Scientific Workflow Provenance Querying with Security Views

2008 The Ninth International Conference on Web-Age Information Management Pub Date : 2008-07-20 DOI:10.1109/WAIM.2008.41

Artem Chebotko, Seunghan Chang, Shiyong Lu, F. Fotouhi, Ping Yang

{"title":"Scientific Workflow Provenance Querying with Security Views","authors":"Artem Chebotko, Seunghan Chang, Shiyong Lu, F. Fotouhi, Ping Yang","doi":"10.1109/WAIM.2008.41","DOIUrl":null,"url":null,"abstract":"Provenance, the metadata that pertains to the derivation history of a data product, has become increasingly important in scientific workflow environments. In many cases, both data products and their provenance can be sensitive and effective access control mechanisms are essential to protect their confidentiality. In this paper, we propose i) a formalization of scientific workflow provenance as the basis for querying and access control; ii) a security specification mechanism for provenance at various granularity levels and the derivation of a full security specification based on inheritance, overriding, and conflict resolution rules; iii) a formalization of security views that are derived from a scientific workflow run provenance for different roles of users; and iv) a framework that integrates abstraction views and security views such that a user can examine provenance at different abstraction levels while respecting the security policy prescribed for her. We have developed the SecProv prototype to validate the effectiveness of our approach.","PeriodicalId":217119,"journal":{"name":"2008 The Ninth International Conference on Web-Age Information Management","volume":"72 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"54","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 The Ninth International Conference on Web-Age Information Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAIM.2008.41","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 54

Abstract

Provenance, the metadata that pertains to the derivation history of a data product, has become increasingly important in scientific workflow environments. In many cases, both data products and their provenance can be sensitive and effective access control mechanisms are essential to protect their confidentiality. In this paper, we propose i) a formalization of scientific workflow provenance as the basis for querying and access control; ii) a security specification mechanism for provenance at various granularity levels and the derivation of a full security specification based on inheritance, overriding, and conflict resolution rules; iii) a formalization of security views that are derived from a scientific workflow run provenance for different roles of users; and iv) a framework that integrates abstraction views and security views such that a user can examine provenance at different abstraction levels while respecting the security policy prescribed for her. We have developed the SecProv prototype to validate the effectiveness of our approach.

查看原文本刊更多论文

安全视图下的科学工作流来源查询

出处，即与数据产品的派生历史相关的元数据，在科学工作流环境中变得越来越重要。在许多情况下，数据产品及其来源都可能是敏感的，有效的访问控制机制对于保护其机密性至关重要。在本文中，我们提出i)科学工作流来源的形式化作为查询和访问控制的基础;Ii)用于不同粒度级别的来源的安全规范机制，以及基于继承、覆盖和冲突解决规则的完整安全规范的派生;Iii)对安全视图的形式化，这些视图来源于不同用户角色的科学工作流运行来源;iv)集成抽象视图和安全视图的框架，这样用户可以在尊重为其规定的安全策略的同时，在不同的抽象级别检查出处。我们已经开发了SecProv原型来验证我们方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 The Ninth International Conference on Web-Age Information Management

自引率

0.00%

发文量