Provenance is a directed graph that captures historical information about data items in Provenance-Aware Systems (PAS). A variety of access control models and policy languages specific to PAS have been recently discussed in literature. However, it is still not clear how to efficiently specify provenance-aware access control policies and how to effectively enforce these policies with respect to complex provenance graph that can only be captured at run-time. To this end, we design and implement a provenance-aware access control framework with a layered architecture that features an abstract layer, including a Typed Provenance Model (TPM) and a set of TPM interpreters. TPM includes a set of abstract provenance types enabling efficient specification of provenance-aware policies. New provenance types can be composed of extant ones for specifying new policies. TPM interpreters can be integrated to enable the policy enforcement with respect to provenance graphs in different physical representations. By treating provenance types as special attributes, the proposed framework enables an adoption of provenance-aware access control in existing attribute-based access control frameworks, such as XACML-compliant ones. We implement the proposed framework by extending SUN's XACML implementation and show that it facilitates the specification of provenance-aware policies in XACML with minor extensions. We also analyze the performance of the proposed framework.
Read full abstract