Access control on provenance

Though provenance has long played a major role in the context of art and archaeology (in terms of lineage or pedigree), more recently it has become more important for data in various sectors such as finance and medicine. It is not just about the origin or creator of data but also what sort of operations have been performed by whom and in what context, especially when it comes to security and privacy. As provenance research on security stays at its initial stage,some open problems and research challenges have been identified for provenance research, specifically in terms of security issues. Access control involving provenance is treated as a primary security issue, and is the main area to which we are trying to contribute. Integrity and non-repudiation should also be ensured for provenance. This thesis mainly focuses on preserving the security of provenance as well as utilising provenance as conditions to control proper access to data. The contributions of the thesis are illustrated as follows: We propose three frameworks of access control policies on provenance. The Partition-based Access Control Policy Language on Provenance is tailored based on our extended provenance model (OPM+). The fine-grained policies determine access for provenance, based on our defined provenance partitions instead of whole provenance graphs. Moreover, Algorithms for merging policy results and transferring provenance graphs according to policy results are provided as well. Following this, The Provenance-based Access Control policies employs provenance partitions as conditions to evaluate accessibility for data. Our proposed policies distinguish different types of attributes extracted from provenance, where the result of each policy is a value in the "four-valued" decisions set. Policy algebras for the "four-valued" decision set are tailored accordingly. Further, to provide a comprehensive scope for access control policies involving provenance, Purpose-based Access Policies on provenance are proposed. This defines allowed/prohibited access purposes for data based on attributes in provenance. A series of corresponding internal and external policy algebras is provided to merge purpose sets. We also provide two cryptographic schemes to implement access control policies involving provenance. One scheme implements Provenance-based file Classification Policies which sort files based on given provenance partitions (keywords) from their provenance. The scheme enables to search given provenance partitions in the ciphertext of provenance as well as check authentication of users. The other scheme is derived from attribute-based access control encryption schemes. It allows data owners to encrypt data based on Provenance-based Access Control policies.