Combining Provenance and Security Policies in a Web-based Document Management System. Brian Corcoran, Nikhil Swamy, and Michael Hicks. In On-line Proceedings of the Workshop on Principles of Provenance (PrOPr), November 2007. http://homepages.inf.ed.ac.uk/jcheney/propr/.

Provenance and security are intimately related. Cheney et al. show that the dependencies underlying provenance information also underly information flow security policies. Provenance information can also play a role in history-based access control policies. Many real applications have the need to combine a variety of security policies with provenance tracking. For instance, an online stock trading website might restrict access to certain premium features it offers using an access control policy, while at the same time using an information flow policy to ensure that a user's sensitive trading information is not leaked to other users. Similarly, the application might need to track the provenance of transaction information to support an annual financial audit while also using provenance to attest to the reliability of stock analyses that it presents to its users.

We have been exploring the interaction between provenance and security policies while developing a document management system we call the Collaborative Planning Application (CPA). The CPA is written in SELinks, our language for supporting user-defined, label-based security policies. SELinks is an extension of the Links web-programming language with means to express label-based security policies. Labels are associated with the data they protect by using dependent types which, along with some syntactic restrictions, suffice to ensure that user-defined policies enjoy complete mediation and cannot be circumvented. Our interest in provenance and security policies is thus part of a broader exploration of how security policies can be encoded, composed, and reasoned about within SELinks. In this paper, we describe the architecture of the CPA and its approach to label-based provenance and security policies and we sketch directions for further exploration on the interaction between the two.

[ .pdf ]

@INPROCEEDINGS{corcoran07provenance,
  AUTHOR = {Brian Corcoran and Nikhil Swamy and Michael Hicks},
  TITLE = {Combining Provenance and Security Policies in a Web-based
    Document Management System},
  BOOKTITLE = {On-line Proceedings of the Workshop on Principles of Provenance (PrOPr)},
  NOTE = {\url{http://homepages.inf.ed.ac.uk/jcheney/propr/}},
  LOCATION = {Edinburgh, Scotland, UK},
  MONTH = NOV,
  YEAR = 2007
}

This file has been generated by bibtex2html 1.69