A Provenance-Based Compliance Framework

  • Rocío Aldeco-Pérez
  • Luc Moreau
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6369)


Given the significant amount of personal information available on the Web, verifying its correct use emerges as an important issue. When personal information is published, it should be later used under a set of usage policies. If these policies are not followed, sensitive data could be exposed and used against its owner. Under these circumstances, processing transparency is desirable since it allows users to decide whether information is used appropriately. It has been argued that data provenance can be used as the mechanism to underpin such a transparency. Thereby, if provenance of data is available, processing becomes transparent since the provenance of data can be analysed against usage policies to decide whether processing was performed in compliance with such policies. The aim of this paper is to present a Provenance-based Compliance Framework that uses provenance to verify the compliance of processing to predefined information usage policies. It consists of a provenance-based view of past processing of information, a representation of processing policies and a comparison stage in which the past processing is analysed against the processing policies. This paper also presents an implementation using a very common on-line activity: on-line shopping.


Processing Policy Processing View Data Compliance Provenance Information Usage Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aldeco-Pérez, R., Moreau, L.: Provenance-based Auditing of Private Data Use. In: International Academic Research Conference, Visions of Computer Science (September 2008)Google Scholar
  2. 2.
    Aldeco-Pérez, R., Moreau, L.: Securing Provenance-based Audits. In: IPAW 2010, Troy, NY (In Press, 2010)Google Scholar
  3. 3.
    Awad, A., Weidlich, M., Weske, M.: Specification, Verification and Explanation of Violation for Data Aware Compliance Rules. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 500–515. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Cirillo, A., Jagadeesan, R., Pitcher, C., Riely, J.: TAPIDO: Trust and Authorization via Provenance and Integrity in Distributed Objects (2008)Google Scholar
  5. 5.
    Gil, Y., Fritz, C.: Reasoning about the Appropriate Use of Private Data through Computational Workflows. In: AAAI Spring Symposium on Privacy Management 2010, pp. 23–25 (2010)Google Scholar
  6. 6.
    Hanson, C., Berners-Lee, T., Kagal, L., Sussman, G.J., Weitzner, D.: Data-Purpose Algebra: Modeling Data Usage Policies. In: IEEE Policies for Distributed Systems and Networks, Bologna, Italy, pp. 173–177. IEEE, Los Alamitos (May 2007)Google Scholar
  7. 7.
    Kang, T., Kagal, L.: Enabling Privacy-awareness in Social Networks. In: Intelligent Information Privacy Management Symposium at the AAAI Spring Symposium 2010 (2010)Google Scholar
  8. 8.
    Lu, W., Miklau, G.: Auditing a Database under Retention Restrictions. In: ICDE, pp. 42–53 (2009)Google Scholar
  9. 9.
    Ly, L.T., Rinderle-Ma, S., Dadam, P.: Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems. In: 22nd Int’l Conf. on Advanced Information Systems Engineering, CAiSE 2010 (2010)Google Scholar
  10. 10.
    Miles, S.: Electronically querying for the provenance of entities. In: Moreau, L., Foster, I. (eds.) IPAW 2006. LNCS, vol. 4145, pp. 184–192. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Miles, S., Groth, P., Munroe, S., Jiang, S., Assandri, T., Moreau, L.: Extracting Causal Graphs from an Open Provenance Data Model. Concurrency and Computation: Practice and Experience 20(5), 577–586 (2007)CrossRefGoogle Scholar
  12. 12.
    Moreau, L., Clifford, B., Freire, J., Gil, Y., Futrelle, J., Kwasnikowska, N., Miles, S., Missier, P., Myers, J., Simmhan, Y., Stephan, E., Van Den Bussche, J., Pale, B.: The Open Provenance Model Core Specification (v1.1). Future Generation Computer Systems, pp. 1–30 (2010)Google Scholar
  13. 13.
    Ringelstein, C., Staab, S.: PAPEL: A Language and Model for Provenance-Aware Policy Definition and Execution. In: 8th International Business Process Management Conference (2010)Google Scholar
  14. 14.
    Vaughan, J.A., Jia, L., Mazurak, K., Zdancewic, S.: Evidence-based audit. In: 21st IEEE Computer Security Foundations Symposium, pp. 177–191. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
  15. 15.
    W3C. Provenance incubator group (October 2009)Google Scholar
  16. 16.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Communications of the ACM 51(6), 82–87 (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Rocío Aldeco-Pérez
    • 1
  • Luc Moreau
    • 1
  1. 1.School of Electronics and Computer ScienceUniversity of SouthamptonSouthamptonUK

Personalised recommendations