Issue No. 04 - July-Aug. (2016 vol. 13)
Lianshan Sun , Shaanxi University of Science and Technology, Xi'an, China
Jaehong Park , University of Alabama in Huntsville, Huntsville, AL, USA
Dang Nguyen , University of Texas at San Antonio, San Antonio, TX, USA
Ravi Sandhu , University of Texas at San Antonio, San Antonio, TX, USA
Provenance is a directed graph that captures historical information about data items in Provenance-Aware Systems (PAS). A variety of access control models and policy languages specific to PAS have been recently discussed in literature. However, it is still not clear how to efficiently specify provenance-aware access control policies and how to effectively enforce these policies with respect to complex provenance graph that can only be captured at run-time. To this end, we design and implement a provenance-aware access control framework with a layered architecture that features an abstract layer, including a Typed Provenance Model (TPM) and a set of TPM interpreters. TPM includes a set of abstract provenance types enabling efficient specification of provenance-aware policies. New provenance types can be composed of extant ones for specifying new policies. TPM interpreters can be integrated to enable the policy enforcement with respect to provenance graphs in different physical representations. By treating provenance types as special attributes, the proposed framework enables an adoption of provenance-aware access control in existing attribute-based access control frameworks, such as XACML-compliant ones. We implement the proposed framework by extending SUN's XACML implementation and show that it facilitates the specification of provenance-aware policies in XACML with minor extensions. We also analyze the performance of the proposed framework.
Access control, Semantics, Computer architecture, Abstracts, Software, Object oriented modeling
L. Sun, J. Park, D. Nguyen and R. Sandhu, "A Provenance-Aware Access Control Framework with Typed Provenance," in IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 4, pp. 411-423, 2016.