Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.

Published byAbigail Whetstone Modified over 9 years ago

Similar presentations

Presentation on theme: "11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park."— Presentation transcript:

1 11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio August 09, 2012 International Conference on Information Reuse and Integration Institute for Cyber Security

2 PROVENANCE-AWARE SYSTEM Provenance of a digital data object is defined as the documentation of its origin and all the processes that influence and lead to its current state. In a provenance-aware system, related provenance information of system transactions/events are captured, stored, and maintained. Provenance potentially provides many enhanced benefits: usage tracking, workflow control, versioning, trustworthiness, repeatabity, access control, etc. Provenance information may be more sensitive than the underlying data. World-Leading Research with Real-World Impact!

3 Is necessary: Integrity, Confidentiality, Availability, Privacy Our focus: Access Control. Two aspects: Provenance-based Access Control and Provenance Access Control. Provenance data naturally forms a Directed-Acyclic Graph (DAG), aligned with information flow and causality SECURE DIGITAL PROVENANCE World-Leading Research with Real-World Impact!

4 GROUP-CENTRIC COLLABORATION Difference in the incorporation of base model for PBAC in uni vs. multi-provenance systems. Group-centric collaboration provides secure information sharing. Support administrative and usage operations. Focus on usage operations such as: Add, Merge, Update, Create. World-Leading Research with Real-World Impact!

5 PBAC MODEL World-Leading Research with Real-World Impact!

6 OPEN PROVENANCE MODEL (OPM) World-Leading Research with Real-World Impact!

7 An object is created in org1 and modified locally into versions in accordance to the versioning system. At some point in time, a version of this object is added to a collaboration group cg1 so users from a different organization can participate in updating the object content (now represented as a different object with its own versions). Meanwhile, users in the org1 also perform updates on local versions. At some point, a version of the object from cg1 is merged back to the version tree of the original object in org1 A SIMPLIFIED SCENARIO

8 A SIMPLIFIED OPM SCENARIO World-Leading Research with Real-World Impact!

9 SAMPLE POLICIES/ DLIST (wasDerivedVersionOfCopyOf:: [g(Update).u]*.g(Add).u) (creatorOfOriginalVersionOf :: [g(Update).u]*.g(Add).u.[g(Update).u]*.g(Create).c) World-Leading Research with Real-World Impact! Req (ad1,merge,CG1.o2v3,Org1.o1v2) ? Req(au2.1,update,CG1.o2v3) ?

10 TAXONOMY OF APPROACHES World-Leading Research with Real-World Impact!

11 Three types of response, each require different additional information: 1.Y or N: (startingNode_new,dPath_new,rule_new) must be transmitted. 2. Resulting Nodes: (startingNode_new,dPath_new) must be transmitted. 3. Provenance Data Set: (startingNode_new) must be transmitted. CASCADING QUERY A reconstructed query from the local query. Can be transmitted and evaluated in remote system. World-Leading Research with Real-World Impact!

12 CASCADING QUERY RESPONSE ORG1CG1 (startingNode_new,dPath_new,rule_new) (startingNode_new,dPath_new) (startingNode_new) Y or N Resulting Nodes Provenance Data Set World-Leading Research with Real-World Impact!

13 STICKY PROVENANCE DATA The sticky provenance data of an object/version contains all the provenance information of that object/version up to the point in time when the information flow takes place. Allows a locally generated query to be fully evaluated for decision making. Demonstrate with a modified scenario next. World-Leading Research with Real-World Impact!

14 A “STICKY” SCENARIO World-Leading Research with Real-World Impact! SPD

15 A “STICKY” SCENARIO World-Leading Research with Real-World Impact! SPD CG1 Policy: No Update actions can be performed on a group version if the original organization object version had been updated

16 World-Leading Research with Real-World Impact! A “STICKIER” SCENARIO Should SPD(o3v1) contain: SPD(o2v1,o2v2) ? SPD(o2v1,o2v2) + SPD(o2v1) ?

17 CONCLUSION Demonstrated the incorporation of PBAC in a Group-centric collaboration environment. Identified the issue in a multi-provenance systems setting. Proposed two approaches to address such issue. World-Leading Research with Real-World Impact!

Download ppt "11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),
QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Institute for Cyber Security

Institute for Cyber Security
Towards A Framework for Cyber Social Status Based Trusted Open Collaboration Oct. 9, 2010 Jaehong Park, Yuan Cheng, Ravi Sandhu Institute for Cyber Security.

Towards A Framework for Cyber Social Status Based Trusted Open Collaboration Oct. 9, 2010 Jaehong Park, Yuan Cheng, Ravi Sandhu Institute for Cyber Security.
11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.

11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.
Presentation by Priyanka Sawarkar

Presentation by Priyanka Sawarkar
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
A Provenance-based Access Control Model for Dynamic Separation of Duties July 10, 2013 PST 2013 Dang Nguyen, Jaehong Park, and Ravi Sandhu Institute for.

A Provenance-based Access Control Model for Dynamic Separation of Duties July 10, 2013 PST 2013 Dang Nguyen, Jaehong Park, and Ravi Sandhu Institute for.
Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.

Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.
HP Quality Center Overview.

HP Quality Center Overview.
ADD UCEDD TA Institute Panel: The Future of UCEDD Accountability Lu Zeph, Ed.D. June 2, 2009.

ADD UCEDD TA Institute Panel: The Future of UCEDD Accountability Lu Zeph, Ed.D. June 2, 2009.
A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.

A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair

1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute for Cyber Security University of Texas at San Antonio 1.

Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute for Cyber Security University of Texas at San Antonio 1.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Provenance in Open Distributed Information Systems Syed Imran Jami PhD Candidate FAST-NU.

Provenance in Open Distributed Information Systems Syed Imran Jami PhD Candidate FAST-NU.
Administration & Workflow

Administration & Workflow
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

Similar presentations

Ads by Google