Abstract
Data provenance analysis has been used as an assistive measure for ensuring system integrity. However, such techniques are typically reactive approaches to identify the root cause of an attack in its aftermath. This is in part due to the fact that the collection of provenance metadata often results in a deluge of information that cannot easily be queried and analyzed in real time. This paper presents an approach for proactively reasoning about provenance metadata within the Automatic Cryptographic Data Centric (ACDC) security architecture, a new security infrastructure in which all data interactions are considered at a coarse granularity, similar to the Function as a Service model. At this scale, we have found that data interactions are manageable for the proactive specification and evaluation of provenance policies—constraints placed on provenance metadata to prevent the consumption of untrusted data. This paper provides a model for proactively evaluating provenance metadata in the ACDC paradigm as well as a case study of an electronic voting scheme to demonstrate the applicability of ACDC and the provenance policies needed to ensure data integrity.
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
This material is based upon work supported by the Under Secretary of Defense for Research and Engineering under Air Force Contract No. FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Under Secretary of Defense for Research and Engineering.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
A sampling of election fraud cases from across the country. https://www.heritage.org/sites/default/files/voterfraud_download/VoterFraudCases_5.pdf. Accessed 10 Jan 2020
Double voting (2018). https://www.ncsl.org/research/elections-and-campaigns/double-voting.aspx. Accessed 10 Jan 2020
Appel, A.W., et al.: The New Jersey voting-machine lawsuit and the AVC advantage DRE voting machine. In: Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (2009)
Bannet, J., Price, D.W., Rudys, A., Singer, J., Wallach, D.S.: Hack-a-vote: security issues with electronic voting systems. IEEE Secur. Privacy 2(1), 32–37 (2004)
Bates, A., Mood, B., Valafar, M., Butler, K.: Towards secure provenance-based access control in cloud environments. In: Proceedings of the third ACM Conference on Data and Application Security and Privacy, pp. 277–284. ACM (2013)
Belhajjame, K., et al.: PROV-DM: the PROV data model. Technical report (2012). http://www.w3.org/TR/prov-dm/
Bernhard, M., et al.: Public evidence from secret ballots. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 84–109. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68687-5_6
Braun, U.J., Shinnar, A., Seltzer, M.I.: Securing provenance. In: Proceedings of the 3rd USENIX Workshop on Hot Topics in Security (2008)
Cassidy, C.A., Long, C.: Voting officials under scrutiny amid heavy election turnout (2018). https://apnews.com/8af093ef14954d3293fae718c37f3eb3. Accessed 10 Jan 2020
Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_28
Engram, S., Kaczmarek, T., Lee, A., Bigelow, D.: Proactive provenance policies for automatic cryptographic data centric security. arXiv preprint arXiv:submit/3769967 (2021)
Friedersdorf, C.: An embarrassment of glitches: a wealthy country should be able to conduct a national election with fewer problems than the united states experiences in the 2018 midterms (2018). https://www.theatlantic.com/ideas/archive/2018/11/voting-machines/575044/. Accessed 10 Jan 2020
Gonzalez, J.E., Xin, R.S., Dave, A., Crankshaw, D., Franklin, M.J., Stoica, I.: Graphx: graph processing in a distributed dataflow framework. In: 11th USENIX Symposium on Operating Systems Design and Implementation, pp. 599–613 (2014)
Han, X., Pasquier, T., Ranjan, T., Goldstein, M., Seltzer, M.: Frappuccino: fault-detection through runtime analysis of provenance. In: Workshop on Hot Topics in Cloud Computing (2017)
Hassan, W.U., Aguse, L., Aguse, N., Bates, A., Moyer, T.: Towards scalable cluster auditing through grammatical inference over provenance graphs. In: Network and Distributed Systems Security Symposium (2018)
Huynh, T.D., Ebden, M., Fischer, J., Roberts, S., Moreau, L.: Provenance network analytics. Data Mining Knowl. Discov. 32(3), 708–735 (2018)
Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M.F., Briggs, N.H., Braynard, R.L.: Networking named content. In: Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, pp. 1–12 (2009)
Kyrola, A., Blelloch, G., Guestrin, C.: GraphChi: large-scale graph computation on just a PC. In: 10th USENIX Symposium on Operating Systems Design and Implementation, pp. 31–46 (2012)
Lee, K.H., Zhang, X., Xu, D.: High accuracy attack provenance via binary-based execution partition. In: Network and Distributed System Security Symposium (2013)
Lemay, M., Hassan, W.U., Moyer, T., Schear, N., Smith, W.: Automated provenance analytics: a regular grammar based approach with applications in security. In: 9th USENIX Workshop on the Theory and Practice of Provenance (2017)
Liang, X., Shetty, S., Tosh, D., Kamhoua, C., Kwiat, K., Njilla, L.: Provchain: a blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. In: Proceedings of the International Symposium on Cluster, Cloud and Grid Computing, pp. 468–477. IEEE Press (2017)
Liang, X., Zhao, J., Shetty, S., Li, D.: Towards data assurance and resilience in IoT using blockchain. In: IEEE Military Communications Conference, pp. 261–266. IEEE (2017)
Park, J., Nguyen, D., Sandhu, R.: A provenance-based access control model. In: International Conference on Privacy, Security and Trust, pp. 137–144. IEEE (2012)
Pasquier, T., et al.: Runtime analysis of whole-system provenance. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1601–1616. ACM (2018)
Pasquier, T., Singh, J., Powles, J., Eyers, D., Seltzer, M., Bacon, J.: Data provenance to audit compliance with privacy policy in the internet of things. Pers. Ubiquit. Comput. 22(2), 333–344 (2018)
Trischitta, L.: ‘I voted early’ sticker leads to arrest, fraud charges (2013). https://www.sun-sentinel.com/news/fl-xpm-2013-02-22-fl-felon-voter-fraud-pompano-20130222-story.html. Accessed 10 Jan 2020
Vielmetti, B.: Shorewood man sentenced to jail for multiple votes in several elections. https://archive.jsonline.com/news/crime/shorewood-man-sentenced-to-jail-for-multiple-votes-in-several-elections-b99677321z1-370317801.html. Accessed 10 Jan 2020
Wack, J.P.: Draft Standard for Voter Verified Paper Audit Trails in DRE Voting Systems (DRE-VVPAT): Supplement to the 2002 Voting Systems Standard (2005). https://www.nist.gov/system/files/documents/itl/vote/VVPAT-Addendum-jpw-3-2-051.pdf. Accessed 10 Jan 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Engram, S., Kaczmarek, T., Lee, A., Bigelow, D. (2021). Proactive Provenance Policies for Automatic Cryptographic Data Centric Security. In: Glavic, B., Braganholo, V., Koop, D. (eds) Provenance and Annotation of Data and Processes. IPAW IPAW 2020 2021. Lecture Notes in Computer Science(), vol 12839. Springer, Cham. https://doi.org/10.1007/978-3-030-80960-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-80960-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-80959-1
Online ISBN: 978-3-030-80960-7
eBook Packages: Computer ScienceComputer Science (R0)