Analysis of Scientific Workflow Provenance Access Control Policies

Abstract

Provenance has become an important concept for services computing in general, and for scientific workflows in particular. Provenance often contains confidential data and dependencies whose access needs to be protected. Provenance access control policies control who can access which provenance information. Correct specification of provenance access control policies is critical to ensure system security. However, due to the sheer size of provenance, it is often difficult to comprehend the full effects of an access control policy by manual inspection alone due to complex multi-step dependencies and their interactions. In this paper, we present automated analysis algorithms and complexity results for three provenance analysis problems. We have also developed incremental strategies for these algorithms for evolving provenance and access control policies.