Role-Based Integrated Access Control and Data Provenance for SOA Based Net-Centric Systems
Open Access
- 13 May 2015
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Services Computing
- Vol. 9 (6), 940-953
- https://doi.org/10.1109/tsc.2015.2432795
Abstract
In multi-domain service-based systems, services from different domains are composed together to accomplish critical tasks. In these systems, data flow from one domain to another through the composed services. Thus, security and trustworthiness are the major concerns. Many access control models have been developed for service-based systems. Also, many data provenance schemes have been proposed in recent years to support data quality assessment and enhancement, data reproduction, etc. However, none of the existing mechanisms consider both access control and data provenance in an integrated model. In this paper, we propose an integrated role-based access control and data provenance model to secure the cross-domain interactions. We develop a role-based data provenance scheme which tracks the roles of originators/contributors of a data object and uses this information to help evaluate data trustworthiness. We also make use of the data provenance information and the derived data quality attributes to assist with cross domain access and information flow control. This integrated model mutually enhances data provenance and access control, providing better security and trustworthiness for many multi-domain service-based applications.Keywords
Funding Information
- Air Force Office of Scientific Research (FA-9550-08-1-0260)
- US National Science Foundation (IIP-1361795)
- NSF
- Net-centric and Cloud Software and Systems Industry/University Cooperative Research Center
- NSF
- NCSS
- I/UCRC
- Boeing Company
This publication has 28 references indexed in Scilit:
- Security-Aware Service Composition with Fine-Grained Information Flow ControlIEEE Transactions on Services Computing, 2012
- Rule-Based Run-Time Information Flow Control in Service CloudPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- Policy-Driven Service Composition with Information Flow ControlPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- Enforcing access control in Web-based social networksACM Transactions on Information and System Security, 2009
- The SCIFC Model for Information Flow Control in Web Service CompositionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2009
- Provenance for Computational Tasks: A SurveyComputing in Science & Engineering, 2008
- Provenance in Databases: Why, How, and WhereFoundations and Trends® in Databases, 2007
- Access control enforcement for conversation-based web servicesPublished by Association for Computing Machinery (ACM) ,2006
- A survey of data provenance in e-scienceACM SIGMOD Record, 2005
- Why and Where: A Characterization of Data ProvenanceLecture Notes in Computer Science, 2001