Evidence-Based Audit

Vaughan, Jeffrey A.; Jia, Limin; Mazurak, Karl; Zdancewic, Steve

doi:10.1109/csf.2008.24

Cited by 48 publications

(34 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, a set of approaches [25][26][27][28] used by the database community to support similar security properties as the ones presented in this paper can complement our work. Even these approaches were not created to specifically protect provenance information, the solutions presented to solve security issues (such as privacy) can be adapted to be implemented in the presented provenance model.…”

Section: Related Workmentioning

confidence: 86%

Securing Provenance-Based Audits

Aldeco-Pérez

Moreau

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Given the significant increase of on-line services that require personal information from users, the risk that such information is misused has become an important concern. In such a context, information accountability is desirable since it allows users (and society in general) to decide, by means of audits, whether information is used appropriately. To ensure information accountability, information flow should be made transparent. It has been argued that data provenance can be used as the mechanism to underpin such a transparency. Under these conditions, an audit's quality depends on the quality of the captured provenance information. Thereby, the integrity of provenance information emerges as a decisive issue in the quality of a provenance-based audit. The aim of this paper is to secure provenance-based audits by the inclusion of cryptographic elements in the communication between the involved entities as well as in the provenance representation. This paper also presents a formalisation and an automatic verification of a set of security properties that increase the level of trust in provenance-based audit results.

show abstract

Section: Related Workmentioning

confidence: 86%

Securing Provenance-Based Audits

Aldeco-Pérez

Moreau

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…There is also work on authorisation and enforcement of rules in databases [14,4,8]. However, given the openness of information on the Web and the possibility of inferring information using previously published information, authorisation and enforcement are very challenging to implement.…”

Section: Algorithm 3 Reusing Datamentioning

confidence: 99%

“…Some research [14,4,8] is focused on developing better techniques to avoid information misuse by restricting access to information. However, access restriction alone cannot properly solve this problem on the Web, where information is widely and public available.…”

Section: Introductionmentioning

confidence: 99%

A Provenance-Based Compliance Framework

Aldeco-Pérez

Moreau

2010

Future Internet - FIS 2010

View full text Add to dashboard Cite

Abstract. Given the significant amount of personal information available on the Web, verifying its correct use emerges as an important issue. When personal information is published, it should be later used under a set of usage policies. If these policies are not followed, sensitive data could be exposed and used against its owner. Under these circumstances, processing transparency is desirable since it allows users to decide whether information is used appropriately. It has been argued that data provenance can be used as the mechanism to underpin such a transparency. Thereby, if provenance of data is available, processing becomes transparent since the provenance of data can be analysed against usage policies to decide whether processing was performed in compliance with such policies. The aim of this paper is to present a Provenance-based Compliance Framework that uses provenance to verify the compliance of processing to predefined information usage policies. It consists of a provenance-based view of past processing of information, a representation of processing policies and a comparison stage in which the past processing is analysed against the processing policies. This paper also presents an implementation using a very common on-line activity: on-line shopping 1 .

show abstract

“…That is the focus of this paper. Other work has focused on formalisms for querying logs [39,18], however these works presuppose correctness of audit logs for true accountability.…”

Section: A Motivating Example From Practicementioning

confidence: 99%

Correct Audit Logging: Theory and Practice

Amir-Mohammadian

Chong

Skalka

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Retrospective security has become increasingly important to the theory and practice of cyber security, with auditing a crucial component of it. However, in systems where auditing is used, programs are typically instrumented to generate audit logs using manual, ad-hoc strategies. This is a potential source of error even if log analysis techniques are formal, since the relation of the log itself to program execution is unclear. This paper focuses on provably correct program rewriting algorithms for instrumenting formal logging specifications. Correctness guarantees that the execution of an instrumented program produces sound and complete audit logs, properties defined by an information containment relation between logs and the program's logging semantics. We also propose a program rewriting approach to instrumentation for audit log generation, in a manner that guarantees correct log generation even for untrusted programs. As a case study, we develop such a tool for OpenMRS, a popular medical records management system, and consider instrumentation of break the glass policies.

show abstract

Evidence-Based Audit

Cited by 48 publications

References 21 publications

Securing Provenance-Based Audits

Securing Provenance-Based Audits

A Provenance-Based Compliance Framework

Correct Audit Logging: Theory and Practice

Contact Info

Product

Resources

About