Why provenance needs its own security model - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Why provenance needs its own security model

Description:

Why provenance needs its own security model. Uri Braun. PASS Team. Harvard University ... Many provenance applications involve sensitive data: Regulatory Compliance ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 23
Provided by: urijb
Category:

less

Transcript and Presenter's Notes

Title: Why provenance needs its own security model


1
Why provenance needs its own security model
  • Uri Braun
  • PASS Team
  • Harvard University
  • Workshop on Principles of Provenance
  • November 19-20, 07

2
Provenance needs security
  • Many provenance applications involve sensitive
    data
  • Regulatory Compliance
  • Electronic Medical Records
  • National Security Intelligence

3
National Intelligence EstimateData v. Provenance
Sensitivity
Vice Chair
Chair
Special Advisor
cp vice.txt /shared/
cp chair.txt /shared/
cp advisor.txt /shared/
Public cannot read
Public cannot read
Public cannot read
National Intelligence Estimate
cat /shared/.txt uniq
Public cannot read
4
Outline
  • Motivation
  • Provenance needs its own security model
  • Related Work
  • Recap

5
Provenance needs its own security model
  • Sensitivity(Provenance) ? Sensitivity(Data)
  • Can have cases where sensitivity of
  • Data gt Provenance
  • Provenance gt Data

6
Performance ReviewData v. Provenance Sensitivity
Managers email
Employee cannot read
mail s Joes Review peer1, peer2
Employee cannot read
Employee cannot read
Email to Peer1
Email to Peer2
mail s RE Joes Review manager
mail s RE Joes Review manager
Employee cannot read
Employee cannot read
Email from Peer1
Email from Peer2
X
X
cp peer1 2s emails and edit
Employee can read
7
National Intelligence EstimateData v. Provenance
Sensitivity
Vice Chair
Chair
Special Advisor
cp vice.txt /shared/
cp chair.txt /shared/
cp advisor.txt /shared/
Public cannot read
Public cannot read
Public cannot read
National Intelligence Estimate
cat /shared/.txt uniq
Public cannot read
8
Different from traditional security models
  • Requires attributes different from existing
    security models
  • Relationships fundamentally different
  • Leak information differently

9
Performance ReviewRelationship Leak
Managers email
Employee cannot read
mail s Joes Review peer1, peer2
Employee cannot read
Employee cannot read
Email to Peer1
Email to Peer2
mail s RE Joes Review manager
mail s RE Joes Review manager
Employee cannot read
Employee cannot read
Email from Peer1
Email from Peer2
X
X
cp peer1 2s emails and edit
Employee can read
10
Relationships leak informationin combination with
  • Seemingly unrelated other relationships
  • World knowledge
  • Mere existence of a relationship

11
Outline
  • Motivation
  • Provenance needs its own security model
  • Related Work
  • Provenance Projects
  • Aggregation
  • Applications
  • Recap

12
PASOA
  • Does
  • Ensure non-repudiation
  • Federate identity
  • Obscure portions of records
  • Does not
  • Consider relationships
  • Provide fine grained access control
  • Groth, et. al. D3.1.1 An Architecture for
    Provenance Systems

13
myGrid
  • Does
  • Authentication
  • Access Control per repository
  • Does not
  • Consider relationships
  • Fine grained access control
  • Miles myGrid Security Issues
  • Egglestone Security in the myGrid project

14
Aggregate queries
  • May help understand interaction among
    relationships
  • Does not have a model for relationships
  • No answers for
  • Existence providing data
  • Combining with world knowledge

15
Information Flow
  • Similar to aggregate queries in applicability
  • How do we model
  • Relationships
  • World knowledge
  • Existence

16
Audit logs
  • Audit logs useful for security
  • Security also useful for audit logs
  • Current security is still binary
  • Total access
  • No access
  • Radack NIST SP 800-92 Guide to Computer Log
    Management

17
Metadata security
  • Metadata embedded in documents
  • Word change history has lead to many
    unintentional well publicized leaks
  • Current solution is to remove metadata before
    publishing externally

18
Compliance
  • Increasing interest in tightening financial
    oversight
  • Growing focus on tracking the history of
    decisions
  • Johnson Intersections of Law and Technology in
    Balancing Privacy Rights with Free Information
    Flow

19
Electronic Medical Records
  • Medical records include provenance
  • HIPAA laws mandates access controls
  • Agrawal Hippocratic Databases

20
Outline
  • Motivation
  • Provenance needs its own security model
  • Related Work
  • Recap

21
Recap
  • Provenance needs security
  • Security needs are different
  • No known directly applicable model

22
Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Why provenance needs its own security model" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!