Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security

IWSEC 2007: Advances in Information and Computer Security pp 336–351Cite as

Fine-Grained Sticky Provenance Architecture for Office Documents

  • Conference paper

  • 650 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4752))

Abstract

Current business situations require improved confidentiality and integrity for office documents. However, existing content management systems for office documents lack required security properties such as the *-property, or have problems such as label creep. In this paper we propose a meta-data format called sticky provenance and a fine-grained information flow control architecture using the sticky provenance. The sticky provenance contains the change history and the labels of an office document in a secure form, and it ensures the verifiability of the change history of the documents in distributed environments. The Provenance Manager, which is a key module of the architecture, reduces the label creep problem of the information flow control models with the sticky provenance. In other words, the sticky provenance and the Provenance Manager can introduce a practical fine-grained information flow control capability to office applications so that we can ensure both the confidentiality and the verifiability of office documents.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bell, D.E., LaPadula, L.J.: Secure computer system: Unified exposition and multics interpretation. Technical Report MTR-2997 Rev. 1, MITRE Corporation, (March 1976)

    Google Scholar 

  2. Mishina, T., Watanabe, Y., Katsuno, Y., Yoshihama, S.: Semantic fine-grained data provenance tracking (works in progress). In: Proc. of 22nd Annual Computer Security Applications Conference (2006)

    Google Scholar 

  3. Openoffice.org, http://www.openoffice.org/

  4. OASIS open document format for office applications (OpenDocument) TC, http://www.oasis-open.org/committees/office/

  5. Open document format for office applications (OpenDocument) v1.0, 2006.ISO/IEC 26300 (2006)

    Google Scholar 

  6. Ferrari, E., Samarati, P., Bertino, E., Jajodia, S.: Providing flexibility in information flow control for object oriented systems. In: Proc. of the 1997 IEEE Symposium on Security and Privacy, pp. 130–140 (1997)

    Google Scholar 

  7. Chong, S., Myers, A.C.: Security policies for downgrading. In: Proc. of the 11th ACM conference on Computer and communications security, pp. 198–209 (2004)

    Google Scholar 

  8. Buneman, P., Khanna, S., Tan, W.C.: Data provenance: Some basic issues. In: Kapoor, S., Prasad, S. (eds.) FST TCS 2000. LNCS, vol. 1974, pp. 87–93. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  9. Simmhan, Y.L., Plale, B., Gannon, D.: A survey of data provenance in e-science. SIGMOD Record 34, 31–36 (2005)

    Article  Google Scholar 

  10. Karjoth, G., Schunter, M., Waidner, M.: The platform for enterprise privacy practices—privacy enabled management of customer data. In: The 2nd Workshop on Privacy Enhancing Technologies (2002)

    Google Scholar 

  11. Mont, M., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: Proc. of the 14th International Workshop on Database and Expert Systems Applications (2003)

    Google Scholar 

  12. Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  13. Tolone, W., Ahn, G.J., Pai, T., Hong, S.P.: Access control in collaborative systems. ACM Computing Surveys 37(1), 29–41 (2005)

    Article  Google Scholar 

  14. Bertino, E., Mella, G., Correndo, G., Ferrari, E.: An infrastructure for managing secure update operations on XML data. In: Proc. of the eighth ACM symposium on Access control models and technologies, pp. 110–122 (2003)

    Google Scholar 

  15. XML path language (xpath) version 1.0, W3C recommendation 16 november (1999), http://www.w3.org/TR/xpath

  16. Pan, C.C., Mitra, P., Liu, P.: Semantic access control for information interoperation. In: Proc. of the eleventh ACM symposium on Access control models and technologies, pp. 237–246 (2006)

    Google Scholar 

  17. Jin, J., Ahn, G.J.: Role-based access management for ad-hoc collaborative sharing. In: Proc. of the eleventh ACM symposium on Access control models and technologies, pp. 200–209 (2006)

    Google Scholar 

  18. Tan, W.C.: Research problems in data provenance. IEEE Data Engineering Bulletin 27(4), 45–52 (2004)

    Google Scholar 

  19. Buneman, P., Khanna, S., Tan, W.C.: Why and where: A characterization of data provenance. In: Van den Bussche, J., Vianu, V. (eds.) ICDT 2001. LNCS, vol. 1973, Springer, Heidelberg (2000)

    Google Scholar 

  20. The EU provenance project, http://twiki.gridprovenance.org/bin/view/Provenance/

  21. Buneman, P., Chapman, A., Cheney, J.: Provenance management in curated databases. In: Proc. of the 2006 ACM SIGMOD international conference on Management of data, pp. 539–550 (2006)

    Google Scholar 

  22. Buneman, P., Chapman, A., Cheney, J., Vansummerenn, S.: A provenance model for manually curated data. In: Proc. of the International Provenance and Annotation Workshop (2006)

    Google Scholar 

  23. Tan, V., Groth, P., Miles, S., Jiang, S., Munroe, S., Tsasakou, S., Moreau, L.: Security issues in a SOA-based provenance system. In: Proc. of the International Provenance and Annotation Workshop (2006)

    Google Scholar 

  24. Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. In: Proc. of the FREENIX Track: 2001 USENIX Annual Technical Conference (2001)

    Google Scholar 

  25. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Symposium on Principles of Programming Languages, pp. 228–241 (1999)

    Google Scholar 

  26. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  27. Yoshihama, S., Kudoh, M., Oyanagi, K.: Language-based information flow control in dynamic approach. IBM Research Report TR0694, IBM Research (2006)

    Google Scholar 

  28. Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Controlled access and dissemination of XML documents. In: Proc. of the 2nd international workshop on Web information and data management, pp. 22–27 (1999)

    Google Scholar 

  29. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Securing XML documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  30. OASIS eXtensible Access Control Markup Language (XACML) TC, http://www.oasis-open.org/committees/xacml/

  31. Mazzoleni, P., Bertino, E., Crispo, B., Sivasubramanian, S.: XACML policy integration algorithms. In: Proc. of the eleventh ACM symposium on Access control models and technologies, pp. 219–227 (2006)

    Google Scholar 

  32. Chatvichienchai, S., Anutariya, C., Iwaihara, M., Wuwongse, V., Kambayashi, Y.: Towards integration of XML document access and version control. In: Galindo, F., Takizawa, M., Traunmüller, R. (eds.) DEXA 2004. LNCS, vol. 3180, Springer, Heidelberg (2004)

    Google Scholar 

  33. Chatvichienchai, S., Iwaihara, M.: Detecting information leakage in updating XML documents of fine-grained access control. In: Proc. of Database and Expert Systems Applications, pp. 286–296 (2006)

    Google Scholar 

  34. Iwaihara, M., Chatvichienchai, S., Anutariya, C., Wuwongse, V.: Relevancy based access control of versioned XML documents. In: Proc. of the tenth ACM symposium on Access control models and technologies, pp. 85–94 (2005)

    Google Scholar 

  35. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. Transactions on Information and System Security 5(2), 169–202 (2002)

    Article  Google Scholar 

  36. Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable signature. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, Springer, Heidelberg (2005)

    Google Scholar 

  37. Miyazaki, K., Iwamura, M., Matsumoto, T., Sasaki, R., Yoshiura, H., Tezuka, S., Imai, H.: Digitally signed document sanitizing scheme with disclosure condition control. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences E88-A(1), 239–246 (2005)

    Article  Google Scholar 

  38. Miyazaki, K., Hanaoka, G., Imai, H.: Digitally signed document sanitizing scheme based on bilinear maps. In: Proc. of the 2006 ACM Symposium on Information, computer and communications security, pp. 343–354 (2006)

    Google Scholar 

  39. Rönnau, S., Scheffczyk, J., Borghoff, U.M.: Towards XML version control of office documents. In: Proc. of the 2005 ACM symposium on Document engineering, pp. 10–19 (2005)

    Google Scholar 

  40. Carminati, B., Ferrari, E.: AC-XML documents: improving the performance of a web access control module. In: Proc. of the tenth ACM symposium on Access control models and technologies, pp. 67–76 (2005)

    Google Scholar 

  41. Wang, Y., DeWitt, D.J., Ca, J.Y.: X-Diff: An effective change detection algorithm for XML documents. In: Proc. of the 19th International Conference on Data Engineering, pp. 519–530 (2003)

    Google Scholar 

  42. Katsuno, Y., Kudo, M., Watanabe, Y., Yoshihama, S., Perez, R., Sailer, R., van Doorn, L.: Towards multi layer trusted virtual domains. In: Proc. of The Second Workshop on Advances in Trusted Computing (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM Research, Tokyo Research Laboratory, 1623-14 Shimo-tsuruma, Yamato, Kanagawa, 242-8502, Japan

    Takuya Mishina, Sachiko Yoshihama & Michiharu Kudo

Authors
  1. Takuya Mishina
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sachiko Yoshihama
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michiharu Kudo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Atsuko Miyaji Hiroaki Kikuchi Kai Rannenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mishina, T., Yoshihama, S., Kudo, M. (2007). Fine-Grained Sticky Provenance Architecture for Office Documents. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds) Advances in Information and Computer Security. IWSEC 2007. Lecture Notes in Computer Science, vol 4752. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75651-4_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75651-4_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75650-7

  • Online ISBN: 978-3-540-75651-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation