Data provenance to audit compliance with privacy policy in the Internet of Things

  title={Data provenance to audit compliance with privacy policy in the Internet of Things},
  author={Thomas Pasquier and Jatinder Singh and Julia E. Powles and D. Eyers and Margo I. Seltzer and Jean Bacon},
  journal={Personal and Ubiquitous Computing},
Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data can assist in demonstrating that the systems handling personal data satisfy regulatory and user requirements. Thus, components handling personal data should be audited to demonstrate that their actions comply with all such policies and requirements. A valuable side-effect of this approach is that such an auditing process will highlight areas where technical… 

Proactive Provenance Policies for Automatic Cryptographic Data Centric Security

This paper provides a model for proactively evaluating provenance metadata in the ACDC paradigm as well as a case study of an electronic voting scheme to demonstrate the applicability of ACDC and the provenance policies needed to ensure data integrity.

Intruder Detection through Pattern Matching and Provenance Driven Data Recovery

A framework which uses pattern matching to identify tampered data, provenance models for data assurance and audit trails to recover original data is proposed and encouraged to encourage further research for effective cloud security assurance.

A Survey of Methodologies for Protecting Privacy of User Data Within Enterprise Information Infrastructure

This chapter covers a brief survey of notable privacy researches and models proposed for different phases of privacy engineering (i.e., privacy requirement engineering, privacy by design, privacy impact assessment, privacy compliance, and modeling approaches for privacy in enterprise infrastructure).

Natural Language Privacy Policy in IoT

The concepts of explicit and implicit purpose, which enable using the syntactic and semantic analyses to extract purposes in different sentences, are presented and the domain adaption method is applied to the semantic role labeling (SRL) model to improve the efficiency of purpose extraction.

A Comprehensive Survey on the State-of-the-art Data Provenance Approaches for Security Enforcement

A comparative study of the state-of-the-art approaches to provenance by classifying them based on frameworks, deployed techniques, and subjects of interest to discuss the emergence and scope of data provenance in IoT network.

From Here to Provtopia

This work claims that distributed data provenance, the directed acyclic graph documenting the origin and transformations of data holds the key for verifying compliance with regulatory mandates.

A comprehensive survey on data provenance: State-of-the-art approaches and their deployments for IoT security enforcement

A comparative study of the state-of-the-art approaches to provenance by classifying them based on frameworks, deployed techniques, and subjects of interest to discuss the emergence and scope of data provenance in IoT network.

Privacy Enhancing Technologies in the Internet of Things: Perspectives and Challenges

The current state of development of the PETs in various fields is identified and whether the existing PETs comply with the latest legal principles and privacy standards and reduce the threats to privacy is examined.

PurExt: Automated Extraction of the Purpose-Aware Rule from the Natural Language Privacy Policy in IoT

A novel approach to identify the rule from natural language privacy policies with a high recall rate and the implicit purpose extraction of the adapted model significantly improves the F1-score by 11%.

Viewpoint | Personal Data and the Internet of Things: It is time to care about digital provenance

How the authors' personal data is processed and consumed in an ever more connected world must imperatively be made transparent, and more effective technical solutions than those currently on offer, to manage personal data must urgently be investigated.



Information Flow Audit for Transparency and Compliance in the Handling of Personal Data

  • Thomas PasquierD. Eyers
  • Computer Science
    2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW)
  • 2016
This paper explores how an Information Flow Audit mechanism, that provides key data regarding provenance, can be used to verify compliance with regulatory and contractual duty, and survey potential extensions.

Information Flow Audit for PaaS Clouds

It is demonstrated how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools, which allows detailed understanding of the overall system.

Big ideas paper: Policy-driven middleware for a legally-compliant Internet of Things

The vision is for a middleware-enforced, unified policy model that applies end-to-end, throughout the IoT, since policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data flows.

Towards secure provenance-based access control in cloud environments

An architecture for secure and distributed management of provenance, enabling its use in security-critical applications and developing a provenance-based access control mechanism for Cumulus cloud storage, capable of processing thousands of operations per second on a single deployment.

Document Provenance in the Cloud: Constraints and Challenges

Managing information provenance in the cloud is a more challenging task due to specific problems related to the cloud added to the traditional ones.

Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs

A novel approach to policy-based provenance pruning is proposed - leverage the confinement properties provided by Mandatory Access Control (MAC) systems in order to identify subdomains of system activity for which to collect provenance.

Securing Provenance

An access control model tailored to provenance is developed and how it interacts with existing access control models is studied to identify issues requiring further research.

A provenance-based access control model

A notion of dependency as the key foundation for access control policy specification provides simplicity and effectiveness in policy specification and access control administration and can support dynamic separation of duty, workflow control, origin-based control, and object versioning.

Internet of Things - New security and privacy challenges

  • R. Weber
  • Computer Science
    Comput. Law Secur. Rev.
  • 2010

Obscuring Provenance Confidential Information via Graph Transformation

This paper describes PROV-GTS, a provenance graph transformation system, whose principled definition is based on PROV properties, and which seeks to avoid false independencies and false dependencies.