A Provenance-Aware Access Control Framework with Typed Provenance

Sun, Lianshan; Park, Jaehong; Nguyen, Dang Tuan; Sandhu, Ravi

doi:10.1109/tdsc.2015.2410793

Cited by 18 publications

(4 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sun et al [23] propose an provenance-aware policy analysis method based on the UML model, which formally models the provenance semantics as an abstract provenance type, and can specify and refine access control policies at a higher level. Sun et al [24] further implement an provenance-aware access control framework that supports an extended XACML and allows users to define access control policies using a typed provenance model.…”

Section: B Provenance-based Access Controlmentioning

confidence: 99%

BPDAC: A Blockchain Based and Provenance Enabled Dynamic Access Control Scheme

Sun,

Zhou,

Liu

et al. 2023

IEEE Access

Self Cite

View full text Add to dashboard Cite

Access control is widely used technology for securing sensitive resources of information systems, such as personal data managed by cloud-based data store and sensitive data stream collected by smart devices. Existing access control systems mainly adopt centralized architecture and static access control models, including Access Control List, Role-based Access Control and Attribute-based Access Control. However, these systems fail to meet the increasing requirements of behavior based dynamic access control or requirements of owner initiated autonomous access control without relying on trustworthy third parties and suffer inherent drawbacks of single point of failure or dishonesty. To this end, a novel blockchain-based and provenance enabled dynamic access control scheme called BPDAC is proposed. Specifically, it collects and stores data provenance on blockchain to enable behavior-based dynamic access control; in particular, the quick lookup table structure is designed to speed up access control evaluation based on provenance with increasing complexity. It also provides specifications for formulating access control policies based on provenance. It utilizes a set of smart contracts on blockchain to enable decentralized and reliable autonomous access control. A prototype system is implemented on the Hyperledger Fabric and experiments are conducted to show that the proposed scheme is practically feasible and scalable in terms of the performance metrics of throughput and latency.

show abstract

Section: B Provenance-based Access Controlmentioning

confidence: 99%

BPDAC: A Blockchain Based and Provenance Enabled Dynamic Access Control Scheme

Sun,

Zhou,

Liu

et al. 2023

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…In a centralized setting where provenance is collected and stored in an authoritative center, the main concerns are security and traceability because the trustworthiness of the shared provenance graphs is tacitly ensured by the authoritative center. Most existing researches focused on ensuring provenance security by techniques of encryption [19,20], sanitization [21], and access control [22,23]. Some researches further considered the issue of achieving both security and traceability [24].…”

Section: Related Workmentioning

confidence: 99%

BSTProv: Blockchain-Based Secure and Trustworthy Data Provenance Sharing

et al. 2022

View full text Add to dashboard Cite

In the Big Data era, data provenance has become an important concern for enhancing the trustworthiness of key data that are rapidly generated and shared across organizations. Prevailing solutions employ authoritative centers to efficiently manage and share massive data. They are not suitable for secure and trustworthy decentralized data provenance sharing due to the inevitable dishonesty or failure of trusted centers. With the advent of the blockchain technology, embedding data provenance in immutable blocks is believed to be a promising solution. However, a provenance file, usually a directed acyclic graph, cannot be embedded in blocks as a whole because its size may exceed the limit of a block, and may include various sensitive information that can be legally accessed by different users. To this end, this paper proposed the BSTProv, a blockchain-based system for secure and trustworthy decentralized data provenance sharing. It enables secure and trustworthy provenance sharing by partitioning a large provenance graph into multiple small subgraphs and embedding the encrypted subgraphs instead of raw subgraphs or their hash values into immutable blocks of a consortium blockchain; it enables decentralized and flexible authorization by allowing each peer to define appropriate permissions for selectively sharing some sets of subgraphs to specific requesters; and it enables efficient cross-domain provenance composition and tracing by maintaining a high-level dependency structure among provenance graphs from different domains in smart contracts, and by locally storing, decrypting, and composing subgraphs obtained from the blockchain. Finally, a prototype is implemented on top of an Ethereum-based consortium blockchain and experiment results show the advantages of our approach.

show abstract

“…Parket et al 14 proposed a provenance‐based access control model that used provenance data to implement access control. Sun et al 15,16 designed and implemented a provenance‐aware access control framework that included a typed provenance model (TPM) and a set of TPM interpreters. The TPM treated provenance types as special attributes for the adoption of provenance‐aware access control in existing attribute‐based access control (ABAC) frameworks.…”

Section: Related Workmentioning

confidence: 99%

Provenance‐based data flow control mechanism for Internet of things

Xie

Shi

et al. 2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

In the Internet of things (IoT), the flow and sharing of data between different devices has become a trend. However, determining how to ensure the controlled flow and sharing of data is an urgent problem to address to ensure data security and privacy in the IoT environment. To address the above problem, we propose a provenance‐based data flow control mechanism (PDFC) that includes flow control and further control to realize data flow control and further control after flow. The mechanism implements both direct and indirect control of data flow based on provenance data, which reduces the risk of indirect leakage. As data flow and are shared between different devices, the provenance data become increasingly large, consequently, indirect control on the provenance data takes increasing amounts of time, seriously affecting control efficiency. To improve the control efficiency of data flow, the provenance data are simplified according to the type of operation generating the data and the association degree of data and their provenance data. To reduce the storage space occupied by the provenance data and improve the efficiency of querying the provenance data, we propose a provenance tree that records the relationship between data and their provenance data. A theoretical analysis demonstrates the security and effectiveness of PDFC, which can solve the fine‐grained controlled sharing problem in IoT. Using the data flow in a smart healthcare system as an example, we demonstrate the implementation and optimization method of PDFC, and the result shows PDFC has obvious flexibility and performance advantages.

show abstract

A Provenance-Aware Access Control Framework with Typed Provenance

Cited by 18 publications

References 25 publications

BPDAC: A Blockchain Based and Provenance Enabled Dynamic Access Control Scheme

BPDAC: A Blockchain Based and Provenance Enabled Dynamic Access Control Scheme

BSTProv: Blockchain-Based Secure and Trustworthy Data Provenance Sharing

Provenance‐based data flow control mechanism for Internet of things

Contact Info

Product

Resources

About