Skip to main content
SpringerLink
Log in

An Access Control Language for a General Provenance Model

  • Conference paper
Secure Data Management (SDM 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5776))

Included in the following conference series:

Abstract

Provenance access control has been recognized as one of the most important components in an enterprise-level provenance system. However, it has only received little attention in the context of data security research. One important challenge in provenance access control is the lack of an access control language that supports its specific requirements, e.g., the support of both fine-grained policies and personal preferences, and decision aggregation from different applicable policies. In this paper, we propose an access control language tailored to these requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Hasan, R., Sion, R., Winslett, M.: Introducing secure provenance: problems and challenges. In: Proceedings of the 2007 ACM Workshop on Storage Security And Survivability (StorageSS), pp. 13–18 (2007)

    Google Scholar 

  2. Braun, U., Shinnar, A.: A security model for provenance. Technical Report TR-04-06, Harvard University Computer Science (January 2006)

    Google Scholar 

  3. Groth, P., Jiang, S., Miles, S., Munroe, S., Tan, V., Tsasakou, S., Moreau, L.: An architecture for provenance systems. Technical report, University of Southampton (November 2006)

    Google Scholar 

  4. Benjelloun, O., Sarma, A.D., Halevy, A.Y., Theobald, M., Widom, J.: Databases with uncertainty and lineage. VLDB J. 17(2), 243–264 (2008)

    Google Scholar 

  5. Buneman, P., Chapman, A., Cheney, J.: Provenance management in curated databases. In: SIGMOD 2006, pp. 539–550 (2006)

    Google Scholar 

  6. Chapman, A., Jagadish, H.V., Ramanan, P.: Efficient provenance storage. In: [32], pp. 993–1006

    Google Scholar 

  7. Heinis, T., Alonso, G.: Efficient lineage tracking for scientific workflows. In: [32], pp. 1007–1018

    Google Scholar 

  8. Moreau, L., Groth, P.T., Miles, S., Vázquez-Salceda, J., Ibbotson, J., Jiang, S., Munroe, S., Rana, O.F., Schreiber, A., Tan, V., Varga, L.Z.: The provenance of electronic data. Commun. ACM 51(4), 52–58 (2008)

    Google Scholar 

  9. Tan, V., Groth, P., Miles, S., Jiang, S., Munroe, S., Tsasakou, S., Moreau, L.: Security issues in a soa-based provenance system. In: Moreau, L., Foster, I. (eds.) IPAW 2006. LNCS, vol. 4145, pp. 203–211. Springer, Heidelberg (2006)

    Google Scholar 

  10. Braun, U., Shinnar, A., Seltzer, M.: Securing provenance. In: HotSec 2008 (2008)

    Google Scholar 

  11. Moreau, L., Plale, B., Miles, S., Goble, C., Missier, P., Barga, R., Simmhan, Y., Futrelle, J., McGrath, R., Myers, J., Paulson, P., Bowers, S., Ludaescher, B., Kwasnikowska, N., den Bussche, J.V., Ellkvist, T., Freire, J., Groth, P.: The open provenance model (v1.01). Technical report, University of Southampton (2008)

    Google Scholar 

  12. Foster, I.T., Vöckler, J.S., Wilde, M., Zhao, Y.: Chimera: Avirtual data system for representing, querying, and automating data derivation. In: SSDBM, pp. 37–46. IEEE Computer Society, Los Alamitos (2002)

    Google Scholar 

  13. Janee, G., Mathena, J., Frew, J.: A data model and architecture for long-term preservation. In: Larsen, R.L., Paepcke, A., Borbinha, J.L., Naaman, M. (eds.) JCDL, pp. 134–144. ACM, New York (2008)

    Google Scholar 

  14. Callahan, S.P., Freire, J., Scheidegger, C.E., Silva, C.T., Vo, H.T.: Towards provenance-enabling paraview. In: Freire, J., Koop, D., Moreau, L. (eds.) IPAW 2008. LNCS, vol. 5272, pp. 120–127. Springer, Heidelberg (2008)

    Google Scholar 

  15. Buneman, P., Khanna, S., Tan, W.-C.: Why and where: A characterization of data provenance. In: Van den Bussche, J., Vianu, V. (eds.) ICDT 2001. LNCS, vol. 1973, pp. 316–330. Springer, Heidelberg (2001)

    Google Scholar 

  16. Abrams, M.D., Smith, G.W.: A generalized framework for database access controls. In: DBSec., pp. 171–178 (1990)

    Google Scholar 

  17. McCollum, C.D., Messing, J.R., Notargiacomo, L.: Beyond the pale of mac and dac-defining new forms of access control. In: IEEE Symposium on Security and Privacy, pp. 190–200 (1990)

    Google Scholar 

  18. Park, J., Sandhu, R.S.: Towards usage control models: beyond traditional access control. In: SACMAT, pp. 57–64 (2002)

    Google Scholar 

  19. Park, J., Sandhu, R.S.: Originator control in usage control. In: POLICY, pp. 60–66. IEEE Computer Society, Los Alamitos (2002)

    Google Scholar 

  20. Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: Ray, I., Li, N. (eds.) SACMAT, pp. 133–142. ACM, New York (2008)

    Google Scholar 

  21. Raub, D., Steinwandt, R.: An algebra for enterprise privacy policies closed under composition and conjunction. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 130–144. Springer, Heidelberg (2006)

    Google Scholar 

  22. Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: IEEE Symposium on Security and Privacy, pp. 184–198. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  23. Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware role based access control. In: Lotz, V., Thuraisingham, B.M. (eds.) SACMAT, pp. 41–50. ACM, New York (2007)

    Google Scholar 

  24. Moses, T., ed.: eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Open (February 2005)

    Google Scholar 

  25. Ni, Q., Bertino, E., Lobo, J.: D-algebra for composing access control policy decisions. In: ASIACCS (2009)

    Google Scholar 

  26. Muniswamy-Reddy, K., Holland, D., Braun, U., Seltzer, M.: Provenance-aware storage systems. In: Proceedings of the 2006 USENIX Annual Technical Conference, pp. 43–56 (2006)

    Google Scholar 

  27. Xu, S., Ni, Q., Bertino, E., Sandhu, R.: A characterization of the problem of secure provenance management. In: Workshop on Assured Information Sharing, Affiliated with the 2009 IEEE Intelligence and Security Informatics, ISI 2009 (2009)

    Google Scholar 

  28. Xu, S., Sandhu, R., Bertino, E.: Tiupam: A framework for trustworthiness-centric information sharing. In: Third IFIP WG 11.11 International Conference on Trust Management, TM 2009 (2009)

    Google Scholar 

  29. Rosenthal, A., Sciore, E.: Abstracting and refining authorization in sql. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 148–162. Springer, Heidelberg (2004)

    Google Scholar 

  30. Olson, L.E., Gunter, C.A., Madhusudan, P.: A formal framework for reflective database access control policies. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM Conference on Computer and Communications Security, pp. 289–298. ACM, New York (2008)

    Google Scholar 

  31. Ni, Q., Lin, D., Bertino, E., Lobo, J.: Conditional privacy-aware role based access control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 72–89. Springer, Heidelberg (2007)

    Google Scholar 

  32. Wang, J.T.L. (ed.): Proceedings of the ACM SIGMOD International Conference on Management of Data. In: Wang, J.T.L. (ed.) SIGMOD 2008, SIGMOD Conference, Vancouver, BC, Canada, June 10-12, ACM, New York (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Purdue University, West Lafayette, IN, USA

    Qun Ni & Elisa Bertino

  2. Department of Computer Science, UT San Antonio, San Antonio, TX, USA

    Shouhuai Xu

  3. Institute for Cyber Security, UT San Antonio, San Antonio, TX, USA

    Ravi Sandhu

  4. Software School, Fudan University, Shanghai, China

    Weili Han

Authors
  1. Qun Ni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shouhuai Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Weili Han
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands

    Willem Jonker

  2. Philips Research Laboratories, Koninklijke Philips Electronics N.V., High Tech Ampus 34, 5656 AE, Eindhoven, The Netherlands

    Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ni, Q., Xu, S., Bertino, E., Sandhu, R., Han, W. (2009). An Access Control Language for a General Provenance Model. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2009. Lecture Notes in Computer Science, vol 5776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04219-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04219-5_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04218-8

  • Online ISBN: 978-3-642-04219-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation