More Web Proxy on the site http://driver.im/

Article

Trusted computing and provenance: better together

Authors:

Andrew MartinAuthors Info & Claims

TAPP'10: Proceedings of the 2nd conference on Theory and practice of provenance

Page 1

Published: 22 February 2010 Publication History

Abstract

It is widely realised that provenance systems can benefit from greater awareness of security principles and the use of security technology. In this paper, we argue that Trusted Computing, a hardware-based method for establishing platform integrity, is not only useful, but immediately applicable. We demonstrate how existing Trusted Computing mechanisms can be used for provenance, and identify the remarkable similarity and overlap between the two research areas. This is accomplished through presenting architectural ideas for a trusted provenance system, and by comparing the respective requirements and capabilities of trusted systems and provenance systems.

References

[1]

BERTHOLD, A., ALAM, M., BREU, R., HAFNER, M., PRETSCHNER, A., SEIFERT, J.-P., AND ZHANG, X. A technical architecture for enforcing usage control requirements in service-oriented architectures. In SWS '07: Proceedings of the 2007 ACM workshop on Secure web services (New York, NY, USA, 2007), ACM, pp. 18-25.

Digital Library

[2]

BOSE, R., AND FREW, J. Lineage retrieval for scientific data processing: a survey. ACM Comput. Surv. 37, 1 (2005), 1-28.

Digital Library

[3]

BRAUN, U., SHINNAR, A., AND SELTZER, M. Securing provenance. In HOTSEC'08: Proceedings of the 3rd conference on Hot topics in security (Berkeley, CA, USA, 2008), USENIX Association, pp. 1-5.

Digital Library

[4]

CHAOWEN, C., RONGYU, H., HUI, X., AND GUOYU, X. A High Efficiency Protocol for Reporting Integrity Measurements. In Intelligent Systems Design and Applications, 2008. ISDA '08. Eighth International Conference on (Nov. 2008), vol. 2, pp. 358- 362.

Digital Library

[5]

CHENEY, J., Ed. First Workshop on the Theory and Practice of Provenance, February 23, 2009, San Francisco, CA, USA, Proceedings (2009), USENIX.

Digital Library

[6]

CHENEY, J., CHITICARIU, L., AND TAN, W.-C. Provenance in Databases: Why, How, and Where. Found. Trends databases 1, 4 (2009), 379-474.

Digital Library

[7]

CLIFFORD, B., FOSTER, I., VOECKLER, J.-S., WILDE, M., AND ZHAO, Y. Tracking provenance in a virtual data grid. Concurrency and Computation: Practice and Experience 20, 5 (2008), 565-575.

Digital Library

[8]

FREW, J., AND SLAUGHTER, P. ES3: A Demonstration of Transparent Provenance for Scientific Computation. In IPAW (2008), J. Freire, D. Koop, and L. Moreau, Eds., vol. 5272 of Lecture Notes in Computer Science, Springer, pp. 200-207.

[9]

GIL, Y., DEELMAN, E., ELLISMAN, M., FAHRINGER, T., FOX, G., GANNON, D., GOBLE, C., LIVNY, M., MOREAU, L., AND MYERS, J. Examining the Challenges of Scientific Workflows. IEEE Computer 40, 12 (Dec. 2007), 26-34.

Digital Library

[10]

GROTH, P., JIANG, S., MILES, S., MUNROE, S., TAN, V., TSASAKOU, S., AND MOREAU, L. An Architecture for Provenance Systems. Tech. Rep. 13216, University of Southampton, November 2006.

[11]

GROTH, P., AND MOREAU, L. Recording Process Documentation for Provenance. Parallel and Distributed Systems, IEEE Transactions on 20, 9 (Sept. 2009), 1246-1259.

Digital Library

[12]

HALDAR, V., CHANDRA, D., AND FRANZ, M. Semantic remote attestation: a virtual machine directed approach to trusted computing. In VM'04: Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium (Berkeley, CA, USA, 2004), USENIX Association, pp. 3-3.

Digital Library

[13]

HASAN, R., SION, R., AND WINSLETT, M. Introducing secure provenance: problems and challenges. In StorageSS '07: Proceedings of the 2007 ACM workshop on Storage security and survivability (New York, NY, USA, 2007), ACM, pp. 13-18.

Digital Library

[14]

HASAN, R., SION, R., AND WINSLETT, M. The case of the fake picasso: preventing history forgery with secure provenance. In FAST '09: Proccedings of the 7th conference on File and storage technologies (Berkeley, CA, USA, 2009), USENIX Association, pp. 1-14.

Digital Library

[15]

HUH, J. H., AND MARTIN, A. Trusted Logging for Grid Computing. In Trusted Infrastructure Technologies Conference, 2008. APTC '08. Third Asia-Pacific (Wuhan, China, Oct. 2008), IEEE, pp. 30-42.

Digital Library

[16]

INTEL. Statistical analysis of floating point flaw: Intel white paper. http://www.intel.com/support/processors/ pentium/fdiv/wp/, November 1994.

[17]

JONKER, W., AND PETKOVIC, M., Eds. Secure Data Management, 6th VLDB Workshop, SDM 2009, Lyon, France, August 28, 2009. Proceedings (2009), vol. 5776 of Lecture Notes in Computer Science, Springer.

Digital Library

[18]

LIPNER, S. The Trustworthy Computing Security Development Lifecycle. In ACSAC '04: Proceedings of the 20th Annual Computer Security Applications Conference (Washington, DC, USA, 2004), IEEE Computer Society, pp. 2-13.

Digital Library

[19]

LÖ HR, H., RAMASAMY, H. G. V., SADEGHI, A.-R., SCHULZ, S., SCHUNTER, M., AND STÜBLE, C. Enhancing Grid Security Using Trusted Virtualization. In Autonomic and Trusted Computing, Lecture Notes In Computer Science. Springer Berlin / Heidelberg, Hong Kong, China, August 2007, pp. 372-384.

[20]

LYLE, J. Trustable Remote Verification of Web Services. In TRUST (Oxford, UK, 2009), L. Chen, C. J. Mitchell, and A. Martin, Eds., vol. 5471 of Lecture Notes in Computer Science, pp. 153-168.

[21]

LYLE, J., AND MARTIN, A. On the Feasibility of Remote Attestation for Web Services. In Computational Science and Engineering, 2009. CSE '09. International Conference on (Aug. 2009), vol. 3, pp. 283-288.

Digital Library

[22]

MARTIN, A. The Ten Page Introduction to Trusted Computing. Tech. Rep. RR-08-11, OUCL, December 2008.

[23]

MILES, S., GROTH, P., MUNROE, S., AND MOREAU, L. PrIMe: A Methodology for Developing Provenance-Aware Applications. ACM Transactions on Software Engineering and Methodology (June 2009).

Digital Library

[24]

MOREAU, L., GROTH, P., MILES, S., VAZQUEZ-SALCEDA, J., IBBOTSON, J., JIANG, S., MUNROE, S., RANA, O., SCHREIBER, A., TAN, V., AND VARGA, L. The provenance of electronic data. Commun. ACM 51, 4 (2008), 52-58.

Digital Library

[25]

MOREAU, L., LUDSCHER, B., ALTINTAS, I., BARGA, R. S., BOWERS, S., CALLAHAN, S., JR., G. C., CLIFFORD, B., COHEN, S., COHEN-BOULAKIA, S., DAVIDSON, S., DEELMAN, E., DIGIAMPIETRI, L., FOSTER, I., FREIRE, J., FREW, J., FUTRELLE, J., GIBSON, T., GIL, Y., GOBLE, C., GOLBECK, J., GROTH, P., HOLLAND, D. A., JIANG, S., KIM, J., KOOP, D., KRENEK, A., MCPHILLIPS, T., MEHTA, G., MILES, S., METZGER, D., MUNROE, S., MYERS, J., PLALE, B., PODHORSZKI, N., RATNAKAR, V., SANTOS, E., SCHEIDEGGER, C., SCHUCHARDT, K., SELTZER, M., SIMMHAN, Y. L., SILVA, C., SLAUGHTER, P., STEPHAN, E., STEVENS, R., TURI, D., VO, H., WILDE, M., ZHAO, J., AND ZHAO, Y. Special Issue: The First Provenance Challenge. Concurrency and Computation: Practice and Experience 20, 5 (2008), 409-418.

Digital Library

[26]

MUNETOH, S., NAKAMURA, M., YOSHIHAMA, S., AND KUDO, M. Integrity Management Infrastructure for Trusted Computing. IEICE Trans Inf Syst E91-D, 5 (2008), 1242-1251.

Digital Library

[27]

MUNISWAMY-REDDY, K.-K., HOLLAND, D. A., BRAUN, U., AND SELTZER, M. Provenance-aware storage systems. In ATEC '06: Proceedings of the annual conference on USENIX '06 Annual Technical Conference (Berkeley, CA, USA, 2006), USENIX Association, pp. 4-4.

Digital Library

[28]

MUNISWAMY-REDDY, K.-K., MACKO, P., AND SELTZER, M. I. Making a Cloud Provenance-Aware. In Cheney {5}.

Digital Library

[29]

NAMILUKO, C. Trusted Infrastructure for the Campus Grid. Master's thesis, University of Oxford, Wolfson College, Oxford, September 2008.

[30]

NAUMAN, M., ALAM, M., ZHANG, X., AND ALI, T. Remote Attestation of Attribute Updates and Information Flows in a UCON System. In TRUST (2009), L. Chen, C. J. Mitchell, and A. Martin, Eds., vol. 5471 of Lecture Notes in Computer Science, Springer, pp. 63-80.

[31]

NI, Q., XU, S., BERTINO, E., SANDHU, R. S., AND HAN, W. An Access Control Language for a General Provenance Model. In Jonker and Petkovic {17}, pp. 68-88.

[32]

NURMI, D., WOLSKI, R., GRZEGORCZYK, C., OBERTELLI, G., SOMAN, S., YOUSEFF, L., AND ZAGORODNOV, D. The Eucalyptus Open-Source Cloud-Computing System. In CCGRID '09: Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (Washington, DC, USA, 2009), IEEE Computer Society, pp. 124-131.

Digital Library

[33]

REILLY, C. F., AND NAUGHTON, J. F. Transparently Gathering Provenance with Provenance Aware Condor. In Cheney {5}.

Digital Library

[34]

SAILER, R., ZHANG, X., JAEGER, T., AND VAN DOORN, L. Design and Implementation of a TCG-based Integrity Measurement Architecture. In USENIX Security Symposium (2004), pp. 223-238.

Digital Library

[35]

SANTOS, N., GUMMADI, K. P., AND RODRIGUES, R. Towards Trusted Cloud Computing. In HotCloud09: Proceedings of the Workshop on Hot Topics In Cloud Computing (2009).

Digital Library

[36]

SAR, C., AND CAO, P. Lineage file system. Online at http: //theory.stanford.edu/~cao/lineage.

[37]

SIMMHAN, Y. L., PLALE, B., AND GANNON, D. A survey of data provenance in e-science. SIGMOD Rec. 34, 3 (2005), 31-36.

Digital Library

[38]

STAINFORTH, D., MARTIN, A., SIMPSON, A., CHRISTENSEN, C., KETTLEBOROUGH, J., AINA, T., AND ALLEN, M. Security principles for public-resource modeling research. In WETICE '04: Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (Washington, DC, USA, 2004), IEEE Computer Society, pp. 319-324.

Digital Library

[39]

TAN, V., GROTH, P. T., MILES, S., JIANG, S., MUNROE, S., TSASAKOU, S., AND MOREAU, L. Security Issues in a SOA-Based Provenance System. In IPAW (2006), L. Moreau and I. T. Foster, Eds., vol. 4145 of Lecture Notes in Computer Science, Springer, pp. 203-211.

[40]

THIBADEAU, R. Trusted Computing for Disk Drives and Other Peripherals. Security & Privacy, IEEE 4, 5 (Sept.-Oct. 2006), 26-33.

Digital Library

[41]

TRUSTED COMPUTING GROUP. TCG Infrastructure Working Group Architecture Part II - Integrity Management. http: //www.trustedcomputinggroup.org/resources/ infrastructure work group architecture_part_ ii_integrity_management_version_10, November 2006.

[42]

TRUSTED COMPUTING GROUP. TCG Schema. http: //www.trustedcomputinggroup.org/resources/ infrastructure_work_group_reference_manifest_ rm_schema_specification_version_10, November 2006.

[43]

TRUSTED COMPUTING GROUP. Summary Of Features Under Consideration For The Next Generation Of TPM. http://www.trustedcomputinggroup. org/resources/summary_of_features_under_ consideration_for_the_next_generation_of_tpm, 2009.

[44]

TRUSTED COMPUTING GROUP. TCG Storage Architecture Core Specification. http://www.trustedcomputinggroup. org/resources/tcg_storage_architecture_core_ specification, April 2009.

[45]

TRUSTED COMPUTING GROUP. Trusted Computing Group Home Page. https://www.trustedcomputinggroup. org/home, 2009.

[46]

VAHDAT, A., AND ANDERSON, T. Transparent result caching. In ATEC '98: Proceedings of the annual conference on USENIX Annual Technical Conference (Berkeley, CA, USA, 1998), USENIX Association, pp. 3-3.

Digital Library

[47]

VÁ ZQUEZ-SALCEDA, J., ALVAREZ, S., KIFOR, T., VARGA, L. Z., MILES, S., MOREAU, L., AND WILLMOTT, S. In R. Annicchiarico, U. Cortés, C. Urdiales (eds.) Agent Technology and E-Health. Whitestein Series in Software Agent Technologies and Autonomic Computing. Birkhäuser Verlag AG, Switzerland, Dec. 2007, ch. EU PROVENANCE Project: An Open Provenance Architecture for Distributed Applications.

[48]

ZHANG, J., CHAPMAN, A., AND LEFEVRE, K. Do you know where your data's been? - tamper-evident database provenance. In Jonker and Petkovic {17}, pp. 17-32.

Cited By

Belhajjame K(2021)On the Anonymization of Workflow Provenance without Compromising the Transparency of LineageJournal of Data and Information Quality10.1145/346020714:1(1-27)Online publication date: 23-Dec-2021
https://dl.acm.org/doi/10.1145/3460207
Thornton LKnowles BBlair G(2021)Fifty Shades of GreyProceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency10.1145/3442188.3445871(64-76)Online publication date: 3-Mar-2021
https://dl.acm.org/doi/10.1145/3442188.3445871
Pasquier THan XMoyer TBates AHermant OEyers DBacon JSeltzer MLie DMannan MBackes MWang X(2018)Runtime Analysis of Whole-System ProvenanceProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243776(1601-1616)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243776
Show More Cited By

Trusted computing and provenance: better together
1. Security and privacy
  1. Systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Trusted Tamper-Evident Data Provenance
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Data provenance, the origin and derivation history of data, is commonly used for security auditing, forensics and data analysis. While provenance loggers provide evidence of data changes, the integrity of the provenance logs is also critical for the ...
Trusted Tamper-Evident Data Provenance
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Data provenance, the origin and derivation history of data, is commonly used for security auditing, forensics and data analysis. While provenance loggers provide evidence of data changes, the integrity of the provenance logs is also critical for the ...
TProv: Towards a Trusted Provenance-Aware Service Based on Trusted Computing
Web Services – ICWS 2018
Abstract
With the rapid development of cloud computing, system and data security become concerns due to user losing control of his machines and internal attacks. Provenance is an essential approach to establish data and system trustworthiness for cloud ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

TAPP'10: Proceedings of the 2nd conference on Theory and practice of provenance

February 2010

11 pages

Sponsors

USENIX Assoc: USENIX Assoc

In-Cooperation

SIGPLAN: ACM Special Interest Group on Programming Languages
SIGOPS: ACM Special Interest Group on Operating Systems
UK e-Science Institute

Publisher

USENIX Association

United States

Publication History

Published: 22 February 2010

Check for updates

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 10 of 17 submissions, 59%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Belhajjame K(2021)On the Anonymization of Workflow Provenance without Compromising the Transparency of LineageJournal of Data and Information Quality10.1145/346020714:1(1-27)Online publication date: 23-Dec-2021
https://dl.acm.org/doi/10.1145/3460207
Thornton LKnowles BBlair G(2021)Fifty Shades of GreyProceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency10.1145/3442188.3445871(64-76)Online publication date: 3-Mar-2021
https://dl.acm.org/doi/10.1145/3442188.3445871
Pasquier THan XMoyer TBates AHermant OEyers DBacon JSeltzer MLie DMannan MBackes MWang X(2018)Runtime Analysis of Whole-System ProvenanceProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243776(1601-1616)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243776
Chia MKeoh STang Z(2017)Secure Data Provenance in Home Energy Monitoring NetworksProceedings of the 3rd Annual Industrial Control System Security Workshop10.1145/3174776.3174778(7-14)Online publication date: 5-Dec-2017
https://dl.acm.org/doi/10.1145/3174776.3174778
Xie YFeng DTan ZZhou J(2016)Unifying intrusion detection and forensic analysis via provenance awarenessFuture Generation Computer Systems10.1016/j.future.2016.02.00561:C(26-36)Online publication date: 1-Aug-2016
https://dl.acm.org/doi/10.1016/j.future.2016.02.005
Lee BAwad AAwad MAnjum APapadopoulos G(2015)Towards secure provenance in the cloudProceedings of the 8th International Conference on Utility and Cloud Computing10.5555/3233397.3233511(577-582)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.5555/3233397.3233511
Bates ATian DButler KMoyer T(2015)Trustworthy whole-system provenance for the Linux kernelProceedings of the 24th USENIX Conference on Security Symposium10.5555/2831143.2831164(319-334)Online publication date: 12-Aug-2015
https://dl.acm.org/doi/10.5555/2831143.2831164
Bates AButler KMoyer TMissier PZhao J(2015)Take only what you needProceedings of the 7th USENIX Conference on Theory and Practice of Provenance10.5555/2814579.2814586(7-7)Online publication date: 8-Jul-2015
https://dl.acm.org/doi/10.5555/2814579.2814586
Cheney JPerera R(2014)An Analytical Survey of Provenance SanitizationRevised Selected Papers of the 5th International Provenance and Annotation Workshop on Provenance and Annotation of Data and Processes - Volume 862810.1007/978-3-319-16462-5_9(113-126)Online publication date: 9-Jun-2014
https://dl.acm.org/doi/10.1007/978-3-319-16462-5_9
Bates AMood BValafar MButler KBertino ESandhu RBauer LPark J(2013)Towards secure provenance-based access control in cloud environmentsProceedings of the third ACM conference on Data and application security and privacy10.1145/2435349.2435389(277-284)Online publication date: 18-Feb-2013
https://dl.acm.org/doi/10.1145/2435349.2435389
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten