Tracking and Constraining Authorization Provenance

  • Jinwei Hu
  • Khaled M. Khan
  • Yun Bai
  • Yan Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7345)


Authorization provenance concerns how an authorization is derived. It appears important to define authorization provenance to (1) analyze policy bases, (2) defend against a class of attacks, and (3) audit authorizations. In this paper, we study a notion of authorization provenance, based on a recently proposed logic in the literature. By examining a collection of properties, we show this definition captures the intuitions of authorization provenance. We also present an application of our notion of authorization provenance: specifying and enforcing a new type of security requirements.


Security Requirement Access Control Model Policy Base Provenance Information Audit Authorization 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: ACM Conference on Computer and Communications Security, pp. 52–62 (1999)Google Scholar
  2. 2.
    Braun, U., Shinnar, A., Seltzer, M.: Securing provenance. In: Proc. of the 3rd USENIX Workshop on Hot Topics in Security (HotSec) (July 2008)Google Scholar
  3. 3.
    Chong, S., van der Meyden, R.: Deriving epistemic conclusions from agent architecture. In: TARK (July 2009)Google Scholar
  4. 4.
    Hasan, R., Sion, R., Winslett, M.: The case of the fake picasso: Preventing history forgery with secure provenance. In: Proceedings of the 7th USENIX Conference on File and Storage Technologies, FAST (2009)Google Scholar
  5. 5.
    Hu, J., Zhang, Y., Li, R., Lu, Z.: A logic for authorization provenance. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 238–249 (2010)Google Scholar
  6. 6.
    Mao, Z., Li, N., Chen, H., Jiang, X.: Trojan horse resistant discretionary access control. In: ACM Symposium on Access Control Models and Technologies (2009)Google Scholar
  7. 7.
    Muniswamy-Reddy, K.-K., Holland, D.A., Braun, U., Seltzer, M.I.: Provenance-aware storage systems. In: Proc. of the USENIX Annual Technical Conference, pp. 43–56 (2006)Google Scholar
  8. 8.
    Ni, Q., Xu, S., Bertino, E., Sandhu, R., Han, W.: An access control language for a general provenance model. In: Proceedings of the 6th VLDB Workshop on Secure Data Management (2009)Google Scholar
  9. 9.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  10. 10.
    Sipser, M.: Introduction to the Theory of Computation (2005)Google Scholar
  11. 11.
    Tan, W.C.: Provenance in databases: Past, current, and future. IEEE Data Eng. Bull. 30(4), 3–12 (2007)Google Scholar
  12. 12.
    van der Meyden, R.: On notions of causality and distributed knowledge. In: International Conference on Principles of Knowledge Representation and Reasoning, pp. 209–219 (2008)Google Scholar
  13. 13.
    Wang, Q., Li, N., Chen, H.: On the Security of Delegation in Access Control Systems. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 317–332. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jinwei Hu
    • 1
  • Khaled M. Khan
    • 1
  • Yun Bai
    • 2
  • Yan Zhang
    • 2
  1. 1.Department of Computer Science and EngineeringQatar UniversityQatar
  2. 2.School of Computing and MathematicsUniversity of Western SydneyAustralia

Personalised recommendations