An access control model for protecting provenance graphs

Securing provenance has recently become an important research topic, resulting in a number of models for protecting access to provenance. Existing work has focused on graph transformation mechanisms that supply a user with a provenance view that satisfies both access control policies and validity constraints of provenance. However, it is not always possible to satisfy both of them simultaneously, because these two conditions are often inconsistent which require sophisticated conflict resolution strategies to be put in place. In this paper we develop a new access control model tailored for provenance. In particular, we explicitly take into account validity constraints of provenance when specifying certain parts of provenance to which access is restricted. Hence, a provenance view that is granted to a user by our authorisation mechanism would automatically satisfy the validity constraints. Moreover, we propose algorithms that allow provenance owners to deploy fine-grained access control for their provenance data.

[1]  James Cheney,et al.  An Analytical Survey of Provenance Sanitization , 2014, IPAW.

[2]  Bo Luo,et al.  HyXAC: a hybrid approach for XML access control , 2013, SACMAT '13.

[3]  Bertram Ludäscher,et al.  ProPub: Towards a Declarative Approach for Publishing Customized, Policy-Aware Provenance , 2011, SSDBM.

[4]  Yogesh L. Simmhan,et al.  The Open Provenance Model core specification (v1.1) , 2011, Future Gener. Comput. Syst..

[5]  Marianne Winslett,et al.  Introducing secure provenance: problems and challenges , 2007, StorageSS '07.

[6]  Elisa Bertino,et al.  A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[7]  Jason Crampton,et al.  Applying hierarchical and role-based access control to XML documents , 2004, SWS '04.

[8]  Bhavani M. Thuraisingham,et al.  Secure Data Provenance and Inference Control with Semantic Web , 2014 .

[9]  Vasa Curcin,et al.  ProvAbs: model, policy, and tooling for abstracting PROV graphs , 2014, IPAW.

[10]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[11]  James Cheney,et al.  The W3C PROV family of specifications for modelling provenance metadata , 2013, EDBT '13.

[12]  Andrew P. Martin,et al.  Provenance as a Security Control , 2012, TaPP.

[13]  James Cheney,et al.  A Formal Framework for Provenance Security , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[14]  Martín Abadi,et al.  Security analysis of cryptographically controlled access to XML documents , 2005, PODS '05.

[15]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[16]  Jaehong Park,et al.  A provenance-based access control model , 2012, 2012 Tenth Annual International Conference on Privacy, Security and Trust.

[17]  Bhavani M. Thuraisingham,et al.  Transforming provenance using redaction , 2011, SACMAT '11.