Towards secure provenance-based access control in cloud environments

Adam Bates, Ben Mood, Masoud Valafar, Kevin Butler

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As organizations become increasingly reliant on cloud computing for servicing their data storage requirements, the need to govern access control at finer granularities becomes particularly important. This challenge is increased by the lack of policy supporting data migration across geographic boundaries and through organizations with divergent regulatory policies. In this paper, we present an architecture for secure and distributed management of provenance, enabling its use in security-critical applications. Provenance, a metadata history detailing the derivation of an object, contains information that allows for expressive, policy-independent access control decisions. We consider how to manage and validate the metadata of a provenance-aware cloud system, and introduce protocols that allow for secure transfer of provenance metadata between end hosts and cloud authorities. Using these protocols, we develop a provenance-based access control mechanism for Cumulus cloud storage, capable of processing thousands of operations per second on a single deployment. Through the introduction of replicated components, we achieve overhead costs of just 14%, demonstrating that provenance-based access control is a practical and scalable solution for the cloud.

Original languageEnglish (US)
Title of host publicationCODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy
Pages277-284
Number of pages8
DOIs
StatePublished - 2013
Externally publishedYes
Event3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013 - San Antonio, TX, United States
Duration: Feb 18 2013Feb 20 2013

Publication series

NameCODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy

Other

Other3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013
Country/TerritoryUnited States
CitySan Antonio, TX
Period2/18/132/20/13

Keywords

  • Access control
  • Provenance
  • Secure storage

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'Towards secure provenance-based access control in cloud environments'. Together they form a unique fingerprint.

Cite this