A Provenance-Based Compliance Framework
Given the significant amount of personal information available on the Web, verifying its correct use emerges as an important issue. When personal information is published, it should be later used under a set of usage policies. If these policies are not followed, sensitive data could be exposed and used against its owner. Under these circumstances, processing transparency is desirable since it allows users to decide whether information is used appropriately. It has been argued that data provenance can be used as the mechanism to underpin such a transparency. Thereby, if provenance of data is available, processing becomes transparent since the provenance of data can be analysed against usage policies to decide whether processing was performed in compliance with such policies. The aim of this paper is to present a Provenance-based Compliance Framework that uses provenance to verify the compliance of processing to predefined information usage policies. It consists of a provenance-based view of past processing of information, a representation of processing policies and a comparison stage in which the past processing is analysed against the processing policies. This paper also presents an implementation using a very common on-line activity: on-line shopping.
KeywordsProcessing Policy Processing View Data Compliance Provenance Information Usage Policy
Unable to display preview. Download preview PDF.
- 1.Aldeco-Pérez, R., Moreau, L.: Provenance-based Auditing of Private Data Use. In: International Academic Research Conference, Visions of Computer Science (September 2008)Google Scholar
- 2.Aldeco-Pérez, R., Moreau, L.: Securing Provenance-based Audits. In: IPAW 2010, Troy, NY (In Press, 2010)Google Scholar
- 4.Cirillo, A., Jagadeesan, R., Pitcher, C., Riely, J.: TAPIDO: Trust and Authorization via Provenance and Integrity in Distributed Objects (2008)Google Scholar
- 5.Gil, Y., Fritz, C.: Reasoning about the Appropriate Use of Private Data through Computational Workflows. In: AAAI Spring Symposium on Privacy Management 2010, pp. 23–25 (2010)Google Scholar
- 6.Hanson, C., Berners-Lee, T., Kagal, L., Sussman, G.J., Weitzner, D.: Data-Purpose Algebra: Modeling Data Usage Policies. In: IEEE Policies for Distributed Systems and Networks, Bologna, Italy, pp. 173–177. IEEE, Los Alamitos (May 2007)Google Scholar
- 7.Kang, T., Kagal, L.: Enabling Privacy-awareness in Social Networks. In: Intelligent Information Privacy Management Symposium at the AAAI Spring Symposium 2010 (2010)Google Scholar
- 8.Lu, W., Miklau, G.: Auditing a Database under Retention Restrictions. In: ICDE, pp. 42–53 (2009)Google Scholar
- 9.Ly, L.T., Rinderle-Ma, S., Dadam, P.: Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems. In: 22nd Int’l Conf. on Advanced Information Systems Engineering, CAiSE 2010 (2010)Google Scholar
- 12.Moreau, L., Clifford, B., Freire, J., Gil, Y., Futrelle, J., Kwasnikowska, N., Miles, S., Missier, P., Myers, J., Simmhan, Y., Stephan, E., Van Den Bussche, J., Pale, B.: The Open Provenance Model Core Specification (v1.1). Future Generation Computer Systems, pp. 1–30 (2010)Google Scholar
- 13.Ringelstein, C., Staab, S.: PAPEL: A Language and Model for Provenance-Aware Policy Definition and Execution. In: 8th International Business Process Management Conference (2010)Google Scholar
- 14.Vaughan, J.A., Jia, L., Mazurak, K., Zdancewic, S.: Evidence-based audit. In: 21st IEEE Computer Security Foundations Symposium, pp. 177–191. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
- 15.W3C. Provenance incubator group (October 2009)Google Scholar