2012 Tenth Annual International Conference on Privacy, Security and Trust (2012)
Paris, France France
July 16, 2012 to July 18, 2012
Jaehong Park , Institute for Cyber Security, University of Texas at San Antonio, USA
Dang Nguyen , Institute for Cyber Security, University of Texas at San Antonio, USA
Ravi Sandhu , Institute for Cyber Security, University of Texas at San Antonio, USA
Existence of data provenance information in a system raises at least two security-related issues. One is how provenance data can be used to enhance security in the system and the other is how to protect provenance data which might be more sensitive than the data itself. Recent data provenance-related access control literature mainly focuses on the latter issue of protecting provenance data. In this paper, we propose a novel provenance-based access control model that addresses the former objective. Using provenance data for access control to the underlying data facilitates additional capabilities beyond those available in traditional access control models. We utilize a notion of dependency as the key foundation for access control policy specification. Dependency-based policy provides simplicity and effectiveness in policy specification and access control administration. We show our model can support dynamic separation of duty, workflow control, origin-based control, and object versioning. The proposed model identifies essential components and concepts and provides a foundational base model for provenance-based access control. We further discuss possible extensions of the proposed base model for enhanced access controls.
Data models, Authorization, Computational modeling, History, Grammar
R. Sandhu, D. Nguyen and J. Park, "A provenance-based access control model," 2012 Tenth Annual International Conference on Privacy, Security and Trust(PST), Paris, France France, 2012, pp. 137-144.