Issue No. 04 - October-December (2010 vol. 3)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSC.2010.38
Artem Chebotko , University of Texas - Pan American, Edinburg
Shiyong Lu , Wayne State University, Detroit
Seunghan Chang , Wayne State University, Detroit
Farshad Fotouhi , Wayne State University, Detroit
Ping Yang , Binghamton University, Binghamton
Provenance has become increasingly important in scientific workflows and services computing to capture the derivation history of a data product, including the original data sources, intermediate data products, and the steps that were applied to produce the data product. In many cases, both scientific results and the used protocol are sensitive and effective access control mechanisms are essential to protect their confidentiality. In this paper, we propose: 1) a formal scientific workflow provenance model as the basis for querying and access control for workflow provenance; 2) a security model for fine-grained access control for multilevel provenance and an algorithm for the derivation of a full security specification based on inheritance, overriding, and conflict resolution; 3) a formalization of the notion of security views and an algorithm for security view derivation; and 4) a formalization of the notion of secure abstraction views and an algorithm for its computation. A prototype called SecProv has been developed, and experiments show the effectiveness and efficiency of our approach.
Scientific workflows, provenance, access control, security, abstraction, secure querying.
F. Fotouhi, S. Lu, S. Chang, P. Yang and A. Chebotko, "Secure Abstraction Views for Scientific Workflow Provenance Querying," in IEEE Transactions on Services Computing, vol. 3, no. , pp. 322-337, 2010.