skip to main content
10.1145/2435349.2435390acmconferencesArticle/Chapter ViewAbstractPublication PagescodaspyConference Proceedingsconference-collections
short-paper

Engineering access control policies for provenance-aware systems

Published: 18 February 2013 Publication History

Abstract

Provenance is meta-data about how data items become what they are. A variety of provenance-aware access control models and policy languages have been recently discussed in the literature. However, the issue of eliciting access control requirements related to provenance and of elaborating them as provenance-aware access control policies (ACPs) has received much less attention. This paper explores the approach to engineering provenance-aware ACPs since the beginning of software development. Specifically, this paper introduces a typed provenance model (TPM) to abstract complex provenance graph and presents a TPM-centric process for identification, specification, and refinement of provenance-aware ACPs. We illustrate this process by means of a homework grading system.

References

[1]
U. Braun and A. Shinnar. A security model for provenance. Technical Report TR-04-06, Harvard University Computer Science, Jan 2006.
[2]
U. Braun, A. Shinnar, and M. Seltzer. Secure provenance. In The 3rd USENIX Workshop on Hot Topics in Sec., pages 1--5, Berkeley, CA, USA, 2008.
[3]
P. Buneman, S. Khanna, and W. C. Tan. Data provenance: Some basic issues. FST TCS 2000, pages 87--93, 2000.
[4]
T. Cadenhead, V. Khadilkar, and et al. A language for provenance access control. CODASPY'11, pages 133--144, 2011.
[5]
R. Crook, D. Ince, and B. Nuseibeh. On modelling access policies: relating roles to their organisational context. RE'05, pages 157--166, 2005.
[6]
B. Fabian, S. Gurses, and et al. A comparison of security requirements engineering methods. Requir. Eng., 15(1):7--40, Mar. 2010.
[7]
P. Groth, S. Jiang, and et al. An architecture for provenance systems. Technical report, University of Southampton, February 2006.
[8]
J. Y. Halpern and V. Weissman. Using first-order logic to reason about policies. ACM Trans. Inf. Syst. Secur., 11(4):21:1--21:41, July 2008.
[9]
R. Hasan, R. Sion, and M. Winslett. Introducing secure provenance: problems and challenges. StorageSS'07, pages 13--18, 2007.
[10]
C. Lim, S. Lu, A. Chebotko, and F. Fotouhi. Opql: A first OPM-level query language for scientific workflow provenance. SCC'11, pages 136--143, 2011.
[11]
S. Miles, P. Groth, and et al. Prime: A methodology for developing provenance-aware applications. ACM Trans. Softw. Eng. Methodol., 20(3):8:1--8:42, 2011.
[12]
L. Moreau, B. Clifford, and et al. The open provenance model -- core specification (v1.1). Future Generation Computer Systems, December 2009.
[13]
D. Nguyen, J. Park, and R. Sandhu. Dependency path patterns as the foundation of access control in provenance-aware systems. Tapp 2012, 2012.
[14]
Q. Ni, S. Xu, E. Bertino, R. Sandhu, and W. Han. An access control language for a general provenance model. SDM'09, pages 68--88, 2009.
[15]
J. Park, D. Nguyen, and R. Sandhu. A provenance-based access control model. In 10th Annual Conf. on Privacy, Security and Trust, 2012.
[16]
R. W. Reeder, L. Bauer, and et al. Expandable grids for visualizing and authoring computer security policies. CHI'08, pages 1473--1482, 2008.
[17]
P. Samarati and S. D. C. d. Vimercati. Access control: Policies, models, and mechanisms. FOSAD'00, pages 137--196, London, UK, 2001. Springer-Verlag.
[18]
R. Sandhu and P. Samarati. Access control: principle and practice. Communications Magazine, IEEE, 32(9):40--48, sept. 1994.
[19]
M. Strembeck. Scenario-driven role engineering. IEEE Security and Privacy, 8:28--35, 2010.
[20]
L. Sun and G. Huang. Towards accuracy of role-based access control configurations in component-based systems. J. Syst. Archit., 57(3):314--326, Mar. 2011.
[21]
L. Sun, G. Huang, and et al. An approach for generation of J2EE access control configurations from requirements specification. QSIC'08, pages 87--96. IEEE Computer Society, 2008.
[22]
L. Sun, G. Huang, and H. Mei. Validating access control configurations in J2EE applications. CBSE'08, pages 64--79, 2008.

Cited By

View all
  • (2023)Overview of Cross-Domain Access Control2023 IEEE Smart World Congress (SWC)10.1109/SWC57546.2023.10448810(1-8)Online publication date: 28-Aug-2023
  • (2021)Energy Saving Scheduling Model of Virtual Machine in Data Center based on Multi-Objective Optimization2021 Third International Conference on Inventive Research in Computing Applications (ICIRCA)10.1109/ICIRCA51532.2021.9544780(1168-1171)Online publication date: 2-Sep-2021
  • (2021)Activity Control Design Principles: Next Generation Access Control for Smart and Collaborative SystemsIEEE Access10.1109/ACCESS.2021.31262019(151004-151022)Online publication date: 2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy
February 2013
400 pages
ISBN:9781450318907
DOI:10.1145/2435349
  • General Chairs:
  • Elisa Bertino,
  • Ravi Sandhu,
  • Program Chair:
  • Lujo Bauer,
  • Publications Chair:
  • Jaehong Park
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 February 2013

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. opm
  2. pac
  3. pbac
  4. provenance
  5. provenance-aware access control policy
  6. tpm
  7. typed provenance model

Qualifiers

  • Short-paper

Conference

CODASPY'13
Sponsor:

Acceptance Rates

CODASPY '13 Paper Acceptance Rate 24 of 107 submissions, 22%;
Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)0
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Overview of Cross-Domain Access Control2023 IEEE Smart World Congress (SWC)10.1109/SWC57546.2023.10448810(1-8)Online publication date: 28-Aug-2023
  • (2021)Energy Saving Scheduling Model of Virtual Machine in Data Center based on Multi-Objective Optimization2021 Third International Conference on Inventive Research in Computing Applications (ICIRCA)10.1109/ICIRCA51532.2021.9544780(1168-1171)Online publication date: 2-Sep-2021
  • (2021)Activity Control Design Principles: Next Generation Access Control for Smart and Collaborative SystemsIEEE Access10.1109/ACCESS.2021.31262019(151004-151022)Online publication date: 2021
  • (2020)Provenance‐based data flow control mechanism for Internet of thingsTransactions on Emerging Telecommunications Technologies10.1002/ett.3934Online publication date: 4-May-2020
  • (2019)CF-PROV: A Content-Rich and Fine-Grained Scientific Workflow Provenance ModelIEEE Access10.1109/ACCESS.2019.29007387(30002-30016)Online publication date: 2019
  • (2019)PRAN: A Provenance Based Model and Prototype to Strengthen AuthenticationWeb, Artificial Intelligence and Network Applications10.1007/978-3-030-15035-8_13(139-150)Online publication date: 15-Mar-2019
  • (2018)A Templating System to Generate ProvenanceIEEE Transactions on Software Engineering10.1109/TSE.2017.265974544:2(103-121)Online publication date: 1-Feb-2018
  • (2018)Software Processes Analysis with ProvenanceProduct-Focused Software Process Improvement10.1007/978-3-030-03673-7_8(106-122)Online publication date: 3-Nov-2018
  • (2017)Enhancing security in the cloud: When traceability meets access control2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)10.23919/ICITST.2017.8356420(365-366)Online publication date: Dec-2017
  • (2015)Access control and view generation for provenance graphsFuture Generation Computer Systems10.1016/j.future.2015.01.01449:C(8-27)Online publication date: 1-Aug-2015
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media