Computer Science

Computer Science ›› 2019, Vol. 46 ›› Issue (3): 164-169.doi: 10.11896/j.issn.1002-137X.2019.03.025

• Information Security • Previous Articles     Next Articles

Novel Sanitization Approach for Indirect Dependencies in Provenance Graph

SUN Lian-shan, OUYANG Xiao-tong, XU Yan-yan, WANG Yi-xing   

  1. College of Electrical & Information Engineering,Shaanxi University of Science & Technology,Xi’an 710021,China
  • Received:2018-04-26 Revised:2018-06-21 Online:2019-03-15 Published:2019-03-22

PDF (PC)

663

Abstract: Provenance sanitization is a new technology that aims at producing secure provenance views by hiding or redacting sensitive nodes,edges or even indirect dependencies in a provenance graph.However,existing research works mostly focus on sanitizing nodes,rarely on sanitizing edges,not on sanitizing indirect dependencies.To this end,this paper first exemplified the motivations and analyzed the challenges of sanitizing indirect dependencies while keeping utility of provenance views,and formally defined goals and constraints of sanitizing indirect dependencies.Second,this paper proposed a novel mechanism for sanitizing indirect dependencies on the basis of the “Delete+Repair” mechanism for direct dependency in literature.The proposed mechanism includes both deletion rules and repairing rules.Deletion rules specify what edges can be deleted for breaking all connected paths among two end nodes of a sensitive indirect depen-dency while minimizing the sanitization cost.Repairing rules specify what uncertain dependencies can be added for improving the utility of the sanitized provenance views harmed by applying deletion rules.Finally,a comprehensive sanitization algorithm for sanitizing indirect dependency was implemented and experiments was conducted upon an online open dataset.The experiments results show that the proposed approach can effectively sanitize indirect dependencies while preserving utility of the sanitized provenance view.

Key words: Data provenance, Indirect dependency, Information security, PROV-DM, Provenance sanitization

CLC Number: 

  • TP309.2
[1]MING H,ZHANG Y,FU X H.Survey of Data Provenance [J].Journal of Chinese Computer Systems,2012,33(9):1917-1923.(in Chinese)
明华,张勇,符小辉.数据溯源技术综述[J].小型微型计算机系统,2012,33(9):1917-1923.
[2]GURJAR K.Comparative Study of Evaluating Trustworthiness of Data Based on Data Provenance[J].Journal of Information Processing Systems,2016,12(2):234-248.
[3]TAN A Y S,KO R K L,HOLMES G,et al.Provenance for
cloud data accountability[M].The Cloud Security Ecosystem.2015:171 -185.
[4]KOOP D.Versioning Version Trees:The Provenance of Actions that Affect Multiple Versions[C]∥International Provenance and Annotation Workshop(IPAW).Berlin:Springer International Publishing,2016:109-121.
[5]SUN L S,QI Z B,HOU T.A UML model-based analysis approach for provenance-aware access control policies[J].Compu-ter Engineering & Science,2015,37(6):1114-1126.(in Chinese)
孙连山,祁志斌,侯涛.一种基于UML模型的起源感知访问控制策略分析方法[J].计算机工程与科学,2015,37(6):1114-1126.
[6]BRAUN U,SHINNAR A,SELTZER M.Securing provenance
[C]∥Proc of the 3rd USENIX Workshop on Hot Topics in Security.California:USENIX Association,2008:21-25.
[7]DAVIDSON S B,ROY S.Provenance:Privacy and Security
[M].Encyclopedia of Database Systems.Berlin:Springer,2017.
[8]TORRA V,NAVARRO-ARRIBAS G,SANCHEZ-CHARLES
D,et al.Provenance and Privacy[C]∥Modeling Decisions for Artificial Intelligence.Cham:Springer,2017:3-11.
[9]CADENHEAD T,KHADILKAR V,KANTARCIOGLU M,et al.Transforming provenance using redaction[C]∥ACM Symposium on Access Control MODELS and Technologies.Innsbruck:ACM,2011:93-102.
[10]SHI L B,SUN L S,WANG Y X.Survey of data provenance security [J].Application Research of Computers,2017,34(1):1-7.(in Chinese)
石丽波,孙连山,王艺星.数据起源安全研究综述[J].计算机应用研究,2017,34(1):1-7.
[11]HASAN R,SION R,WINSLETT M.Introducing secure provenance:problems and challenges[C]∥ACM Workshop on Sto-rage Security and Survivability.Alexandria:ACM,2007:13-18.
[12]DEY S C,ZINN D.PROPUB:towards a declarative approach for
publishing customized,policy-aware provenance[C]∥International Conference on Scientific and Statistical Database Management.Portland:Springer,2011:225-243.
[13]MISSIER P,BRYANS J,GAMBLE C,et al.ProvAbs:Model,policy,and tooling for abstracting PROV graphs[C]∥Proc of the 5th International Provenance and Annotation Workshop(IPAW) on Provenance and Annotation of Data and Processes.Cologne:Springer,2014:3-15.
[14]HUSSEIN J,MOREAU L,SASSONE V.Obscuring Provenance
Confidential Information via Graph Transformation[C]∥IFIP International Federation for Information Processing,IFIPTM 2015,IFIP AICT 454.2015:109-125.
[15]NAGY N,MOKHTAR H M O,EL-SHARKAWI M E.A Comprehensive Sanitization Approach for Workflow Provenance Graphs[C]∥International Workshop on Privacy and Anonymity in the Information Society.Bordeaus:CEUR,2016:9-16.
[16]WANG Y X,SUN L S,SHI L B.A Provenance Sanitization
Mechanism for Highly Utility[J].Computer Engineering,2018,44(3):144-150.(in Chinese)
王艺星,孙连山,石丽波.一种高效用数据起源过滤机制[J].计算机工程,2018,44(3):144-150.
[17]MISSIER P,BELHAJJAME K,CHENEY J.The W3C PROV
family of specifications for modelling provenance metadata[C]∥Proc of the 16th International Conference on Extending Database Technology.Genoa:ACM,2013:773-776.
[18]KWASNIKOWSKA N,MOREAU L,BUSSCHE J V D.A Formal Account of the Open Provenance Model[J].ACM Transactions on the Web,2015,9(2):1-44.
[19]BLAUSTEIN B,CHAPMAN A,SELIGMAN L,et al.Surro-
gate parenthood:protected and informative graphs[J].Procee-dings of the Vldb Endowment,2011,4(8):518-525.
[20]CHEAH Y W,PLALE B,KENDALL-MORWICK J,et al.A Noisy 10GB Provenance Database[M].Business Process Ma-nagement Workshops.Berlin:Springer,2012:370-381.
[1] YANG Fei-fei, SHEN Si-yu, SHEN De-rong, NIE Tie-zheng, KOU Yue. Method on Multi-granularity Data Provenance for Data Fusion [J]. Computer Science, 2022, 49(5): 120-128.
[2] GU Shuang-jia, LIU Wan-ping, HUANG Dong. Application of Express Information Encryption Based on AES and QR [J]. Computer Science, 2021, 48(11A): 588-591.
[3] XU Kun, FU Yin-jin, CHEN Wei-wei, ZHANG Ya-nan. Research Progress on Blockchain-based Cloud Storage Security Mechanism [J]. Computer Science, 2021, 48(11): 102-115.
[4] LI Bin, ZHOU Qing-lei, SI Xue-ming, CHEN Xiao-jie. Optimized Implementation of Office Password Recovery Based on FPGA Cluster [J]. Computer Science, 2020, 47(11): 32-41.
[5] WANG Hui, ZHOU Ming-ming. Medical Information Security Storage Model Based on Blockchain Technology [J]. Computer Science, 2019, 46(12): 174-179.
[6] ZHAN Xiong, GUO Hao, HE Xiao-yun, LIU Zhou-bin, SUN Xue-jie, CHEN Hong-song. Research on Security Risk Assessment Method of State Grid Edge Computing Information System [J]. Computer Science, 2019, 46(11A): 428-432.
[7] ZHOU Yi-hua, ZHANG Bing, YANG Yu-guang, SHI Wei-min. Cluster-based Social Network Privacy Protection Method [J]. Computer Science, 2019, 46(10): 154-160.
[8] DING Qing-yang, WANG Xiu-li, ZHU Jian-ming and SONG Biao. Information Security Framework Based on Blockchain for Cyber-physics System [J]. Computer Science, 2018, 45(2): 32-39.
[9] LENG Qiang, YANG Ying-jie, HU Hao. Self-adaption Adjustment Method for Experts in Risk Assessment [J]. Computer Science, 2018, 45(12): 98-103.
[10] DU Xing-zhou, ZHANG Kai, JIANG Kun, MA Hao-bo. Research on Blockchain-based Information Transmission and Tracing Pattern in Digitized Command-and-Control System [J]. Computer Science, 2018, 45(11A): 576-579.
[11] DONG Gui-shan, CHEN Yu-xiang, ZHANG Zhao-lei, BAI Jian, HAO Yao. Research on Identity Management Authentication Based on Blockchain [J]. Computer Science, 2018, 45(11): 52-59.
[12] DING Li-tong, FAN Jiu-lun and LIU Yi-xian. Method of Safety Evaluation for System Group Based on Grey Clustering [J]. Computer Science, 2017, 44(Z11): 372-376.
[13] ZHANG Liang-liang, ZHANG Yi-wei, LIANG Jie, SUN Rui-yi and WANG Xin-an. Information Security in New Quantum Technology Age [J]. Computer Science, 2017, 44(7): 1-7.
[14] ZHANG Li, LI Qing-sheng and LIU Quan. Chinese Character Generation Model for Cloud Information Security [J]. Computer Science, 2016, 43(Z11): 417-421.
[15] QI Fa-zhi and SUN Zhi-hui. Rapid Analysis Method of Malicious Code Based on Feature Threshold [J]. Computer Science, 2016, 43(Z11): 342-345.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.