A provenance-based access control model
- 1 July 2012
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 137-144
- https://doi.org/10.1109/pst.2012.6297930
Abstract
Existence of data provenance information in a system raises at least two security-related issues. One is how provenance data can be used to enhance security in the system and the other is how to protect provenance data which might be more sensitive than the data itself. Recent data provenance-related access control literature mainly focuses on the latter issue of protecting provenance data. In this paper, we propose a novel provenance-based access control model that addresses the former objective. Using provenance data for access control to the underlying data facilitates additional capabilities beyond those available in traditional access control models. We utilize a notion of dependency as the key foundation for access control policy specification. Dependency-based policy provides simplicity and effectiveness in policy specification and access control administration. We show our model can support dynamic separation of duty, workflow control, origin-based control, and object versioning. The proposed model identifies essential components and concepts and provides a foundational base model for provenance-based access control. We further discuss possible extensions of the proposed base model for enhanced access controls.Keywords
This publication has 18 references indexed in Scilit:
- Representing distributed systems using the Open Provenance ModelFuture Generation Computer Systems, 2011
- On Data Provenance in Group-centric Secure CollaborationPublished by European Alliance for Innovation n.o. ,2011
- The Open Provenance Model core specification (v1.1)Future Generation Computer Systems, 2010
- Preventing history forgery with secure provenanceACM Transactions on Storage, 2009
- Towards a framework for group-centric secure collaborationPublished by European Alliance for Innovation n.o. ,2009
- An Access Control Language for a General Provenance ModelLecture Notes in Computer Science, 2009
- Efficient lineage tracking for scientific workflowsPublished by Association for Computing Machinery (ACM) ,2008
- Efficient provenance storagePublished by Association for Computing Machinery (ACM) ,2008
- Introducing secure provenancePublished by Association for Computing Machinery (ACM) ,2007
- Transaction control expressions for separation of dutiesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003