Data provenance to audit compliance with privacy policy in the Internet of Things

  title={Data provenance to audit compliance with privacy policy in the Internet of Things},
  author={Thomas Pasquier and Jatinder Singh and Julia E. Powles and D. Eyers and Margo I. Seltzer and Jean Bacon},
  journal={Personal and Ubiquitous Computing},
Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data can assist in demonstrating that the systems handling personal data satisfy regulatory and user requirements. Thus, components handling personal data should be audited to demonstrate that their actions comply with all such policies and requirements. A valuable side-effect of this approach is that such an auditing process will highlight areas where technical… 

Intruder Detection through Pattern Matching and Provenance Driven Data Recovery

A framework which uses pattern matching to identify tampered data, provenance models for data assurance and audit trails to recover original data is proposed and encouraged to encourage further research for effective cloud security assurance.

A Survey of Methodologies for Protecting Privacy of User Data Within Enterprise Information Infrastructure

This chapter covers a brief survey of notable privacy researches and models proposed for different phases of privacy engineering (i.e., privacy requirement engineering, privacy by design, privacy impact assessment, privacy compliance, and modeling approaches for privacy in enterprise infrastructure).

Natural Language Privacy Policy in IoT

The concepts of explicit and implicit purpose, which enable using the syntactic and semantic analyses to extract purposes in different sentences, are presented and the domain adaption method is applied to the semantic role labeling (SRL) model to improve the efficiency of purpose extraction.

A Comprehensive Survey on the State-of-the-art Data Provenance Approaches for Security Enforcement

A comparative study of the state-of-the-art approaches to provenance by classifying them based on frameworks, deployed techniques, and subjects of interest to discuss the emergence and scope of data provenance in IoT network.

From Here to Provtopia

This work claims that distributed data provenance, the directed acyclic graph documenting the origin and transformations of data holds the key for verifying compliance with regulatory mandates.

A comprehensive survey on data provenance: State-of-the-art approaches and their deployments for IoT security enforcement

A comparative study of the state-of-the-art approaches to provenance by classifying them based on frameworks, deployed techniques, and subjects of interest to discuss the emergence and scope of data provenance in IoT network.

Privacy Enhancing Technologies in the Internet of Things: Perspectives and Challenges

The current state of development of the PETs in various fields is identified and whether the existing PETs comply with the latest legal principles and privacy standards and reduce the threats to privacy is examined.

Bio-inspired Think-and-Share Optimization for Big Data Provenance in Wireless Sensor Networks

The proposed ‘Think-and-Share Optimization’ (TaSO) algorithms modularizes and automates data provenance in WSNs that are deployed and operated in enterprises and aims to exploit machine learning techniques (with underlying algorithms) to automate dataprovenance for big data systems in networked environments.

Runtime Analysis of Whole-System Provenance

This work presents CamQuery, which provides inline, realtime provenance analysis, making it suitable for implementing security applications, and demonstrates the applicability of CamQuery to a variety of runtime security applications including data loss prevention, intrusion detection, and regulatory compliance.

A Security-Enhanced Interoperability Middleware for the Internet of Things

An Internet of Things middleware specially tailored to address the security, and operational requirements expected from an effective IoT platform, and builds on standards and specifications to accomplish a highly resilient and scalable solution.



Information Flow Audit for Transparency and Compliance in the Handling of Personal Data

  • Thomas PasquierD. Eyers
  • Computer Science
    2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW)
  • 2016
This paper explores how an Information Flow Audit mechanism, that provides key data regarding provenance, can be used to verify compliance with regulatory and contractual duty, and survey potential extensions.

Information Flow Audit for PaaS Clouds

It is demonstrated how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools, which allows detailed understanding of the overall system.

Big ideas paper: Policy-driven middleware for a legally-compliant Internet of Things

The vision is for a middleware-enforced, unified policy model that applies end-to-end, throughout the IoT, since policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data flows.

Towards secure provenance-based access control in cloud environments

An architecture for secure and distributed management of provenance, enabling its use in security-critical applications and developing a provenance-based access control mechanism for Cumulus cloud storage, capable of processing thousands of operations per second on a single deployment.

Document Provenance in the Cloud: Constraints and Challenges

Managing information provenance in the cloud is a more challenging task due to specific problems related to the cloud added to the traditional ones.

Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs

A novel approach to policy-based provenance pruning is proposed - leverage the confinement properties provided by Mandatory Access Control (MAC) systems in order to identify subdomains of system activity for which to collect provenance.

Securing Provenance

An access control model tailored to provenance is developed and how it interacts with existing access control models is studied to identify issues requiring further research.

A provenance-based access control model

A notion of dependency as the key foundation for access control policy specification provides simplicity and effectiveness in policy specification and access control administration and can support dynamic separation of duty, workflow control, origin-based control, and object versioning.

Internet of Things - New security and privacy challenges

  • R. Weber
  • Computer Science
    Comput. Law Secur. Rev.
  • 2010

Obscuring Provenance Confidential Information via Graph Transformation

This paper describes PROV-GTS, a provenance graph transformation system, whose principled definition is based on PROV properties, and which seeks to avoid false independencies and false dependencies.