engineering access control policies for provenance aware
play

Engineering Access Control Policies for Provenance-aware Systems - PowerPoint PPT Presentation

Apr 17, 2023 •243 likes •491 views

Engineering Access Control Policies for Provenance-aware Systems Lianshan Sun 12 , Jaehong Park 2 and Ravi Sandhu 2 1. Shaanxi University of Science and Technology (SUST), Xian, Shaanxi, China, 710021 2. University of Texas at San Antonio

  1. Engineering Access Control Policies for Provenance-aware Systems Lianshan Sun 12 , Jaehong Park 2 and Ravi Sandhu 2 1. Shaanxi University of Science and Technology (SUST), Xi’an, Shaanxi, China, 710021 2. University of Texas at San Antonio (UTSA), San Antonio, Texas, USA, 78249 sunlianshan@gmail.com, jae.park@utsa.edu, ravi.sandhu@utsa.edu Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 1 / 19

  2. Outline Engineering access control policies for provenance-aware systems Background What is provenance Provenance-aware systems Provenance-aware access control policies Motivations Solution and Case Study Typed Provenance Model (TPM) A TPM-Centric Process for engineering Access Control Polices A case study on Homework Grading System (HGS) Conclusion Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 2 / 19

  3. Background What is provenance Provenance is information about entities, activities, and people involved in producing a piece of data or thing, which can be used to form assessments about its quality, reliability or trustworthiness. Figure: The provenance of a piece of cake Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 3 / 19

  4. Background A Running Example – Homework Grading System (HGS) Students upload, replace, and submit their homework; Professors as well as some students on behalf of professors review the submitted homework; Professors grade a homework to generate a grade report having some of existing reviews of the homework as appendix. Figure: The provenance of a submitted homework. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 4 / 19

  5. Background Provenance-aware systems A provenance-aware system generates, stores, processes, and disseminates provenance to answer various provenance questions. Key issues in building provenance aware systems include provenance collection, storage, and retrieval. A provenance data model defines the scheme of provenance to be captured and is the conceptual basis of building provenance aware systems. A public provenance data model – Open Provenance Model (OPM). A directed graph captures entities and casuality dependencies among entities. Entities: artifact, process, agent. Casuality dependency : e → f means e is caused by f . Dependency types: direct (u, g, c), indirect (d, t). t u1 Artifact Process Agent c g u submit h2 review c : wasControlledBy; d : wasDerivedFrom u u : used; t : wasTriggeredBy h1 d g : wasGeneratedBy; Figure: An OPM graph. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 5 / 19

  6. Background Access control in provenance-aware systems Provenance-aware systems need to deploy some access control facilities to protect both normal data items and their provenance. Provenance differs from traditional data and meta-data in that it is an immutable directed acyclic graph called provenance graph and can only be captured at run-time. Some subgraphs of a provenance graph as a unit may show meaningful provenance semantics and could be treated as sensitive resources or be used to adjudicate access requests. u1 c u g submit h2 review u h1 Figure: A subgraph of provenance. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 6 / 19

  7. Background Access control in provenance-aware systems Traditional access control models, policy languages do not work well in provenance aware systems. Researchers have proposed some provenance-aware access control models and corresponding policy languages. Provenance access control, PAC Protecting sensitive provenance. A reviewer cannot see who has submitted a homework. prov: ( h → submit → u ). Provenance-based access control, PBAC Protecting both sensitive provenance and sensitive data items with provenance by using provenance to adjudicate access requests. Only a submitted homework can be reviewed. prov: ( h → submit ) Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 7 / 19

  8. Background Provenance-aware Access Control Policies A provenance-aware policy may be either a PAC policy, a PBAC policy, or the combination of both, which may refer to provenance answering certain provenance questions A user u can see the owner of a homework h if u has started to grade h . u ∈ GradedBy ( h ) ⇐ P ( u , query , OwnedBy ( h )) . Here, both GradedBy ( h ) and OwnedBy ( h ) are two provenance questions against the homework h whose semantics can be easily understood by users without technical knowledge. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 8 / 19

  9. Background Provenance-aware Access Control Policies A provenance-aware policy may be either a PAC policy, a PBAC policy, or the combination of both, which may refer to provenance answering certain provenance questions A user u can see the owner of a homework h if u has started to grade h . u ∈ GradedBy ( h ) ⇐ P ( u , query , OwnedBy ( h )) . Here, both GradedBy ( h ) and OwnedBy ( h ) are two provenance questions against the homework h whose semantics can be easily understood by users without technical knowledge. Although there are provenance-aware policy languages, it is far from straightforward for developers to specify provenance-aware policies due to various reasons. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 8 / 19

  10. Motivations Motivations First, it is very difficult to specify provenance-aware policies due to the complexity of provenance graph. For example, policy architects need to identify one or more subgraphs in a provenance graph in defining provenance-aware policies. u ∈ GradedBy ( h ) ⇐ P ( u , query , OwnedBy ( h )) Figure: Provenance Graph of HGS. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 9 / 19

  11. Motivations Motivations First, it is very difficult to specify provenance-aware policies due to the complexity of provenance graph. For example, policy architects need to identify one or more subgraphs in a provenance graph in defining provenance-aware policies. u ∈ GradedBy ( h ) ⇐ P ( u , query , OwnedBy ( h )) We need some mechanisms to abstract complex provenance graph into user-comprehensible and meaningful controlling units that can be used to efficiently define provenance-aware policies at development time when the provenance graph is even not available. Figure: Provenance Graph of HGS. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 9 / 19

  12. Motivations Motivations Second, implications on software architecture Provenance impacts software architecture and makes some traditional functional requirements possibly be implemented as provenance-aware policies. An activity A can start only after another activity B is finished Only users who did not review a homework before can review the homework. Developers need to decide which requirements can be and should be modeled as provenance-aware requirements from the beginning of software development. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 10 / 19

  13. Motivations Motivations Second, implications on software architecture Provenance impacts software architecture and makes some traditional functional requirements possibly be implemented as provenance-aware policies. An activity A can start only after another activity B is finished Only users who did not review a homework before can review the homework. Developers need to decide which requirements can be and should be modeled as provenance-aware requirements from the beginning of software development. So it is conducive to take some engineering solutions in developing provenance-aware policies. Modeling provenance in abstractions Designing process to guide the identification, specification, and refinement of provenance aware policies. Figure: Motivations. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 10 / 19

  14. Solution and Case Study Typed Provenance Model Figure: Provenance abstractions. An entity type is a class that is instantiated into nodes in a provenance graph Artifacts: Homework, Review, Grade Processes: upload, replace, submit, review, grade Agents: Student, Professor A dependency type is a class of causality dependencies with similar provenance semantics T : = N ( E , C ) , e.g T := ReviewedBy(Homework, User) ReviewedBy ( Hw 1 , u 1 ) instantiated from T means that the homework Hw 1 was reviewed by the user u 1 . ReviewedBy ( Hw 1 , u 1 ) can also be denoted as u 1 ∈ ReviewedBy ( Hw 1 ) . Primitive dependency types and complex dependency types. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 11 / 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search Ph.D. Dissertation Defense Zeeshan Pervez Department of Computer Engineering Kyung Hee University, Global Campus, Korea email:

650 views • 24 slides
PASS PASS Provenance-Aware Storage System Provenance-Aware Storage System Margo Seltzer, David

PASS PASS Provenance-Aware Storage System Provenance-Aware Storage System Margo Seltzer, David

PASS PASS Provenance-Aware Storage System Provenance-Aware Storage System Margo Seltzer, David Holland, Kiran-Kumar Muniswamy-Reddy, Uri Braun, and Jonathan Ledlie Harvard University What is Provenance? What is Provenance? What did the

336 views • 12 slides
Provenance Tracking in CXXR Chris A. Silles Andrew R. Runnalls Computing Laboratory, University

Provenance Tracking in CXXR Chris A. Silles Andrew R. Runnalls Computing Laboratory, University

Provenance Tracking in CXXR Chris A. Silles Andrew R. Runnalls Computing Laboratory, University of Kent, UK Introduction Provenance CXXR Provenance-Aware CXXR Conclusion Outline 1 Introduction 2 Provenance CXXR 3 Provenance-Aware

980 views • 97 slides
Whats the Problem? What does it mean to collect provenance when you dont control:

Whats the Problem? What does it mean to collect provenance when you dont control:

Provenance in the Wild Peter Macko, Margo Seltzer June 14, 2012 Whats the Problem? What does it mean to collect provenance when you dont control: The data (types, format, organization, structure) The operators The

445 views • 10 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Time-aware Provenance for Distributed Systems Wenchao Zhou, Ling Ding, Andreas Haeberlen,

Time-aware Provenance for Distributed Systems Wenchao Zhou, Ling Ding, Andreas Haeberlen,

Time-aware Provenance for Distributed Systems Wenchao Zhou, Ling Ding, Andreas Haeberlen, Zachary Ives, Boon Thau Loo University of Pennsylvania Provenance for Distributed Systems Goal: Develop capability to answer diagnostic questions We need

314 views • 10 slides
Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and M. Fernndez LIF , Marseille & Kings College London WTS2010, Nancy C. Bertolissi, M. Fernndez () Term rewriting for Access Control

1.04k views • 28 slides
Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of Edinburgh DBPL 2013 August 30, 2013 Background Access control for XML databases Read-only security views [Stoica & Farkas 2002, Fan

431 views • 29 slides
Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and Peter Sewell Computer Laboratory, University of Cambridge, U.K. Cassandra: Distributed Access Control Policies with Tunable Expressiveness p.

1.44k views • 20 slides
Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1 Outline Role-Based Access Control OASIS

480 views • 14 slides
Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute

Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute

Institute for Cyber Security Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute for Cyber Security University of Texas at San Antonio World-leading research with real-world impact! 1 Presentation

451 views • 44 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Speech Acts and Tokens for Access Control and Provenance Tracking Fabian Neuhaus (NCOR) &

Speech Acts and Tokens for Access Control and Provenance Tracking Fabian Neuhaus (NCOR) &

Speech Acts and Tokens for Access Control and Provenance Tracking Fabian Neuhaus (NCOR) & Bill Andersen (Highfleet) STIDS 2011 Sorry Fabian cant be with us today 1 Neuhaus & Andersen, STIDS 2011 17 Nov 2011 Problem Statement

452 views • 21 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Management of Exceptions in Access Control Policies J. G. Alfaro, F. Cuppens, N. Cuppens ENST

Management of Exceptions in Access Control Policies J. G. Alfaro, F. Cuppens, N. Cuppens ENST

Management of Exceptions in Access Control Policies J. G. Alfaro, F. Cuppens, N. Cuppens ENST Bretagne, Rennes RSM/SERES Outline - 2 - Problem domain Main strategies Use of full expressiveness Conclusions and Perspectives

562 views • 28 slides
CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web Data Engineering Access Control Mechanisms Declarative Authorization using Realms The expression of app security external to the app

540 views • 26 slides
Successful ELM Suppressions in a Wide Range of q 95 Using Low n RMPs in KSTAR and its

Successful ELM Suppressions in a Wide Range of q 95 Using Low n RMPs in KSTAR and its

Successful ELM Suppressions in a Wide Range of q 95 Using Low n RMPs in KSTAR and its Understanding as a Secondary Effect of RMP YoungMu Jeon 1 J.-K. Park 2 , T.E. Evans 3 , G.Y. Park 1 , Y.-c. Ghim 4 , H.S. Han 1 , W.H. Ko 1 , Y.U. Nam 1 , K.D.

632 views • 33 slides
Interplay of Hidden Order, Quantum Criticality and Superconductivity in the Physics of 2D Heavy,

Interplay of Hidden Order, Quantum Criticality and Superconductivity in the Physics of 2D Heavy,

Interplay of Hidden Order, Quantum Criticality and Superconductivity in the Physics of 2D Heavy, Ultracold Atomic and Sulfur Hydride Fermions B. Abdullaev1, M. M. Musakhanov1, and C.-H. Park2 1 National University of Uzbekistan, Tashkent,

474 views • 15 slides
City of San Ramon Architectural Review Board Presentation 11 December 2019 Master Plan

City of San Ramon Architectural Review Board Presentation 11 December 2019 Master Plan

City of San Ramon Architectural Review Board Presentation 11 December 2019 Master Plan Objectives Provide multi-family housing within walking/biking/short commutes of Bishop Ranchs jobs, shopping and transit system Using infill

616 views • 35 slides
Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur

PETS 2017 The 17th Privacy Enhancing T echnologies Symposium July 1821, 2017 Minneapolis, MN, USA Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur Rahaman 1 , Long Cheng 1 , Danfeng (Daphne)

650 views • 18 slides
NLP Programming Tutorial 6 - Advanced Discriminative Learning Graham Neubig Nara Institute of

NLP Programming Tutorial 6 - Advanced Discriminative Learning Graham Neubig Nara Institute of

NLP Programming Tutorial 6 Advanced Discriminative Learning NLP Programming Tutorial 6 - Advanced Discriminative Learning Graham Neubig Nara Institute of Science and Technology (NAIST) 1 NLP Programming Tutorial 6 Advanced

680 views • 34 slides
Global Ocean Carbon Uptake: Magnitude, Variability and Trends Results from a RECCAP synthesis Rik

Global Ocean Carbon Uptake: Magnitude, Variability and Trends Results from a RECCAP synthesis Rik

Global Ocean Carbon Uptake: Magnitude, Variability and Trends Results from a RECCAP synthesis Rik Wanninkhof 1 , Geun-Ha Park 2 , Taro Takahashi 3 , Colm Sweeney 4,14 , Richard Feely 5 , Yukihiro Nojiri 6 , Nicolas Gruber 7 , Scott C. Doney 8 ,

498 views • 16 slides
New Cosmological Hydrodynamic Code Developments Jihye Shin 1 , Juhan Kim 2 , Sungsoo S. Kim 1 ,

New Cosmological Hydrodynamic Code Developments Jihye Shin 1 , Juhan Kim 2 , Sungsoo S. Kim 1 ,

Cosmological Radiative Transfer Comparison Project Workshop IV, The University of Texas at Austin, December 12-14, 2012 New Cosmological Hydrodynamic Code Developments Jihye Shin 1 , Juhan Kim 2 , Sungsoo S. Kim 1 , Suk-Jin Yoon 3 , & Changbom

478 views • 22 slides
On the Combination of two Decompositive Multi-Label Classification Methods Grigorios Tsoumakas 1 ,

On the Combination of two Decompositive Multi-Label Classification Methods Grigorios Tsoumakas 1 ,

Introduction QCLR HOMER HOMER+QCLR Conclusions On the Combination of two Decompositive Multi-Label Classification Methods Grigorios Tsoumakas 1 , Eneldo Loza Menc a 2 , Ioannis Katakis 1 , Sang-Hyeun Park 2 , and Johannes F urnkranz 2 1

600 views • 32 slides

More recommend