Fine-Grained Sticky Provenance Architecture for Office Documents

  • Takuya Mishina
  • Sachiko Yoshihama
  • Michiharu Kudo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4752)

Abstract

Current business situations require improved confidentiality and integrity for office documents. However, existing content management systems for office documents lack required security properties such as the *-property, or have problems such as label creep. In this paper we propose a meta-data format called sticky provenance and a fine-grained information flow control architecture using the sticky provenance. The sticky provenance contains the change history and the labels of an office document in a secure form, and it ensures the verifiability of the change history of the documents in distributed environments. The Provenance Manager, which is a key module of the architecture, reduces the label creep problem of the information flow control models with the sticky provenance. In other words, the sticky provenance and the Provenance Manager can introduce a practical fine-grained information flow control capability to office applications so that we can ensure both the confidentiality and the verifiability of office documents.

Keywords

Editing 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bell, D.E., LaPadula, L.J.: Secure computer system: Unified exposition and multics interpretation. Technical Report MTR-2997 Rev. 1, MITRE Corporation, (March 1976)Google Scholar
  2. 2.
    Mishina, T., Watanabe, Y., Katsuno, Y., Yoshihama, S.: Semantic fine-grained data provenance tracking (works in progress). In: Proc. of 22nd Annual Computer Security Applications Conference (2006)Google Scholar
  3. 3.
  4. 4.
    OASIS open document format for office applications (OpenDocument) TC, http://www.oasis-open.org/committees/office/
  5. 5.
    Open document format for office applications (OpenDocument) v1.0, 2006.ISO/IEC 26300 (2006)Google Scholar
  6. 6.
    Ferrari, E., Samarati, P., Bertino, E., Jajodia, S.: Providing flexibility in information flow control for object oriented systems. In: Proc. of the 1997 IEEE Symposium on Security and Privacy, pp. 130–140 (1997)Google Scholar
  7. 7.
    Chong, S., Myers, A.C.: Security policies for downgrading. In: Proc. of the 11th ACM conference on Computer and communications security, pp. 198–209 (2004)Google Scholar
  8. 8.
    Buneman, P., Khanna, S., Tan, W.C.: Data provenance: Some basic issues. In: Kapoor, S., Prasad, S. (eds.) FST TCS 2000. LNCS, vol. 1974, pp. 87–93. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Simmhan, Y.L., Plale, B., Gannon, D.: A survey of data provenance in e-science. SIGMOD Record 34, 31–36 (2005)CrossRefGoogle Scholar
  10. 10.
    Karjoth, G., Schunter, M., Waidner, M.: The platform for enterprise privacy practices—privacy enabled management of customer data. In: The 2nd Workshop on Privacy Enhancing Technologies (2002)Google Scholar
  11. 11.
    Mont, M., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: Proc. of the 14th International Workshop on Database and Expert Systems Applications (2003)Google Scholar
  12. 12.
    Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)MATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Tolone, W., Ahn, G.J., Pai, T., Hong, S.P.: Access control in collaborative systems. ACM Computing Surveys 37(1), 29–41 (2005)CrossRefGoogle Scholar
  14. 14.
    Bertino, E., Mella, G., Correndo, G., Ferrari, E.: An infrastructure for managing secure update operations on XML data. In: Proc. of the eighth ACM symposium on Access control models and technologies, pp. 110–122 (2003)Google Scholar
  15. 15.
    XML path language (xpath) version 1.0, W3C recommendation 16 november (1999), http://www.w3.org/TR/xpath
  16. 16.
    Pan, C.C., Mitra, P., Liu, P.: Semantic access control for information interoperation. In: Proc. of the eleventh ACM symposium on Access control models and technologies, pp. 237–246 (2006)Google Scholar
  17. 17.
    Jin, J., Ahn, G.J.: Role-based access management for ad-hoc collaborative sharing. In: Proc. of the eleventh ACM symposium on Access control models and technologies, pp. 200–209 (2006)Google Scholar
  18. 18.
    Tan, W.C.: Research problems in data provenance. IEEE Data Engineering Bulletin 27(4), 45–52 (2004)Google Scholar
  19. 19.
    Buneman, P., Khanna, S., Tan, W.C.: Why and where: A characterization of data provenance. In: Van den Bussche, J., Vianu, V. (eds.) ICDT 2001. LNCS, vol. 1973, Springer, Heidelberg (2000)Google Scholar
  20. 20.
  21. 21.
    Buneman, P., Chapman, A., Cheney, J.: Provenance management in curated databases. In: Proc. of the 2006 ACM SIGMOD international conference on Management of data, pp. 539–550 (2006)Google Scholar
  22. 22.
    Buneman, P., Chapman, A., Cheney, J., Vansummerenn, S.: A provenance model for manually curated data. In: Proc. of the International Provenance and Annotation Workshop (2006)Google Scholar
  23. 23.
    Tan, V., Groth, P., Miles, S., Jiang, S., Munroe, S., Tsasakou, S., Moreau, L.: Security issues in a SOA-based provenance system. In: Proc. of the International Provenance and Annotation Workshop (2006)Google Scholar
  24. 24.
    Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. In: Proc. of the FREENIX Track: 2001 USENIX Annual Technical Conference (2001)Google Scholar
  25. 25.
    Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Symposium on Principles of Programming Languages, pp. 228–241 (1999)Google Scholar
  26. 26.
    Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  27. 27.
    Yoshihama, S., Kudoh, M., Oyanagi, K.: Language-based information flow control in dynamic approach. IBM Research Report TR0694, IBM Research (2006)Google Scholar
  28. 28.
    Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Controlled access and dissemination of XML documents. In: Proc. of the 2nd international workshop on Web information and data management, pp. 22–27 (1999)Google Scholar
  29. 29.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Securing XML documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  30. 30.
    OASIS eXtensible Access Control Markup Language (XACML) TC, http://www.oasis-open.org/committees/xacml/
  31. 31.
    Mazzoleni, P., Bertino, E., Crispo, B., Sivasubramanian, S.: XACML policy integration algorithms. In: Proc. of the eleventh ACM symposium on Access control models and technologies, pp. 219–227 (2006)Google Scholar
  32. 32.
    Chatvichienchai, S., Anutariya, C., Iwaihara, M., Wuwongse, V., Kambayashi, Y.: Towards integration of XML document access and version control. In: Galindo, F., Takizawa, M., Traunmüller, R. (eds.) DEXA 2004. LNCS, vol. 3180, Springer, Heidelberg (2004)Google Scholar
  33. 33.
    Chatvichienchai, S., Iwaihara, M.: Detecting information leakage in updating XML documents of fine-grained access control. In: Proc. of Database and Expert Systems Applications, pp. 286–296 (2006)Google Scholar
  34. 34.
    Iwaihara, M., Chatvichienchai, S., Anutariya, C., Wuwongse, V.: Relevancy based access control of versioned XML documents. In: Proc. of the tenth ACM symposium on Access control models and technologies, pp. 85–94 (2005)Google Scholar
  35. 35.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. Transactions on Information and System Security 5(2), 169–202 (2002)CrossRefGoogle Scholar
  36. 36.
    Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable signature. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, Springer, Heidelberg (2005)Google Scholar
  37. 37.
    Miyazaki, K., Iwamura, M., Matsumoto, T., Sasaki, R., Yoshiura, H., Tezuka, S., Imai, H.: Digitally signed document sanitizing scheme with disclosure condition control. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences E88-A(1), 239–246 (2005)CrossRefGoogle Scholar
  38. 38.
    Miyazaki, K., Hanaoka, G., Imai, H.: Digitally signed document sanitizing scheme based on bilinear maps. In: Proc. of the 2006 ACM Symposium on Information, computer and communications security, pp. 343–354 (2006)Google Scholar
  39. 39.
    Rönnau, S., Scheffczyk, J., Borghoff, U.M.: Towards XML version control of office documents. In: Proc. of the 2005 ACM symposium on Document engineering, pp. 10–19 (2005)Google Scholar
  40. 40.
    Carminati, B., Ferrari, E.: AC-XML documents: improving the performance of a web access control module. In: Proc. of the tenth ACM symposium on Access control models and technologies, pp. 67–76 (2005)Google Scholar
  41. 41.
    Wang, Y., DeWitt, D.J., Ca, J.Y.: X-Diff: An effective change detection algorithm for XML documents. In: Proc. of the 19th International Conference on Data Engineering, pp. 519–530 (2003)Google Scholar
  42. 42.
    Katsuno, Y., Kudo, M., Watanabe, Y., Yoshihama, S., Perez, R., Sailer, R., van Doorn, L.: Towards multi layer trusted virtual domains. In: Proc. of The Second Workshop on Advances in Trusted Computing (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Takuya Mishina
    • 1
  • Sachiko Yoshihama
    • 1
  • Michiharu Kudo
    • 1
  1. 1.IBM Research, Tokyo Research Laboratory, 1623-14 Shimo-tsuruma, Yamato, Kanagawa, 242-8502Japan

Personalised recommendations