Article

Towards a secure and efficient system for end-to-end provenance

Authors:

Patrick McDaniel,

Steve McLaughlin,

Marianne WinslettAuthors Info & Claims

TAPP'10: Proceedings of the 2nd conference on Theory and practice of provenance

Page 2

Published: 22 February 2010 Publication History

Abstract

Work on the End-to-End Provenance System (EEPS) began in the late summer of 2009. The EEPS effort seeks to explore the three central questions in provenance systems: (1) "Where and how do I design secure host-level provenance collecting instruments (called provenance monitors)?"; (2) "How do I extend completeness and accuracy guarantees to distributed systems and computations?"; and (3) "What are the costs associated with provenance collection?" This position paper discusses our initial exploration into these issues and posits several challenges to the realization of the EEPS vision.

References

[1]

P. Agrawal, O. Benjelloun, A. D. Sarma, C. Hayworth, S. Nabar, T. Sugihara, and J. Widom. Trio: a system for data, uncertainty, and lineage. In Proc. VLDB, 2006.

Digital Library

[2]

R. Aldeco-Perez and L. Moreau. Provenance-based Auditing of Private Data Use. In BCS International Academic Research Conference, Visions of Computer Science (In Press), Sept. 2008.

Digital Library

[3]

J. P. Anderson. Computer security technology planning study, volume II. Technical Report ESD-TR-73-51, Deputy for Command and Management Systems, HQ Electronics Systems Division (AFSC), L. G. Hanscom Field, Bedford, MA, October 1972.

[4]

A. Aranya, C. P. Wright, and E. Zadok. Tracefs: A file system to trace them all. In FAST, 2004.

Digital Library

[5]

R. S. Barga and L. A. Digiampietri. Automatic capture and efficient storage of e-Science experiment provenance. Concurrency and Computation: Practice and Experience, 20(5):419-429, Apr. 2008.

Digital Library

[6]

K. Birman. The process group approach to reliable distributed computing. Comm. ACM (CACM), 16(12), Dec. 1993.

Digital Library

[7]

R. Bose and J. Frew. Lineage retrieval for scientific data processing: a survey. ACM Comput. Surv., 37(1):1-28, 2005.

Digital Library

[8]

U. Braun, S. L. Garfinkel, D. A. Holland, K.-K. Muniswamy-Reddy, and M. I. Seltzer. Issues in automatic provenance collection. In Moreau and Foster {22}, pages 171-183.

[9]

P. Buneman, A. Chapman, and J. Cheney. Provenance management in curated databases. In SIGMOD '06: Proc. 2006 ACM SIGMOD international conference on Management of data, pages 539-550, New York, NY, USA, 2006. ACM.

Digital Library

[10]

P. Buneman, A. Chapman, J. Cheney, and S. Vansummeren. A provenance model for manually curated data. In Moreau and Foster {22}, pages 162-170.

[11]

P. Buneman, S. Khanna, and C. Tan, Wang. Why and where: A characterization of data provenance. In ICDT '01: Proc. 8th International Conference on Database Theory, pages 316-330, London, UK, 2001. Springer-Verlag.

Digital Library

[12]

P. Buneman, S. Khanna, and W. C. Tan. Data provenance: Some basic issues. In Proc. 20th Conference on Foundations of Software Technology and Theoretical Computer Science (FST TCS), pages 87-93, London, UK, 2000. Springer-Verlag.

Digital Library

[13]

R. Cavanaugh, G. Graham, and M. Wilde. Satisifying the Tax Collector: Using Data Provenance as a way to audit data analyses in High Energy Physics. In Workshop on Data Derivation and Provenance, Oct. 2002.

[14]

A. P. Chapman, H. V. Jagadish, and P. Ramanan. Efficient provenance storage. In Proc. ACM SIGMOD, 2008.

Digital Library

[15]

Y. Cui and J. Widom. Lineage tracing for general data warehouse transformations. The VLDB Journal, 12(1):41-58, 2003.

Digital Library

[16]

F. Curbera, Y. Doganata, A. Martens, N. K. Mukhi, and A. Slominski. Business Provenance - A Technology to Increase Traceability of End-to-End Operations. In On the Move to Meaningful Internet Systems: OTM 2008, Monterrey, Mexico, Nov. 2008.

Digital Library

[17]

R. Hasan, R. Sion, and M. Winslett. Introducing Secure Provenance: Problems and Challenges. In Workshop on Storage Security and Survivability (StorageSS 2007), Alexandria, VA, USA, Oct. 2007.

Digital Library

[18]

R. Hasan, R. Sion, and M. Winslett. The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance. In FAST, San Francisco, CA, USA, Feb. 2009.

Digital Library

[19]

T. Heinis and G. Alonso. Efficient lineage tracking for scientific workflows. In ACM SIGMOD, New York, NY, USA, 2008. ACM.

Digital Library

[20]

N. Joukov, A. Traeger, R. Iyer, C. P. Wright, and E. Zadok. Operating system profiling via latency analysis. In OSDI, Nov. 2006.

Digital Library

[21]

N. Joukov, T. Wong, and E. Zadok. Accurate and efficient replaying of file system traces. In FAST, Dec. 2005.

Digital Library

[22]

L. Moreau and I. T. Foster, editors. Provenance and Annotation of Data, Intl. Provenance and Annotation Workshop (IPAW), 2006.

Digital Library

[23]

L. Moreau, P. Groth, S. Miles, J. Vazquez-Salceda, J. Ibbotson, S. Jiang, S. Munroe, O. Rana, A. Schreiber, V. Tan, and L. Varga. The provenance of electronic data. Commun. ACM, 51(4):52-58, 2008.

Digital Library

[24]

K.-K. Muniswamy-Reddy, D. A. Holland, U. Braun, and M. Seltzer. Provenance-Aware Storage Systems. In Proc. 2006 USENIX Technical Conf., Jun. 2006.

Digital Library

[25]

P. Sehgal, V. Tarasov, and E. Zadok. Evaluating Performance and Energy in File System Server Workloads extensions. In FAST, Feb. 2010.

Digital Library

[26]

Y. L. Simmhan, B. Plale, and D. Gannon. A survey of data provenance in e-science. SIGMOD Rec., 34(3):31-36, 2005.

Digital Library

[27]

D. Simpson. Corral your storage management costs. Datamation, 43(4):88-98, 1997.

[28]

M. Szomszor and L. Moreau. Recording and reasoning over data provenance in web and grid services. In International Conference on Ontologies, Databases and Applications of SEmantics (ODBASE'03), Catania, Sicily, Italy, Nov. 2003.

[29]

V. Tan, P. Groth, S. Miles, S. Jiang, S. Munroe, S. Tsasakou, and L. Moreau. Security issues in a SOA-based provenance system. In Moreau and Foster {22}, pages 203-211.

[30]

A. Traeger, I. Deras, and E. Zadok. DARC: Dynamic analysis of root causes of latency distributions. In Proc. ACM SIGMETRICS, Jun. 2008.

Digital Library

[31]

A. Traeger, N. Joukov, C. P. Wright, and E. Zadok. A nine year study of file system and storage benchmarking. ACM Transactions on Storage (TOS), 4(2):25-80, May 2008.

Digital Library

[32]

N. N. Vijayakumar and B. Plale. Towards low overhead provenance tracking in near real-time stream filtering. In Moreau and Foster {22}, pages 46-54.

[33]

J. Widom. Trio: A system for integrated management of data, accuracy, and lineage. In Proc. Second Biennial Conference on Innovative Data Systems Research (CIDR '05), January 2005.

[34]

A. Woodruff and M. Stonebraker. Supporting fine-grained data lineage in a database visualization environment. In Proc. IEEE Intl. Conf. on Data Engineering (ICDE), 1997.

Digital Library

[35]

C. P. Wright, J. Dave, and E. Zadok. Cryptographic File Systems Performance: What You Don't Know Can Hurt You. In Proc. Second IEEE International Security In Storage Workshop (SISW 2003), pages 47-61,Washington, DC, October 2003. IEEE Computer Society.

Digital Library

[36]

M. N. Wybourne, M. F. Austin, and C. C. Palmer. National cyber security research and development challenges. Institute for Information Infrastructure Protection, 2009.

[37]

W. Zhu, E. Cronin, and B. Thau Loo. Provenance-aware Secure Networks. In Proc. 24th IEEE International Conference on Data Engineering (ICDE 2008), Cancun, Mexico, Apr. 2008.

Cited By

Cao ZKuenning GMueller KTyagi AZadok EYadgar GNoh S(2019)Graphs are not enoughProceedings of the 11th USENIX Conference on Hot Topics in Storage and File Systems10.5555/3357062.3357069(5-5)Online publication date: 8-Jul-2019
https://dl.acm.org/doi/10.5555/3357062.3357069
Pérez BRubio JSáenz-Adán C(2018)A systematic review of provenance systemsKnowledge and Information Systems10.1007/s10115-018-1164-357:3(495-543)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.1007/s10115-018-1164-3
Zhang YO'Neill ASherr MZhou W(2017)Privacy-preserving network provenanceProceedings of the VLDB Endowment10.14778/3137628.313766110:11(1550-1561)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.14778/3137628.3137661
Show More Cited By

Towards a secure and efficient system for end-to-end provenance
1. Social and professional topics
  1. Computing / technology policy
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures

Recommendations

The perm provenance management system in action
SIGMOD '09: Proceedings of the 2009 ACM SIGMOD International Conference on Management of data

In this demonstration we present the Perm provenance management system (PMS). Perm is capable of computing, storing and querying provenance information for the relational data model. Provenance is computed by using query rewriting techniques to annotate ...
Supporting secure provenance update by keeping "provenance" of the provenance
ICT-EurAsia'13: Proceedings of the 2013 international conference on Information and Communication Technology

Provenance of data is a documentation of the origin and processes that produce the data. Many researchers argue that the provenance should be immutable: once a provenance is submitted, it should not be changed or updated. A main reason is that the ...
A file provenance system
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

A file provenance system supports the automatic collection and management of provenance i.e. the complete processing history of a data object. File system level provenance provides functionality unavailable in the existing provenance systems. In this ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

TAPP'10: Proceedings of the 2nd conference on Theory and practice of provenance

February 2010

11 pages

Sponsors

USENIX Assoc: USENIX Assoc

In-Cooperation

SIGPLAN: ACM Special Interest Group on Programming Languages
SIGOPS: ACM Special Interest Group on Operating Systems
UK e-Science Institute

Publisher

USENIX Association

United States

Publication History

Published: 22 February 2010

Check for updates

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 10 of 17 submissions, 59%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cao ZKuenning GMueller KTyagi AZadok EYadgar GNoh S(2019)Graphs are not enoughProceedings of the 11th USENIX Conference on Hot Topics in Storage and File Systems10.5555/3357062.3357069(5-5)Online publication date: 8-Jul-2019
https://dl.acm.org/doi/10.5555/3357062.3357069
Pérez BRubio JSáenz-Adán C(2018)A systematic review of provenance systemsKnowledge and Information Systems10.1007/s10115-018-1164-357:3(495-543)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.1007/s10115-018-1164-3
Zhang YO'Neill ASherr MZhou W(2017)Privacy-preserving network provenanceProceedings of the VLDB Endowment10.14778/3137628.313766110:11(1550-1561)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.14778/3137628.3137661
Bates ATian DHernandez GMoyer TButler KJaeger T(2017)Taming the Costs of Trustworthy Provenance through Policy ReductionACM Transactions on Internet Technology10.1145/306218017:4(1-21)Online publication date: 9-Sep-2017
https://dl.acm.org/doi/10.1145/3062180
Xie YFeng DTan ZZhou J(2016)Unifying intrusion detection and forensic analysis via provenance awarenessFuture Generation Computer Systems10.1016/j.future.2016.02.00561:C(26-36)Online publication date: 1-Aug-2016
https://dl.acm.org/doi/10.1016/j.future.2016.02.005
Lee BAwad AAwad MAnjum APapadopoulos G(2015)Towards secure provenance in the cloudProceedings of the 8th International Conference on Utility and Cloud Computing10.5555/3233397.3233511(577-582)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.5555/3233397.3233511
Bates ATian DButler KMoyer T(2015)Trustworthy whole-system provenance for the Linux kernelProceedings of the 24th USENIX Conference on Security Symposium10.5555/2831143.2831164(319-334)Online publication date: 12-Aug-2015
https://dl.acm.org/doi/10.5555/2831143.2831164
Bates AButler KMoyer TMissier PZhao J(2015)Take only what you needProceedings of the 7th USENIX Conference on Theory and Practice of Provenance10.5555/2814579.2814586(7-7)Online publication date: 8-Jul-2015
https://dl.acm.org/doi/10.5555/2814579.2814586
Liao CSquicciarini ABalaji PXu C(2015)Towards provenance-based anomaly detection in MapReduceProceedings of the 15th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing10.1109/CCGrid.2015.16(647-656)Online publication date: 4-May-2015
https://dl.acm.org/doi/10.1109/CCGrid.2015.16
Backes MBugiel SGerling SPayne CHahn AButler KSherr M(2014)ScippaProceedings of the 30th Annual Computer Security Applications Conference10.1145/2664243.2664264(36-45)Online publication date: 8-Dec-2014
https://dl.acm.org/doi/10.1145/2664243.2664264
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents