PACLP: a fine-grained partition-based access control policy language for provenance
This work addresses access control for provenance data in systems requiring fine-grained security, though it appears incremental as it builds on prior partitioning ideas.
The authors tackled the problem of fine-grained access control for provenance data by developing a partition-based policy language that uses segments of provenance graphs with extended OPM and regular expressions, enabling both partial graph returns and targeted data screening.
Even though the idea of partitioning provenance graphs for access control was previously proposed, employing segments of the provenance DAG for fine-grained access control to provenance data has not been thoroughly explored. Hence, we take segments of a provenance graph, based on the extended OPM, and defined use a variant of regular expressions, and utilize them in our fine-grained access control language. It can not only return partial graphs to answer access requests but also introduce segments as restrictions in order to screen targeted data.