Preserving integrity and confidentiality of a directed acyclic graph model of provenance

Amril Syalim, Takashi Nishide, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

16 Citations (Scopus)

Abstract

This paper describes how to preserve integrity and confidentiality of a directed acyclic graph (DAG) model of provenance database. We show a method to preserve integrity by using digital signature where both of the provenance owner and the process executors (i.e. contributors) sign the nodes and the relationships between nodes in the provenance graph so that attacks to integrity can be detected by checking the signatures. To preserve confidentiality of the nodes and edges in the provenance graph we propose an access control model based on paths on the provenance graph because an auditor who need to audit a result normally need to access all nodes that have causal relationship with the result (i.e. all nodes that have a path to the result). We also complement the path-based access control with a compartment-based access control where each node is classified into compartments and the auditor is not allowed to access the nodes included in a compartment that can not be accessed by him/her (because of the sensitivity of the compartment). We implement the path-based access control by encrypting the nodes and later store encrypted encryption's keys in the children of the nodes. The compartment-based access control is implemented by encrypting the nodes in different compartments with different keys. We developed a prototype of the model and performed experiments to measure the overhead of digital signature and the double encryptions.

Original languageEnglish
Title of host publicationData and Applications Security and Privacy XXIV - 24th Annual IFIP WG 11.3 Working Conference, Proceedings
Pages311-318
Number of pages8
DOIs
Publication statusPublished - 2010
Event24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy - Rome, Italy
Duration: 21 Jun 201021 Jun 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6166 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy
Country/TerritoryItaly
CityRome
Period21/06/1021/06/10

Fingerprint

Dive into the research topics of 'Preserving integrity and confidentiality of a directed acyclic graph model of provenance'. Together they form a unique fingerprint.

Cite this