Provenance is meta-data about how data items become what they are. A variety of provenance-aware access control models and policy languages have been recently discussed in the literature. However, the issue of eliciting access control requirements related to provenance and of elaborating them as provenance-aware access control policies (ACPs) has received much less attention. This paper explores the approach to engineering provenance-aware ACPs since the beginning of software development. Specifically, this paper introduces a typed provenance model (TPM) to abstract complex provenance graph and presents a TPM-centric process for identification, specification, and refinement of provenance-aware ACPs. We illustrate this process by means of a homework grading system.
{"title":"Engineering access control policies for provenance-aware systems","authors":"Lianshan Sun, Jaehong Park, R. Sandhu","doi":"10.1145/2435349.2435390","DOIUrl":"https://doi.org/10.1145/2435349.2435390","url":null,"abstract":"Provenance is meta-data about how data items become what they are. A variety of provenance-aware access control models and policy languages have been recently discussed in the literature. However, the issue of eliciting access control requirements related to provenance and of elaborating them as provenance-aware access control policies (ACPs) has received much less attention. This paper explores the approach to engineering provenance-aware ACPs since the beginning of software development. Specifically, this paper introduces a typed provenance model (TPM) to abstract complex provenance graph and presents a TPM-centric process for identification, specification, and refinement of provenance-aware ACPs. We illustrate this process by means of a homework grading system.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116881762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The privacy by design approach has already been applied in different areas. We believe that the next challenge in this area today is to go beyond individual cases and to provide methodologies to explore the design space in a systematic way. As a first step in this direction, we focus in this paper on the data minimization principle and consider different options using decentralized architectures in which actors do not necessarily trust each other. We propose a framework to express the parameters to be taken into account (the service to be performed, the actors involved, their respective requirements, etc.) and an inference system to derive properties such as the possibility for an actor to detect potential errors (or frauds) in the computation of a variable. This inference system can be used in the design phase to check if an architecture meets the requirements of the parties or to point out conflicting requirements.
{"title":"Privacy by design: a formal framework for the analysis of architectural choices","authors":"D. Métayer","doi":"10.1145/2435349.2435361","DOIUrl":"https://doi.org/10.1145/2435349.2435361","url":null,"abstract":"The privacy by design approach has already been applied in different areas. We believe that the next challenge in this area today is to go beyond individual cases and to provide methodologies to explore the design space in a systematic way. As a first step in this direction, we focus in this paper on the data minimization principle and consider different options using decentralized architectures in which actors do not necessarily trust each other. We propose a framework to express the parameters to be taken into account (the service to be performed, the actors involved, their respective requirements, etc.) and an inference system to derive properties such as the possibility for an actor to detect potential errors (or frauds) in the computation of a variable. This inference system can be used in the design phase to check if an architecture meets the requirements of the parties or to point out conflicting requirements.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128708245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: