A policy language definition for provenance in pervasive computing

Recent advances in computing technology have led to the paradigm of pervasive computing, which provides a means of simplifying daily life by integrating information processing into the everyday physical world. Pervasive computing draws its power from knowing the surroundings and creates an environment which combines computing and communication capabilities. Sensors that provide high-resolution spatial and instant measurement are most commonly used for forecasting, monitoring and real-time environmental modelling. Sensor data generated by a sensor network depends on several influences, such as the configuration and location of the sensors or the processing performed on the raw measurements. Storing sufficient metadata that gives meaning to the recorded observation is important in order to draw accurate conclusions or to enhance the reliability of the result dataset that uses this automatically collected data. This kind of metadata is called provenance data, as the origin of the data and the process by which it arrived from its origin are recorded. Provenance is still an exploratory field in pervasive computing and many open research questions are yet to emerge. The context information and the different characteristics of the pervasive environment call for different approaches to a provenance support system. This work implements a policy language definition that specifies the collecting model for provenance management systems and addresses the challenges that arise with stream data and sensor environments. The structure graph of the proposed model is mapped to the Open Provenance Model in order to facilitating the sharing of provenance data and interoperability with other systems. As provenance security has been recognized as one of the most important components in any provenance system, an access control language has been developed that is tailored to support the special requirements of provenance: fine-grained polices, privacy policies and preferences. Experimental evaluation findings show a reasonable overhead for provenance collecting and a reasonable time for provenance query performance, while a numerical analysis was used to evaluate the storage overhead

A LIGHTWEIGHT PROTECTED SCHEME FOR DETECTING ATTRIBUTION FORGERY AND PACKET DROP ATTACKS IN WSN

IN Wireless sensor networks Large-scale sensor networks are deployed in numerous application domains, and the data they collect are used in decision-making for critical infrastructures. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. A malicious adversary may introduce additional nodes in the network or compromise existing ones. Therefore, assuring high data trustworthiness is crucial for correct decision-making. Data provenance represents a key factor in evaluating the trustworthiness of sensor data. Provenance management for sensor networks introduces several challenging requirements, such as low energy and bandwidth consumption, efficient storage and secure transmission. In this paper, we propose a novel lightweight scheme to securely transmit provenance for sensor data. The proposed technique relies on in-packet Bloom filters to encode provenance. We introduce efficient mechanisms for provenance verification and reconstruction at the base station. In addition, we extend the secure provenance scheme with functionality to detect packet drop attacks staged by malicious data forwarding nodes. We evaluate the proposed technique both analytically and empirically, and the results prove the effectiveness and efficiency of the lightweight secure provenance scheme in detecting packet forgery and loss attacks

Digital provenance - models, systems, and applications

Data provenance refers to the history of creation and manipulation of a data object and is being widely used in various application domains including scientific experiments, grid computing, file and storage system, streaming data etc. However, existing provenance systems operate at a single layer of abstraction (workflow/process/OS) at which they record and store provenance whereas the provenance captured from different layers provide the highest benefit when integrated through a unified provenance framework. To build such a framework, a comprehensive provenance model able to represent the provenance of data objects with various semantics and granularity is the first step. In this thesis, we propose a such a comprehensive provenance model and present an abstract schema of the model. ^ We further explore the secure provenance solutions for distributed systems, namely streaming data, wireless sensor networks (WSNs) and virtualized environments. We design a customizable file provenance system with an application to the provenance infrastructure for virtualized environments. The system supports automatic collection and management of file provenance metadata, characterized by our provenance model. Based on the proposed provenance framework, we devise a mechanism for detecting data exfiltration attack in a file system. We then move to the direction of secure provenance communication in streaming environment and propose two secure provenance schemes focusing on WSNs. The basic provenance scheme is extended in order to detect packet dropping adversaries on the data flow path over a period of time. We also consider the issue of attack recovery and present an extensive incident response and prevention system specifically designed for WSNs

Digital provenance - models, systems, and applications

Data provenance refers to the history of creation and manipulation of a data object and is being widely used in various application domains including scientific experiments, grid computing, file and storage system, streaming data etc. However, existing provenance systems operate at a single layer of abstraction (workflow/process/OS) at which they record and store provenance whereas the provenance captured from different layers provide the highest benefit when integrated through a unified provenance framework. To build such a framework, a comprehensive provenance model able to represent the provenance of data objects with various semantics and granularity is the first step. In this thesis, we propose a such a comprehensive provenance model and present an abstract schema of the model. ^ We further explore the secure provenance solutions for distributed systems, namely streaming data, wireless sensor networks (WSNs) and virtualized environments. We design a customizable file provenance system with an application to the provenance infrastructure for virtualized environments. The system supports automatic collection and management of file provenance metadata, characterized by our provenance model. Based on the proposed provenance framework, we devise a mechanism for detecting data exfiltration attack in a file system. We then move to the direction of secure provenance communication in streaming environment and propose two secure provenance schemes focusing on WSNs. The basic provenance scheme is extended in order to detect packet dropping adversaries on the data flow path over a period of time. We also consider the issue of attack recovery and present an extensive incident response and prevention system specifically designed for WSNs

Provenance-enabled Packet Path Tracing in the RPL-based Internet of Things

The interconnection of resource-constrained and globally accessible things with untrusted and unreliable Internet make them vulnerable to attacks including data forging, false data injection, and packet drop that affects applications with critical decision-making processes. For data trustworthiness, reliance on provenance is considered to be an effective mechanism that tracks both data acquisition and data transmission. However, provenance management for sensor networks introduces several challenges, such as low energy, bandwidth consumption, and efficient storage. This paper attempts to identify packet drop (either maliciously or due to network disruptions) and detect faulty or misbehaving nodes in the Routing Protocol for Low-Power and Lossy Networks (RPL) by following a bi-fold provenance-enabled packed path tracing (PPPT) approach. Firstly, a system-level ordered-provenance information encapsulates the data generating nodes and the forwarding nodes in the data packet. Secondly, to closely monitor the dropped packets, a node-level provenance in the form of the packet sequence number is enclosed as a routing entry in the routing table of each participating node. Lossless in nature, both approaches conserve the provenance size satisfying processing and storage requirements of IoT devices. Finally, we evaluate the efficacy of the proposed scheme with respect to provenance size, provenance generation time, and energy consumption.Comment: 14 pages, 18 Figure

A TRIVIAL PROTECTED PLAN FOR DETECT ATTRIBUTION FAKE AND CONTAINER PLUNGE ATTACKS IN WIRELESS SENSOR NETWORKS

Data provenance represents an essential consider evaluating the standing of sensor data. Large-scale sensor systems are deployed in many application domains, along with data they collect are employed in decision-creating critical infrastructures. A malicious foe may introduce additional nodes within the network or compromise existing ones. Therefore, assuring high data trustworthiness is important for proper decision-making. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. Provenance management for sensor systems introduces several challenging needs, for example low energy and bandwidth consumption, efficient storage and secure transmission. During this paper, we advise a manuscript lightweight plan to safely transmit provenance for sensor data. The suggested technique depends upon in packet Blossom filters to encode provenance. We introduce efficient mechanisms for provenance verification and renovation inside the base station. Furthermore, we extend the secure provenance plan with functionality to know packet drop attacks staged by malicious data forwarding nodes. We consider the suggested technique both analytically and empirically, along with results prove the success and efficiency within the lightweight secure provenance plan to find packet forgery and loss attacks

A FROTHY ENDANGERED SYSTEM FOR IDENTIFYING ATTRIBUTION FAKE AND PACK DRIP ROUNDS IN WIRELESS SENSOR NETWORKS

Data provenance represents an important consider evaluating the standing of sensor data. Large-scale sensor systems are deployed in lots of application domains, combined with the data they collect be employed in decision-creating critical infrastructures. A malicious foe may introduce additional nodes inside the network or compromise existing ones. Therefore, assuring high data trustworthiness is essential for correct decision-making. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. Provenance management for sensor systems introduces several challenging needs, for instance low energy and bandwidth consumption, efficient storage and secure transmission. In this paper, we advise a manuscript lightweight intend to securely transmit provenance for sensor data. The recommended technique is dependent upon in packet Blossom filters to encode provenance. We introduce efficient mechanisms for provenance verification and renovation within the base station. Additionally, we extend the secure provenance plan with functionality to understand packet drop attacks staged by malicious data forwarding nodes. We look at the recommended technique both analytically and empirically, combined with the results prove the success and efficiency inside the lightweight secure provenance intend to find packet forgery and loss attacks

MALICIOUS ADVERSARY DECISION MAKING FOR COMPLEX INFRASTRUCTURES

A malicious foe may introduce additional nodes within the network or compromise existing ones. Therefore, assuring high data trustworthiness is vital for proper decision-making. Data provenance represents a vital element in evaluating the standing of sensor data. Large-scale sensor systems are deployed in several application domains, and also the data they collect are utilized in decision-creating critical infrastructures. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. Provenance management for sensor systems introduces several challenging needs, for example low energy and bandwidth consumption, efficient storage and secure transmission. Within this paper, we advise a manuscript lightweight plan to safely transmit provenance for sensor data. The suggested technique depends on in packet Blossom filters to encode provenance. We assess the suggested technique both analytically and empirically, and also the results prove the success and efficiency from the lightweight secure provenance plan in discovering packet forgery and loss attacks. We introduce efficient mechanisms for provenance verification and renovation in the base station. Additionally, we extend the secure provenance plan with functionality to identify packet drop attacks staged by malicious data forwarding nodes

Dura

The reactive event processing language, that is developed in the context of this project, has been called DEAL in previous documents. When we chose this name for our language it has not been used by other authors working in the same research area (complex event processing). However, in the meantime it appears in publications of other authors and because we have not used the name in publications yet we cannot claim that we were the first to use it. In order to avoid ambiguities and name conflicts in future publications we decided to rename our language to Dura which stands for “Declarative uniform reactive event processing language”. Therefore the title of this deliverable has been updated to “Dura – Concepts and Examples”