6 research outputs found
Abstracting PROV provenance graphs:A validity-preserving approach
Data provenance is a structured form of metadata designed to record the activities and datasets involved in data production, as well as their dependency relationships. The PROV data model, released by the W3C in 2013, defines a schema and constraints that together provide a structural and semantic foundation for provenance. This enables the interoperable exchange of provenance between data producers and consumers. When the provenance content is sensitive and subject to disclosure restrictions, however, a way of hiding parts of the provenance in a principled way before communicating it to certain parties is required. In this paper we present a provenance abstraction operator that achieves this goal. It maps a graphical representation of a PROV document PG1 to a new abstract version PG2, ensuring that (i) PG2 is a valid PROV graph, and (ii) the dependencies that appear in PG2 are justified by those that appear in PG1. These two properties ensure that further abstraction of abstract PROV graphs is possible. A guiding principle of the work is that of minimum damage: the resultant graph is altered as little as possible, while ensuring that the two properties are maintained. The operator developed is implemented as part of a user tool, described in a separate paper, that lets owners of sensitive provenance information control the abstraction by specifying an abstraction policy.</p
A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud
Provenance plays a pivotal in tracing the origin
of something and determining how and why something had
occurred. With the emergence of the cloud and the benefits it
encompasses, there has been a rapid proliferation of services
being adopted by commercial and government sectors. However,
trust and security concerns for such services are on an unprecedented
scale. Currently, these services expose very little internal
working to their customers; this can cause accountability and
compliance issues especially in the event of a fault or error,
customers and providers are left to point finger at each other.
Provenance-based traceability provides a mean to address part of
this problem by being able to capture and query events occurred
in the past to understand how and why it took place. However,
due to the complexity of the cloud infrastructure, the current
provenance models lack the expressibility required to describe
the inner-working of a cloud service. For a complete solution, a
provenance-aware policy language is also required for operators
and users to define policies for compliance purpose. The current
policy standards do not cater for such requirement.
To address these issues, in this paper we propose a provenance
(traceability) model cProv, and a provenance-aware policy language
(cProvl) to capture traceability data, and express policies
for validating against the model. For implementation, we have
extended the XACML3.0 architecture to support provenance, and
provided a translator that converts cProvl policy and request into
XACML type
Umsetzung des datenschutzrechtlichen Auskunftsanspruchs auf Grundlage von Usage-Control und Data-Provenance-Technologien
Die Komplexität moderner Informationssysteme erschwert die Nachvollziehbarkeit der Verarbeitung personenbezogener Daten. Der einzelne Bürger ist den Systemen quasi ausgeliefert. Das Datenschutzrecht versucht dem entgegenzuwirken. Ein Werkzeug des Datenschutzes zur Herstellung von Transparenz ist der Auskunftsanspruch. Diese Arbeit unterzieht das Recht auf Auskunft einer kritischen Würdigung und schafft umfassende technische Voraussetzungen für dessen Wahrnehmung