Provenance plays a pivotal in tracing the origin\ud of something and determining how and why something had\ud occurred. With the emergence of the cloud and the benefits it\ud encompasses, there has been a rapid proliferation of services\ud being adopted by commercial and government sectors. However,\ud trust and security concerns for such services are on an unprecedented\ud scale. Currently, these services expose very little internal\ud working to their customers; this can cause accountability and\ud compliance issues especially in the event of a fault or error,\ud customers and providers are left to point finger at each other.\ud Provenance-based traceability provides a mean to address part of\ud this problem by being able to capture and query events occurred\ud in the past to understand how and why it took place. However,\ud due to the complexity of the cloud infrastructure, the current\ud provenance models lack the expressibility required to describe\ud the inner-working of a cloud service. For a complete solution, a\ud provenance-aware policy language is also required for operators\ud and users to define policies for compliance purpose. The current\ud policy standards do not cater for such requirement.\ud To address these issues, in this paper we propose a provenance\ud (traceability) model cProv, and a provenance-aware policy language\ud (cProvl) to capture traceability data, and express policies\ud for validating against the model. For implementation, we have\ud extended the XACML3.0 architecture to support provenance, and\ud provided a translator that converts cProvl policy and request into\ud XACML type
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.