Provenance-based Classification Policy based on Encrypted Search

Fan, Xinyu; Zhang, Faen; Turamat, Eminjan; Tong, Chao; Wu, Jia Hong; Wang, Kai

doi:10.1109/iai50351.2020.9262173

Cited by 1 publication

(1 citation statement)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One such notable contribution extracts resource dependencies from provenance logs and uses them to authorize and authenticate users in distributed cloud environments, and later uses this as an attribute in ABAC to make access decisions [ 31 ]. In another approach, the authors proposed a generic ontology to capture semantic information (attributes) from different provenance schemes present in distributed infrastructures, subsequently basing classified resources on this information in order to assign access privileges to classified resources [ 32 ]. Provenance can also help in the implementation of organizational security policies and is proposed as a hybrid approach with ABAC for enforcement [ 28 , 29 , 30 , 31 ].…”

Section: Related Workmentioning

confidence: 99%

Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access Control

Sultan

Jensen

2021

Sensors

View full text Add to dashboard Cite

The amount of data generated in today’s world has a fair share of personal information about individuals that helps data owners and data processors in providing them with personalized services. Different legal and regulatory obligations apply to all data owners collecting personal information, specifying they use it only for the agreed-upon purposes and in a transparent way to preserve privacy. However, it is difficult to achieve this in large-scale and distributed infrastructures as data is continuously changing its form, such as through aggregation with other sources or the generation of new transformed resources, resulting often in the loss or misinterpretation of the collection purpose. In order to preserve the authorized collection purposes, we propose data is added as a part of immutable and append-only resource metadata (provenance), to be retrieved by an access control mechanism when required for data-usage verification. This not only ensures purpose limitation in large-scale infrastructures but also provides transparency for individuals and auditing authorities to track how personal information is used.

show abstract