]  Luc Moreau,et al.  Provenance-Based Auditing of Private Data Use , 2008, BCS Int. Acad. Conf..

[16]  Christoph Weidenbach,et al.  SPASS version 2.0 , 2002 .

[17]  Margo I. Seltzer,et al.  Securing Provenance , 2008, HotSec.

[18]  Paul T. Groth,et al.  Recording Process Documentation for Provenance , 2009, IEEE Transactions on Parallel and Distributed Systems.

[19]  Jan Jürjens Using Interface Specifications for Verifying Crypto-protocol Implementations , 2008 .

[20]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[21]  Stephen Chong Towards Semantics for Provenance Security , 2009, Workshop on the Theory and Practice of Provenance.

[22]  Shouhuai Xu,et al.  A Characterization of the problem of secure provenance management , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[23]  Andrei Voronkov,et al.  Automated Deduction—CADE-18 , 2002, Lecture Notes in Computer Science.

[24]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[25]  Gerome Miklau,et al.  Auditing a Database under Retention Restrictions , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[26]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[27]  Simon Miles,et al.  Provenance in Agent-Mediated Healthcare Systems , 2006, IEEE Intelligent Systems.

[28]  Yogesh L. Simmhan,et al.  The Open Provenance Model core specification (v1.1) , 2011, Future Gener. Comput. Syst..

[29]  Roy Dyckhoff Automated Reasoning with Analytic Tableaux and Related Methods , 2000, Lecture Notes in Computer Science.

[30]  Paul T. Groth,et al.  PrIMe: A methodology for developing provenance-aware applications , 2011, TSEM.