Abstract
Given the significant amount of personal information available on the Web, verifying its correct use emerges as an important issue. When personal information is published, it should be later used under a set of usage policies. If these policies are not followed, sensitive data could be exposed and used against its owner. Under these circumstances, processing transparency is desirable since it allows users to decide whether information is used appropriately. It has been argued that data provenance can be used as the mechanism to underpin such a transparency. Thereby, if provenance of data is available, processing becomes transparent since the provenance of data can be analysed against usage policies to decide whether processing was performed in compliance with such policies. The aim of this paper is to present a Provenance-based Compliance Framework that uses provenance to verify the compliance of processing to predefined information usage policies. It consists of a provenance-based view of past processing of information, a representation of processing policies and a comparison stage in which the past processing is analysed against the processing policies. This paper also presents an implementation using a very common on-line activity: on-line shopping.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aldeco-Pérez, R., Moreau, L.: Provenance-based Auditing of Private Data Use. In: International Academic Research Conference, Visions of Computer Science (September 2008)
Aldeco-Pérez, R., Moreau, L.: Securing Provenance-based Audits. In: IPAW 2010, Troy, NY (In Press, 2010)
Awad, A., Weidlich, M., Weske, M.: Specification, Verification and Explanation of Violation for Data Aware Compliance Rules. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 500–515. Springer, Heidelberg (2009)
Cirillo, A., Jagadeesan, R., Pitcher, C., Riely, J.: TAPIDO: Trust and Authorization via Provenance and Integrity in Distributed Objects (2008)
Gil, Y., Fritz, C.: Reasoning about the Appropriate Use of Private Data through Computational Workflows. In: AAAI Spring Symposium on Privacy Management 2010, pp. 23–25 (2010)
Hanson, C., Berners-Lee, T., Kagal, L., Sussman, G.J., Weitzner, D.: Data-Purpose Algebra: Modeling Data Usage Policies. In: IEEE Policies for Distributed Systems and Networks, Bologna, Italy, pp. 173–177. IEEE, Los Alamitos (May 2007)
Kang, T., Kagal, L.: Enabling Privacy-awareness in Social Networks. In: Intelligent Information Privacy Management Symposium at the AAAI Spring Symposium 2010 (2010)
Lu, W., Miklau, G.: Auditing a Database under Retention Restrictions. In: ICDE, pp. 42–53 (2009)
Ly, L.T., Rinderle-Ma, S., Dadam, P.: Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems. In: 22nd Int’l Conf. on Advanced Information Systems Engineering, CAiSE 2010 (2010)
Miles, S.: Electronically querying for the provenance of entities. In: Moreau, L., Foster, I. (eds.) IPAW 2006. LNCS, vol. 4145, pp. 184–192. Springer, Heidelberg (2006)
Miles, S., Groth, P., Munroe, S., Jiang, S., Assandri, T., Moreau, L.: Extracting Causal Graphs from an Open Provenance Data Model. Concurrency and Computation: Practice and Experience 20(5), 577–586 (2007)
Moreau, L., Clifford, B., Freire, J., Gil, Y., Futrelle, J., Kwasnikowska, N., Miles, S., Missier, P., Myers, J., Simmhan, Y., Stephan, E., Van Den Bussche, J., Pale, B.: The Open Provenance Model Core Specification (v1.1). Future Generation Computer Systems, pp. 1–30 (2010)
Ringelstein, C., Staab, S.: PAPEL: A Language and Model for Provenance-Aware Policy Definition and Execution. In: 8th International Business Process Management Conference (2010)
Vaughan, J.A., Jia, L., Mazurak, K., Zdancewic, S.: Evidence-based audit. In: 21st IEEE Computer Security Foundations Symposium, pp. 177–191. IEEE Computer Society Press, Los Alamitos (2008)
W3C. Provenance incubator group (October 2009)
Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Communications of the ACM 51(6), 82–87 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aldeco-Pérez, R., Moreau, L. (2010). A Provenance-Based Compliance Framework. In: Berre, A.J., Gómez-Pérez, A., Tutschku, K., Fensel, D. (eds) Future Internet - FIS 2010. FIS 2010. Lecture Notes in Computer Science, vol 6369. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15877-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-15877-3_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15876-6
Online ISBN: 978-3-642-15877-3
eBook Packages: Computer ScienceComputer Science (R0)