security issues in a soa- based provenance system victor tan, paul groth, simon miles, sheng jiang,...
TRANSCRIPT
![Page 1: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/1.jpg)
Security Issues in a SOA-based Provenance System
Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau
PASOA/EU ProvenanceUniversity of Southampton
www.pasoa.org
www.gridprovenance.org
IPAW May 2006, Chicago
![Page 2: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/2.jpg)
Provenance in a SOA context
Interactions through message exchange between services (actors)
Execution of a workflow: process Provenance of a piece of data is the
process that led to that piece of data. P-assertion: specific piece of information
documenting some step of a process p-assertions are stored in a provenance
store, to be queried by actors in the system
![Page 3: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/3.jpg)
Access control on process documentation
Useful provenance information obtained from aggregation of p-assertions
Granularity of access control: on groups of p-assertions
Problem: combination of certain p-assertions may provide unintentional access to provenance information
![Page 4: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/4.jpg)
Access control on process documentation
PA2PA1 PA3 PA4 PA5 PA6
To answer provenance query X To answer
provenance query YTo answer provenance query Z
User A has access to answer provenance query X
User A is given access to answer provenance query Y
Unintentionally, User A is given access to answer provenance query Z
![Page 5: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/5.jpg)
Access control on process documentation
Expose access only at level of provenance queries Tools/services aggregate p-assertions and
process them Potential provenance queriers only access
tools/services Use cryptographic protocols
Use appropriate algorithms to encrypt p-assertions
Assign keys corresponding to different groups Information obtainable only if user has access
to p-assertions as well as keys to decrypt groups of p-assertions.
![Page 6: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/6.jpg)
![Page 7: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/7.jpg)
Accountability for p-assertions
P-assertion is a subjective view of actor Need to establish accountability for the
creation of an assertion (non-repudiation)
Ensure that p-assertions are not altered after being created (integrity)
Directly implemented by signing p-assertions
![Page 8: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/8.jpg)
Trust framework for actors and provenance stores
Distributed systems: cannot ensure that all possible actors creating p-assertions are doing so correctly
Establish trust model to reflect relationships: between actors creating p-assertions
and actors using them between actors and provenance stores e.g. ratings system, e-Bay, mySpace
![Page 9: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/9.jpg)
Information sensitivity in p-assertions
Relevant with regards to legal requirements, e.g. patient records
Information recorded in p-assertions may be obscured: One way anonymization Encryption with a shared key
![Page 10: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/10.jpg)
Long term storage
P-assertions may be archived If signed and/or encrypted,
appropriate certificate/key archival facilities is also required
May need to ensure algorithms remain updated
![Page 11: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/11.jpg)
Relating access control for data and p-assertions
P-assertions may describe or relate to data with existing access control restrictions (authorizations)
How do we relate authorizations for data and p-assertions that is derived from that data ? No relation Allow actor creating p-assertion to specify its
authorization Allow automated generation of authorizations
from existing authorizations
![Page 12: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/12.jpg)
Distributed provenance stores
PSPS
PS
- Bandwidth- Access Control- Storage
![Page 13: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/13.jpg)
Federated identity – approach 1
Actor
Security token service Provenance store –
Security domain 1
Provenance store – Security domain 2
Security token
Security token
![Page 14: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/14.jpg)
Federated identity – approach 2
Actor
Security token service
Provenance store – Security domain 1
Provenance store – Security domain 2
Security token
Security token
Security token
![Page 15: Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU](https://reader036.vdocuments.us/reader036/viewer/2022072017/56649f065503460f94c1b970/html5/thumbnails/15.jpg)
Conclusion
Many security issues: most analogous to standard access control issues, some possibly new
Important to consider if provenance systems are to become industrial strength
EU Provenance project – security features in GT4, WS-Security for authentication, proxy certificates for delegating access control, CAS for role-based authorization and federated identity