A Security Model for Provenance

Uri Braun and Avi Shinnar.

Abstract

Most security models are designed to protect data. Some also deal with traditional metadata. Provenance metadata introduces additional complexity, as does the delicate interactions between provenance metadata and the data it describes.
We designed a security model for provenance metadata. Our requirements were derived from potential users. The security model consists of two non-interfering models. One protects the structure or work-flow — namely which ancestors and descendants are accessible to which users. A second model specifies which node attributes are accessible to which users. Our evaluation suggests that our security model meets the users' requirements.

Full Paper

The full paper is available as a PDF.

Citation

Bibtex Citation

@TechReport{braun06:provenance-security-model,
  author = {Uri Braun and Avi Shinnar},
  title = {A Security Model for Provenance},
  institution = {Harvard University Computer Science},
  year = 2006,
  number = {TR-04-06},
  month = {Jan}
}

Harvard DEAS Link

It is Harvard University Computer Science Technical Report TR-04-06.

Random Info

This was originally a class project for Margo Seltzer's Research Topics in Operating Systems class. We then turned it into a technical report.