Skip to main content
SpringerLink
Log in

A Provenance-Based Compliance Framework

  • Conference paper
Future Internet - FIS 2010 (FIS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 6369))

Included in the following conference series:

Abstract

Given the significant amount of personal information available on the Web, verifying its correct use emerges as an important issue. When personal information is published, it should be later used under a set of usage policies. If these policies are not followed, sensitive data could be exposed and used against its owner. Under these circumstances, processing transparency is desirable since it allows users to decide whether information is used appropriately. It has been argued that data provenance can be used as the mechanism to underpin such a transparency. Thereby, if provenance of data is available, processing becomes transparent since the provenance of data can be analysed against usage policies to decide whether processing was performed in compliance with such policies. The aim of this paper is to present a Provenance-based Compliance Framework that uses provenance to verify the compliance of processing to predefined information usage policies. It consists of a provenance-based view of past processing of information, a representation of processing policies and a comparison stage in which the past processing is analysed against the processing policies. This paper also presents an implementation using a very common on-line activity: on-line shopping.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aldeco-Pérez, R., Moreau, L.: Provenance-based Auditing of Private Data Use. In: International Academic Research Conference, Visions of Computer Science (September 2008)

    Google Scholar 

  2. Aldeco-Pérez, R., Moreau, L.: Securing Provenance-based Audits. In: IPAW 2010, Troy, NY (In Press, 2010)

    Google Scholar 

  3. Awad, A., Weidlich, M., Weske, M.: Specification, Verification and Explanation of Violation for Data Aware Compliance Rules. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 500–515. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  4. Cirillo, A., Jagadeesan, R., Pitcher, C., Riely, J.: TAPIDO: Trust and Authorization via Provenance and Integrity in Distributed Objects (2008)

    Google Scholar 

  5. Gil, Y., Fritz, C.: Reasoning about the Appropriate Use of Private Data through Computational Workflows. In: AAAI Spring Symposium on Privacy Management 2010, pp. 23–25 (2010)

    Google Scholar 

  6. Hanson, C., Berners-Lee, T., Kagal, L., Sussman, G.J., Weitzner, D.: Data-Purpose Algebra: Modeling Data Usage Policies. In: IEEE Policies for Distributed Systems and Networks, Bologna, Italy, pp. 173–177. IEEE, Los Alamitos (May 2007)

    Google Scholar 

  7. Kang, T., Kagal, L.: Enabling Privacy-awareness in Social Networks. In: Intelligent Information Privacy Management Symposium at the AAAI Spring Symposium 2010 (2010)

    Google Scholar 

  8. Lu, W., Miklau, G.: Auditing a Database under Retention Restrictions. In: ICDE, pp. 42–53 (2009)

    Google Scholar 

  9. Ly, L.T., Rinderle-Ma, S., Dadam, P.: Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems. In: 22nd Int’l Conf. on Advanced Information Systems Engineering, CAiSE 2010 (2010)

    Google Scholar 

  10. Miles, S.: Electronically querying for the provenance of entities. In: Moreau, L., Foster, I. (eds.) IPAW 2006. LNCS, vol. 4145, pp. 184–192. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Miles, S., Groth, P., Munroe, S., Jiang, S., Assandri, T., Moreau, L.: Extracting Causal Graphs from an Open Provenance Data Model. Concurrency and Computation: Practice and Experience 20(5), 577–586 (2007)

    Article  Google Scholar 

  12. Moreau, L., Clifford, B., Freire, J., Gil, Y., Futrelle, J., Kwasnikowska, N., Miles, S., Missier, P., Myers, J., Simmhan, Y., Stephan, E., Van Den Bussche, J., Pale, B.: The Open Provenance Model Core Specification (v1.1). Future Generation Computer Systems, pp. 1–30 (2010)

    Google Scholar 

  13. Ringelstein, C., Staab, S.: PAPEL: A Language and Model for Provenance-Aware Policy Definition and Execution. In: 8th International Business Process Management Conference (2010)

    Google Scholar 

  14. Vaughan, J.A., Jia, L., Mazurak, K., Zdancewic, S.: Evidence-based audit. In: 21st IEEE Computer Security Foundations Symposium, pp. 177–191. IEEE Computer Society Press, Los Alamitos (2008)

    Google Scholar 

  15. W3C. Provenance incubator group (October 2009)

    Google Scholar 

  16. Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Communications of the ACM 51(6), 82–87 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electronics and Computer Science, University of Southampton, Southampton, SO17 1BJ, UK

    Rocío Aldeco-Pérez & Luc Moreau

Authors
  1. Rocío Aldeco-Pérez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luc Moreau
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SINTEF Information and Communication Technology, Forskningsveien 1, 0373, Oslo, Norway

    Arne J. Berre

  2. Facultad de Informática, Ontoloy Engineering Group, Universidad Politécnica de Madrid, Campus de Montegancedo, sn, 18660, Boadilla del Monte, Spain

    Asunción Gómez-Pérez

  3. Faculty of Computer Science, institute of distributed and Multimedia Systems, University of Vienna, Universitätsstr. 10/T 11, 1090, Vienna, Austria

    Kurt Tutschku

  4. University of Innsbruck, Technikerstr. 21a, 6020, Innsbruck, Austria

    Dieter Fensel

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aldeco-Pérez, R., Moreau, L. (2010). A Provenance-Based Compliance Framework. In: Berre, A.J., Gómez-Pérez, A., Tutschku, K., Fensel, D. (eds) Future Internet - FIS 2010. FIS 2010. Lecture Notes in Computer Science, vol 6369. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15877-3_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15877-3_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15876-6

  • Online ISBN: 978-3-642-15877-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation