An Access Control Model for Protecting Provenance Graphs

Liang Chen, Peter Edwards, John Donald Nelson, Timothy James Forester Norman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Downloads (Pure)

Abstract

Securing provenance has recently become an important research topic, resulting in a number of models for protecting access to provenance. Existing work has focused on graph transformation mechanisms that supply a user with a provenance view that satisfies both access control policies and validity constraints of provenance. However, it is not always possible to satisfy both of them simultaneously, because these two conditions are often inconsistent which require sophisticated conflict resolution strategies to be put in place. In this paper we develop a new access control model tailored for provenance. In particular, we explicitly take into account validity constraints of provenance when specifying certain parts of provenance to which access is restricted. Hence, a provenance view that is granted to a user by our authorisation mechanism would automatically satisfy the validity constraints. Moreover, we propose algorithms that allow provenance owners to deploy fine-grained access control for their provenance data.
Original languageEnglish
Title of host publicationProceedings of the 13th Annual International Conference on Privacy, Security and Trust - PST 2015
PublisherIEEE Press
Pages125-132
Number of pages8
ISBN (Electronic)978-1-4673-7828-4
DOIs
Publication statusPublished - 2015

Fingerprint

Access control

Keywords

  • provenance
  • access control
  • constraints

Cite this

Chen, L., Edwards, P., Nelson, J. D., & Norman, T. J. F. (2015). An Access Control Model for Protecting Provenance Graphs. In Proceedings of the 13th Annual International Conference on Privacy, Security and Trust - PST 2015 (pp. 125-132). IEEE Press. https://doi.org/10.1109/PST.2015.7232963

An Access Control Model for Protecting Provenance Graphs. / Chen, Liang; Edwards, Peter; Nelson, John Donald; Norman, Timothy James Forester.

Proceedings of the 13th Annual International Conference on Privacy, Security and Trust - PST 2015 . IEEE Press, 2015. p. 125-132.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chen, L, Edwards, P, Nelson, JD & Norman, TJF 2015, An Access Control Model for Protecting Provenance Graphs. in Proceedings of the 13th Annual International Conference on Privacy, Security and Trust - PST 2015 . IEEE Press, pp. 125-132. https://doi.org/10.1109/PST.2015.7232963
Chen L, Edwards P, Nelson JD, Norman TJF. An Access Control Model for Protecting Provenance Graphs. In Proceedings of the 13th Annual International Conference on Privacy, Security and Trust - PST 2015 . IEEE Press. 2015. p. 125-132 https://doi.org/10.1109/PST.2015.7232963
Chen, Liang ; Edwards, Peter ; Nelson, John Donald ; Norman, Timothy James Forester. / An Access Control Model for Protecting Provenance Graphs. Proceedings of the 13th Annual International Conference on Privacy, Security and Trust - PST 2015 . IEEE Press, 2015. pp. 125-132
@inproceedings{b56addd421aa4f9f82c4da0cce148bda,
title = "An Access Control Model for Protecting Provenance Graphs",
abstract = "Securing provenance has recently become an important research topic, resulting in a number of models for protecting access to provenance. Existing work has focused on graph transformation mechanisms that supply a user with a provenance view that satisfies both access control policies and validity constraints of provenance. However, it is not always possible to satisfy both of them simultaneously, because these two conditions are often inconsistent which require sophisticated conflict resolution strategies to be put in place. In this paper we develop a new access control model tailored for provenance. In particular, we explicitly take into account validity constraints of provenance when specifying certain parts of provenance to which access is restricted. Hence, a provenance view that is granted to a user by our authorisation mechanism would automatically satisfy the validity constraints. Moreover, we propose algorithms that allow provenance owners to deploy fine-grained access control for their provenance data.",
keywords = "provenance, access control, constraints",
author = "Liang Chen and Peter Edwards and Nelson, {John Donald} and Norman, {Timothy James Forester}",
year = "2015",
doi = "10.1109/PST.2015.7232963",
language = "English",
pages = "125--132",
booktitle = "Proceedings of the 13th Annual International Conference on Privacy, Security and Trust - PST 2015",
publisher = "IEEE Press",

}

TY - GEN

T1 - An Access Control Model for Protecting Provenance Graphs

AU - Chen, Liang

AU - Edwards, Peter

AU - Nelson, John Donald

AU - Norman, Timothy James Forester

PY - 2015

Y1 - 2015

N2 - Securing provenance has recently become an important research topic, resulting in a number of models for protecting access to provenance. Existing work has focused on graph transformation mechanisms that supply a user with a provenance view that satisfies both access control policies and validity constraints of provenance. However, it is not always possible to satisfy both of them simultaneously, because these two conditions are often inconsistent which require sophisticated conflict resolution strategies to be put in place. In this paper we develop a new access control model tailored for provenance. In particular, we explicitly take into account validity constraints of provenance when specifying certain parts of provenance to which access is restricted. Hence, a provenance view that is granted to a user by our authorisation mechanism would automatically satisfy the validity constraints. Moreover, we propose algorithms that allow provenance owners to deploy fine-grained access control for their provenance data.

AB - Securing provenance has recently become an important research topic, resulting in a number of models for protecting access to provenance. Existing work has focused on graph transformation mechanisms that supply a user with a provenance view that satisfies both access control policies and validity constraints of provenance. However, it is not always possible to satisfy both of them simultaneously, because these two conditions are often inconsistent which require sophisticated conflict resolution strategies to be put in place. In this paper we develop a new access control model tailored for provenance. In particular, we explicitly take into account validity constraints of provenance when specifying certain parts of provenance to which access is restricted. Hence, a provenance view that is granted to a user by our authorisation mechanism would automatically satisfy the validity constraints. Moreover, we propose algorithms that allow provenance owners to deploy fine-grained access control for their provenance data.

KW - provenance

KW - access control

KW - constraints

U2 - 10.1109/PST.2015.7232963

DO - 10.1109/PST.2015.7232963

M3 - Conference contribution

SP - 125

EP - 132

BT - Proceedings of the 13th Annual International Conference on Privacy, Security and Trust - PST 2015

PB - IEEE Press

ER -