Security and Data Accountability in Distributed Systems: A Provenance Survey

@article{Tan2013SecurityAD,
  title={Security and Data Accountability in Distributed Systems: A Provenance Survey},
  author={Yu Shyang Tan and Ryan Kok Leong Ko and Geoff Holmes},
  journal={2013 IEEE 10th International Conference on High Performance Computing and Communications \& 2013 IEEE International Conference on Embedded and Ubiquitous Computing},
  year={2013},
  pages={1571-1578}
}
  • Yu Shyang TanR. KoG. Holmes
  • Published 2013
  • Computer Science
  • 2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing
While provenance research is common in distributed systems, many proposed solutions do not address the security of systems and accountability of data stored in those systems. In this paper, we survey provenance solutions which were proposed to address the problems of system security and data accountability in distributed systems. From our survey, we derive a set of minimum requirements that are necessary for a provenance system to be effective in addressing the two problems. Finally, we… 

Figures and Tables from this paper

Towards Secure Provenance in the Cloud: A Survey

This paper surveys the existing cloud provenance management schemes and proposed security solutions, investigates the current related security challenges resulting from the nature of the provenance model and the characteristics of the cloud and identifies potential research directions which should be covered in order to build a secure cloudprovenance for the next generation.

Provenance for cloud data accountability

A Forensic Enabled Data Provenance Model for Public Cloud

The challenges of cloud architecture are identified, how this affects the existing forensic analysis and provenance techniques is discussed, and a model for efficient provenance collection and forensic analysis is proposed.

Language-integrated provenance

Extensions to the Links programming language are presented that build on its support for language-integrated query to support provenance queries by rewriting and normalizing monadic comprehensions and extending the type system to distinguish provenance metadata from normal data.

Workload based provenance capture reduction

This thesis surveys multiple applications and use cases of provenance like data exploration, monitoring, data quality etc, and introduces nine data reduction techniques that can be applied to provenance in the context of different use cases and formally describes and evaluates four out of the nine techniques sampling, histogram, clustering and equivalence classes on top of Apache Spark.

Provenance Research Issues and Challenges in the Big Data Era

  • A. Cuzzocrea
  • Computer Science
    2015 IEEE 39th Annual Computer Software and Applications Conference
  • 2015
An overview of relevant issues and challenges in the context of big data provenance research is provided, by also highlighting possible future efforts within these research directions.

Trusted Tamper-Evident Data Provenance

A framework to enable tamper-evidence and preserve the confidentiality and integrity of data provenance using the Trusted Platform Module (TPM), which can be applied to capture tampering evidence in large-scale cloud environments at system, network, and application granularities.

Challenges of Data Provenance for Cloud Forensic Investigations

An overview of currentprovenance challenges in cloud computing is provided and limitations of current provenance collection mechanisms are identified.

Progger: An Efficient, Tamper-Evident Kernel-Space Logger for Cloud Data Provenance Tracking

  • R. KoM. Will
  • Computer Science
    2014 IEEE 7th International Conference on Cloud Computing
  • 2014
Progger (Provenance Logger), a kernel-space logger which potentially empowers all cloud stakeholders to trace their data, is presented, which provides high assurance of data security and data activity audit.

References

SHOWING 1-10 OF 64 REFERENCES

Kairos: An Architecture for Securing Authorship and Temporal Information of Provenance Data in Grid-Enabled Workflow Management Systems

This work suggests an architecture to provide protection of authorship and temporal information in grid-enabled provenance systems that can be used in the resolution of conflicting intellectual property claims, and in the reliable chronological reconstitution of scientific experiments.

TAP: Time-aware Provenance for Distributed Systems

This paper presents time-aware provenance (TAP), an enhanced provenance model that explicitly represents time, distributed state, and state changes and outlines the research agenda towards developing novel query processing, languages, and optimization techniques that can be used to efficiently and securely query time- aware provenance, even in the presence of transient state or untrusted nodes.

How to Track Your Data: The Case for Cloud Computing Provenance

This paper surveys current mechanisms that support provenance for cloud computing, classify provenance according to its granularities encapsulating the various sets of provenance data for different use cases, and summarizes the challenges and requirements for collecting provenance in a cloud, based on which the gap between current approaches to requirements is shown.

A Security Model for Provenance

A security model for provenance metadata is designed that meets the users’ requirements and protects the structure or work-flow — namely which ancestors and descendants are accessible to which users.

Scientific Workflow Provenance Querying with Security Views

A formalization of scientific workflow provenance as the basis for querying and access control and a security specification mechanism for provenance at various granularity levels and the derivation of a full security specification based on inheritance, overriding, and conflict resolution rules are proposed.

Secure Scientific Workflow Provenance Querying with Security Views

A formalization of scientific workflow provenance as the basis for querying and access control and a security specification mechanism for provenance at various granularity levels and the derivation of a full security specification based on inheritance, overriding, and conflict resolution rules are proposed.

Provenance-Aware Storage Systems

It is shown that with reasonable overhead, a Provenance-Aware Storage System can provide useful functionality not available in today's file systems or provenance management systems.

Trusted Computing and Provenance: Better Together

This paper argues that Trusted computing, a hardware-based method for establishing platform integrity, is not only useful, but immediately applicable, and demonstrates how existing Trusted Computing mechanisms can be used for provenance.

Research Problems in Data Provenance

  • W. Tan
  • Computer Science
    IEEE Data Eng. Bull.
  • 2004
The problem of supporting data provenance in scientific database applications is motivated and the DBNotes prototype developed at UC Santa Cruz is described that can be used to “eagerly” trace the provenance and flow of relational data.

A Formal Model of Provenance in Distributed Systems

The main feature of the π-calculus is that all data products are annotated with metadata representing their provenance, which ensures that data provenance is updated as the computation proceeds.
...