计算机科学

计算机科学 ›› 2019, Vol. 46 ›› Issue (3): 164-169.doi: 10.11896/j.issn.1002-137X.2019.03.025

• 信息安全 • 上一篇    下一篇

面向间接依赖的数据起源过滤方法

孙连山,欧阳晓通,徐艳艳,王艺星   

  1. (陕西科技大学电气与信息工程学院 西安 710021)
  • 收稿日期:2018-04-26 修回日期:2018-06-21 出版日期:2019-03-15 发布日期:2019-03-22
  • 通讯作者: 孙连山(1977-),男,博士,副教授,CCF会员,主要研究方向为软件安全工程和数据安全与隐私,E-mail:sunlianshan@sust.edu.cn(通信作者)
  • 作者简介:欧阳晓通(1993-),男,硕士生,主要研究方向为起源数据安全;徐艳艳(1995-),女,硕士生,主要研究方向为起源数据安全;王艺星(1993-),女,硕士生,主要研究方向为起源数据安全。
  • 基金资助:
    国家自然科学青年基金资助项目(61202019),陕西省教育厅自然科学专项(17JK0087)资助

Novel Sanitization Approach for Indirect Dependencies in Provenance Graph

SUN Lian-shan, OUYANG Xiao-tong, XU Yan-yan, WANG Yi-xing   

  1. College of Electrical & Information Engineering,Shaanxi University of Science & Technology,Xi’an 710021,China
  • Received:2018-04-26 Revised:2018-06-21 Online:2019-03-15 Published:2019-03-22

PDF (PC)

667

摘要: 起源过滤是改造起源图,隐藏起源图中所蕴含的敏感信息的新兴技术。然而,现有的起源过滤研究大多关注节点过滤问题,很少关注边过滤问题,尚未关注并解决间接依赖过滤问题。首先,结合实例阐明过滤间接依赖的动机以及保持溯源效用的挑战,并形式地定义起源间接依赖过滤的目标和约束。其次,扩展针对边的“删除+修复”过滤机制,提出一种面向间接依赖的过滤方法。该方法采用最小代价决策法和贪婪算法设计删除策略,断开与间接依赖对应的所有连通路径,通过在被破坏的非敏感间接依赖端点之间引入非确定依赖关系来修复过滤视图的效用。最后,采用在线开放起源数据集开展模拟实验。实验结果表明,所提方法能在过滤敏感间接依赖的同时保持过滤视图的效用。

关键词: PROV数据模型, 间接依赖, 起源过滤, 数据起源, 信息安全

Abstract: Provenance sanitization is a new technology that aims at producing secure provenance views by hiding or redacting sensitive nodes,edges or even indirect dependencies in a provenance graph.However,existing research works mostly focus on sanitizing nodes,rarely on sanitizing edges,not on sanitizing indirect dependencies.To this end,this paper first exemplified the motivations and analyzed the challenges of sanitizing indirect dependencies while keeping utility of provenance views,and formally defined goals and constraints of sanitizing indirect dependencies.Second,this paper proposed a novel mechanism for sanitizing indirect dependencies on the basis of the “Delete+Repair” mechanism for direct dependency in literature.The proposed mechanism includes both deletion rules and repairing rules.Deletion rules specify what edges can be deleted for breaking all connected paths among two end nodes of a sensitive indirect depen-dency while minimizing the sanitization cost.Repairing rules specify what uncertain dependencies can be added for improving the utility of the sanitized provenance views harmed by applying deletion rules.Finally,a comprehensive sanitization algorithm for sanitizing indirect dependency was implemented and experiments was conducted upon an online open dataset.The experiments results show that the proposed approach can effectively sanitize indirect dependencies while preserving utility of the sanitized provenance view.

Key words: Data provenance, Indirect dependency, Information security, PROV-DM, Provenance sanitization

中图分类号: 

  • TP309.2
[1]MING H,ZHANG Y,FU X H.Survey of Data Provenance [J].Journal of Chinese Computer Systems,2012,33(9):1917-1923.(in Chinese)
明华,张勇,符小辉.数据溯源技术综述[J].小型微型计算机系统,2012,33(9):1917-1923.
[2]GURJAR K.Comparative Study of Evaluating Trustworthiness of Data Based on Data Provenance[J].Journal of Information Processing Systems,2016,12(2):234-248.
[3]TAN A Y S,KO R K L,HOLMES G,et al.Provenance for
cloud data accountability[M].The Cloud Security Ecosystem.2015:171 -185.
[4]KOOP D.Versioning Version Trees:The Provenance of Actions that Affect Multiple Versions[C]∥International Provenance and Annotation Workshop(IPAW).Berlin:Springer International Publishing,2016:109-121.
[5]SUN L S,QI Z B,HOU T.A UML model-based analysis approach for provenance-aware access control policies[J].Compu-ter Engineering & Science,2015,37(6):1114-1126.(in Chinese)
孙连山,祁志斌,侯涛.一种基于UML模型的起源感知访问控制策略分析方法[J].计算机工程与科学,2015,37(6):1114-1126.
[6]BRAUN U,SHINNAR A,SELTZER M.Securing provenance
[C]∥Proc of the 3rd USENIX Workshop on Hot Topics in Security.California:USENIX Association,2008:21-25.
[7]DAVIDSON S B,ROY S.Provenance:Privacy and Security
[M].Encyclopedia of Database Systems.Berlin:Springer,2017.
[8]TORRA V,NAVARRO-ARRIBAS G,SANCHEZ-CHARLES
D,et al.Provenance and Privacy[C]∥Modeling Decisions for Artificial Intelligence.Cham:Springer,2017:3-11.
[9]CADENHEAD T,KHADILKAR V,KANTARCIOGLU M,et al.Transforming provenance using redaction[C]∥ACM Symposium on Access Control MODELS and Technologies.Innsbruck:ACM,2011:93-102.
[10]SHI L B,SUN L S,WANG Y X.Survey of data provenance security [J].Application Research of Computers,2017,34(1):1-7.(in Chinese)
石丽波,孙连山,王艺星.数据起源安全研究综述[J].计算机应用研究,2017,34(1):1-7.
[11]HASAN R,SION R,WINSLETT M.Introducing secure provenance:problems and challenges[C]∥ACM Workshop on Sto-rage Security and Survivability.Alexandria:ACM,2007:13-18.
[12]DEY S C,ZINN D.PROPUB:towards a declarative approach for
publishing customized,policy-aware provenance[C]∥International Conference on Scientific and Statistical Database Management.Portland:Springer,2011:225-243.
[13]MISSIER P,BRYANS J,GAMBLE C,et al.ProvAbs:Model,policy,and tooling for abstracting PROV graphs[C]∥Proc of the 5th International Provenance and Annotation Workshop(IPAW) on Provenance and Annotation of Data and Processes.Cologne:Springer,2014:3-15.
[14]HUSSEIN J,MOREAU L,SASSONE V.Obscuring Provenance
Confidential Information via Graph Transformation[C]∥IFIP International Federation for Information Processing,IFIPTM 2015,IFIP AICT 454.2015:109-125.
[15]NAGY N,MOKHTAR H M O,EL-SHARKAWI M E.A Comprehensive Sanitization Approach for Workflow Provenance Graphs[C]∥International Workshop on Privacy and Anonymity in the Information Society.Bordeaus:CEUR,2016:9-16.
[16]WANG Y X,SUN L S,SHI L B.A Provenance Sanitization
Mechanism for Highly Utility[J].Computer Engineering,2018,44(3):144-150.(in Chinese)
王艺星,孙连山,石丽波.一种高效用数据起源过滤机制[J].计算机工程,2018,44(3):144-150.
[17]MISSIER P,BELHAJJAME K,CHENEY J.The W3C PROV
family of specifications for modelling provenance metadata[C]∥Proc of the 16th International Conference on Extending Database Technology.Genoa:ACM,2013:773-776.
[18]KWASNIKOWSKA N,MOREAU L,BUSSCHE J V D.A Formal Account of the Open Provenance Model[J].ACM Transactions on the Web,2015,9(2):1-44.
[19]BLAUSTEIN B,CHAPMAN A,SELIGMAN L,et al.Surro-
gate parenthood:protected and informative graphs[J].Procee-dings of the Vldb Endowment,2011,4(8):518-525.
[20]CHEAH Y W,PLALE B,KENDALL-MORWICK J,et al.A Noisy 10GB Provenance Database[M].Business Process Ma-nagement Workshops.Berlin:Springer,2012:370-381.
[1] 刘凯祥, 谢永芳, 陈新, 吕飞, 刘俊矫.
基于DTMC的工业串行协议状态检测算法
Industrial Serial Protocol State Detection Algorithm Based on DTMC
计算机科学, 2022, 49(3): 301-307. https://doi.org/10.11896/jsjkx.210200078
[2] 辜双佳, 刘万平, 黄东.
基于AES和QR的快递信息加密应用
Application of Express Information Encryption Based on AES and QR
计算机科学, 2021, 48(11A): 588-591. https://doi.org/10.11896/jsjkx.210100024
[3] 李斌, 周清雷, 斯雪明, 陈晓杰.
基于FPGA集群的Office口令恢复优化实现
Optimized Implementation of Office Password Recovery Based on FPGA Cluster
计算机科学, 2020, 47(11): 32-41. https://doi.org/10.11896/jsjkx.200500040
[4] 王辉, 周明明.
基于区块链的医疗信息安全存储模型
Medical Information Security Storage Model Based on Blockchain Technology
计算机科学, 2019, 46(12): 174-179. https://doi.org/10.11896/jsjkx.181102034
[5] 詹雄, 郭昊, 何小芸, 刘周斌, 孙学洁, 陈红松.
国家电网边缘计算信息系统安全风险评估方法研究
Research on Security Risk Assessment Method of State Grid Edge Computing Information System
计算机科学, 2019, 46(11A): 428-432.
[6] 周艺华, 张冰, 杨宇光, 侍伟敏.
基于聚类的社交网络隐私保护方法
Cluster-based Social Network Privacy Protection Method
计算机科学, 2019, 46(10): 154-160. https://doi.org/10.11896/jsjkx.180901749
[7] 丁庆洋,王秀利,朱建明,宋彪.
基于区块链的信息物理融合系统的信息安全保护框架
Information Security Framework Based on Blockchain for Cyber-physics System
计算机科学, 2018, 45(2): 32-39. https://doi.org/10.11896/j.issn.1002-137X.2018.02.006
[8] 冷强, 杨英杰, 胡浩.
面向风险评估的专家权重自适应调整方法
Self-adaption Adjustment Method for Experts in Risk Assessment
计算机科学, 2018, 45(12): 98-103. https://doi.org/10.11896/j.issn.1002-137X.2018.12.015
[9] 杜行舟, 张凯, 江坤, 马昊伯.
基于区块链的数字化指挥控制系统信息传输与追溯模式研究
Research on Blockchain-based Information Transmission and Tracing Pattern in Digitized Command-and-Control System
计算机科学, 2018, 45(11A): 576-579.
[10] 董贵山, 陈宇翔, 张兆雷, 白健, 郝尧.
基于区块链的身份管理认证研究
Research on Identity Management Authentication Based on Blockchain
计算机科学, 2018, 45(11): 52-59. https://doi.org/10.11896/j.issn.1002-137X.2018.11.006
[11] 丁立彤,范九伦,刘意先.
基于灰色聚类的系统群安全评估方法
Method of Safety Evaluation for System Group Based on Grey Clustering
计算机科学, 2017, 44(Z11): 372-376. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.078
[12] 张亮亮,张翌维,梁洁,孙瑞一,王新安.
新量子技术时代下的信息安全
Information Security in New Quantum Technology Age
计算机科学, 2017, 44(7): 1-7. https://doi.org/10.11896/j.issn.1002-137X.2017.07.001
[13] 齐法制,孙智慧.
基于特征阈值的恶意代码快速分析方法
Rapid Analysis Method of Malicious Code Based on Feature Threshold
计算机科学, 2016, 43(Z11): 342-345. https://doi.org/10.11896/j.issn.1002-137X.2016.11A.079
[14] 张莉,栗青生,刘泉.
一种云端信息安全字形的生成模型
Chinese Character Generation Model for Cloud Information Security
计算机科学, 2016, 43(Z11): 417-421. https://doi.org/10.11896/j.issn.1002-137X.2016.11A.095
[15] 束柬,梁昌勇.
基于DS理论的多源证据融合云安全信任模型
Dynamic Trust Model Based on DS Evidence Theory under Cloud Computing Environment
计算机科学, 2016, 43(8): 105-109. https://doi.org/10.11896/j.issn.1002-137X.2016.08.022
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发