《计算机应用研究》|Application Research of Computers

数据起源安全研究综述

Survey of data provenance security

免费全文下载 (已被下载 次)  
获取PDF全文
作者 石丽波,孙连山,王艺星
机构 陕西科技大学 电气与信息工程学院 计算机系,西安 710021
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2017)01-0001-07
DOI 10.3969/j.issn.1001-3695.2017.01.001
摘要 数据起源是描述数据来源及其所经历处理过程的元数据,起源安全是制约起源技术大规模应用的关键瓶颈。为推动起源安全研究,从完整性、机密性和可用性三方面分析了起源安全的内涵;介绍了目前广受关注的起源安全机制:起源过滤和起源感知的访问控制,分别分析了这两类起源安全机制的主要特征,并对比了现有工作的优点和不足;最后指出了起源安全研究的发展方向。
关键词 数据起源;信息安全;起源过滤;访问控制
基金项目 国家自然科学青年基金资助项目(61202019)
陕西省教育厅自然科学专项基金资助项目(14JK1098)
本文URL http://www.arocmag.com/article/01-2017-01-001.html
英文标题 Survey of data provenance security
作者英文名 Shi Libo, Sun Lianshan, Wang Yixing
机构英文名 Dept.ofComputerScience,SchoolofElectrical&InformationEngineering,ShaanxiUniversityofScience&Technology,Xi'an710021,China
英文摘要 Data provenance is a kind of historical meta-data that describes the origins or pedigrees of data items, data proces-sing activities, and agents that associated with data or activities.Provenance security is the key bottleneck of adopting provenance related technologies in real world.To advance provenance security research, this paper first analyzed the essence of provenance security in terms of its integrity, confidentiality, and availability.Then it introduced existing works related to two typical provenance security mechanisms: provenance sanitization and provenance-aware access control.It identified critical features of the two typical mechanisms and discussed their merits and shortcomings.Finally, it presented the future directions of provenance security research.
英文关键词 data provenance; information security; provenance sanitization; access control
参考文献 查看稿件参考文献
  [1] Muniswamy-Reddy K K. Foundations for provenance-aware systems[D] . Cambridge:Harvard University, 2010.
[2] Buneman P, Khanna S, Tan W C. Data provenance:some basic issues[C] //Proc of the 20th Conference on Foundations of Software Technology and Theoretical Computer Science. Berlin:Springer, 2000:87-93.
[3] Groth P, Moreau L. PROV-overview, TR 20130430[R] . [S. l. ] :W3C, 2013.
[4] 戴超凡, 王涛, 张鹏程. 数据起源技术发展研究综述[J] . 计算机应用研究, 2010, 27(9):3215-3219.
[5] Miles S, Groth P, Munroe S, et al. PrIMe:a methodology for developing provenance-aware applications[J] . ACM Trans on Software Engineering and Methodology, 2011, 20(3):1-42.
[6] Braun U, Shinnar A, Seltzer M. Securing provenance[C] //Proc of the 3rd USENIX Workshop on Hot Topics in Security. Berkeley:USENIX Association, 2008:21-25.
[7] Moreau L, Clifford B, Futrelle J, et al. The open provenance model core specification[J] . Future Generation Computer System, 2011, 27(6):743-756.
[8] Missier P, Belhajjame K, Cheney J. The W3C PROV family of specifications for modelling provenance metadata[C] //Proc of the 16th International Conference on Extending Database Technology. New York:ACM Press, 2013:773-776.
[9] Tan V, Groth P, Miles S, et al. Security issues in a SOA-based provenance system[C] //Proc of Provenance and Annotation Workshop. Berlin:Springer, 2006:203-211.
[10] Hasan R, Sion R, Winslett M. Introducing secure provenance:problems and challenges[C] //Proc of International Workshop on Storage Security and Survivability. New York:ACM Press, 2007:13-18.
[11] Chong S. Towards semantics for provenance security[C] //Proc of the 1st Workshop on Theory and Practice of Provenance. Berkeley:USENIX Association, 2009:12-16.
[12] Cheney J. A formal framework for provenance security[C] //Proc of the 24th Computer Security Foundations Symposium. Washington DC:IEEE Computer Society, 2011:281-293.
[13] Tan Y S, Ko K L. R, Holmes G. Security and data accountability in distributed systems:a provenance survey[C] //Proc of IEEE International Conference on Embedded and Ubiquitous Computing & High Performance Computing and Communications. 2013:1571-1578.
[14] 李秀美, 王凤英. 数据起源安全模型研究[J] . 山东理工大学学报:自然科学版, 2010, 24(4):56-60.
[15] 刘通, 王凤英. 基于OPM的安全起源模型[J] . 计算机应用研究, 2013, 30(10):3117-3120.
[16] Hasan R, Sion R, Winslett M. Preventing history forgery with secure provenance[J] . ACM Trans on Storage, 2009, 5(4):12:1-12:43.
[17] Maruseac M, Ghinita G, Rughinis R. Privacy-preserving publication of provenance workflows[C] //Proc of the 4th ACM Conference on Data and Application Security and Privacy. New York:ACM Press, 2014:159-162.
[18] Cheney J, Perera R. An analytical survey of provenance sanitization[C] //Proc of the 5th International Provenance and Annotation Workshop. Berlin:Springer, 2014:113-126.
[19] Nguyen D, Park J, Sandhu R. Dependency path patterns as the foundation of access control in provenance-aware systems[C] //Proc of the 4th USENIX Conference on Theory and Practice of Provenance. Berkeley:USENIX Association, 2012:4-7.
[20] Cadenhead T, Khadilkar V, Kantarcioglu M, et al. Transforming provenance using redaction[C] //Proc of the 16th ACM Symposium on Access Control Models and Technologies. New York:ACM Press, 2011:93-102.
[21] Missier P, Bryans J, Gamble C, et al. Provenance graph abstraction by node grouping, CS-TR-1393[R] . Newcastle:Newcastle University, 2013.
[22] Missier P, Bryans J, Gamble C, et al. ProvAbs:model, policy, and tooling for abstracting PROV graphs[C] //Proc of the 5th International Provenance and Annotation Workshop. Berlin:Springer, 2014:3-15.
[23] Cohen-Boulakia S, Biton O, Cohen S, et al. Addressing the provenance challenge using ZOOM[J] . Concurrency and Computation:Practice and Experience, 2008, 20(5):497-506.
[24] Chebotko A, Chang S, Lu Shiyong, et al. Scientific workflow provenance querying with security views[C] //Proc of International Conference on Web-Age Information Management. [S. l. ] :IEEE Press, 2008:349-356.
[25] Dey S, Zinn D, Ludscher B. ProPub:towards a declarative approach for publishing customized, policy-aware provenance[C] //Proc of the 23rd International Conference on Scientific and Statistical Database Management. Berlin:Springer, 2011:225-243.
[26] Davidson S B, Khanna S, Milo T, et al. Provenance views for module privacy[C] //Proc of the 13th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems. New York:ACM Press, 2011:175-186.
[27] Davidson S B, Milo T, Roy S. A propagation model for provenance views of public/private workflows[C] //Proc of the 16th International Conference on Database Theory. New York:ACM Press, 2013:165-176.
[28] Nies T D, Cheney J, Missier P, et al. Constraints of the PROV data model, REC-Prov-constraints-20130430[R] . [S. l. ] :W3C, 2013.
[29] 王于丁, 杨家海, 徐聪, 等. 云计算访问控制技术研究综述[J] . 软件学报, 2015, 26(5):1129-1150.
[30] Braun U, Shinnar A. A security model for provenance, TR-04-06[R] . Cambridge:Harvard University Computer Science, 2006.
[31] Ni Qun, Xu Shouhuai, Elisa B, et al. An access control language for a general provenance model[C] //Proc of the 6th VLDB Workshop on Secure Data Management. Berlin:Springer, 2009:68-88.
[32] Cadenhead T, Khadilkar V, Kantarcioglu M, et al. A language for provenance access control[C] //Proc of the 1st ACM Conference on Data and Application Security and Privacy. New York:ACM Press, 2011:133-144.
[33] Roxana D, Curcin V, Missier P, et al. Access control and view generation for provenance graphs[J] . Future Generation Computer System, 2015, 49(8):8-27.
[34] Rachapalli J, Khadilkar V, Kantarcioglu M, et al. Towards fine grained RDF access control[C] //Proc of the 19th ACM Symposium on Access Control Models and Technologies. New York:ACM Press, 2014:165-176.
[35] Chen Liang, Edwards P, Nelson J D, et al. An access control model for protecting provenance graphs[C] //Proc of the 13th Annual International Conference on Privacy, Security and Trust. [S. l. ] :IEEE Press, 2015:125-132.
[36] Park J, Nguyen D, Sandhu R. A provenance-based access control model[C] //Proc of the 10th Annual International Conference on Privacy, Security and Trust. [S. l. ] :IEEE Press, 2012:137-144.
[37] Nguyen D, Park J, Sandhu R. A provenance-based access control model for dynamic separation of duties[C] //Proc of the 11th Annual International Conference on Privacy, Security and Trust. [S. l. ] :IEEE Press, 2013:247-256.
[38] Nguyen D, Park J, Sandhu R. Adopting provenance-based access control in open stack cloud IaaS[C] //Proc of the 8th International Conference on Network and System Security. [S. l. ] :Springer International Publishing, 2014:15-27.
[39] 孙连山, 祁志斌, 侯涛. 一种基于UML模型的起源感知访问控制策略分析方法[J] . 计算机工程与科学, 2015, 37(6):1114-1126.
[40] Sun Lianshan, Park J, Ngnuyen D, et al. A provenance-aware access control framework with typed provenance[J] . IEEE Trans on Dependable and Secure Computing, 2015, 13(4):411-423.
[41] Oliveira D, Ocaa K A, Baio F, et al. A provenance-based adaptive scheduling heuristic for parallel scientific workflows in clouds[J] . Journal of Grid Computing, 2012, 10(3):521-552.
[42] Ali M, Moreau L. A provenance-aware policy language (cProvl) and a data traceability model (cProv) for the cloud[C] //Proc of International Conference on Cloud and Green Computing. Washington DC:IEEE Computer Society, 2013:479-486.
[43] Muniswamy-Reddy K K, Seltzer M. Provenance as first class cloud data[J] . ACM SIGOPS Operating Systems Review, 2010, 43(4):11-16.
[44] Sakka M A, Defude B, Tellez J. Document provenance in the cloud:constraints and challenges[C] //Proc of the 16th Workshop on Networked Services and Applications:Engineering, Control and Management. Berlin:Springer, 2010:107-117.
[45] Lu Rongxing, Lin Xiaodong, Liang Xiaohui, et al. Secure provenance:the essential of bread and butter of data forensics in cloud computing[C] //Proc of the 5th ACM Symposium on Information, Computer and Communications Security. New York:ACM Press, 2010:282-292.
[46] Lim H S, Moon Y S, Bertino E. Provenance-based trustworthiness assessment in sensor networks[C] //Proc of the 7th Workshop on Data Management for Sensor Networks. New York:ACM Press, 2010:2-7.
[47] Sultana S, Shehab M, Bertino E. Secure provenance transmission for streaming data[J] . IEEE Trans on Knowledge and Data Engineering, 2013, 25(8):1890-1903.
[48] Wang Xinlei, Zhu Jindan, Pande A, et al. Ad hoc spatial-temporal provenance assurance for mobile users[C] //Proc of the 21st IEEE International Conference on Network Protocols. 2013:1-10.
[49] Khan R, Zawoad S, Haque M M, et al. Who, when, and where? Location proof assertion for mobile devices[C] //Proc of the 28th Annual IFIP WG 11. 3 Working Conference on Data and Applications Security and Privacy. Berlin:Springer, 2014:146-162.
收稿日期 2016/3/17
修回日期 2016/5/19
页码 1-7
中图分类号 TP309.2
文献标志码 A