Proactive Provenance Policies for Automatic Cryptographic Data Centric Security
This work addresses the challenge of real-time data security for systems using coarse-grained data interactions, though it appears incremental as it builds on existing provenance and security models.
The paper tackles the problem of reactive data provenance analysis by proposing a proactive approach for evaluating provenance metadata within the Automatic Cryptographic Data Centric (ACDC) security architecture, demonstrating its applicability through a case study on an electronic voting scheme to ensure data integrity.
Data provenance analysis has been used as an assistive measure for ensuring system integrity. However, such techniques are typically reactive approaches to identify the root cause of an attack in its aftermath. This is in part due to fact that the collection of provenance metadata often results in a deluge of information that cannot easily be queried and analyzed in real time. This paper presents an approach for proactively reasoning about provenance metadata within the Automatic Cryptographic Data Centric (ACDC) security architecture, a new security infrastructure in which all data interactions are considered at a coarse granularity, similar to the Function as a Service model. At this scale, we have found that data interactions are manageable for the proactive specification and evaluation of provenance policies -- constraints placed on provenance metadata to prevent the consumption of untrusted data. This paper provides a model for proactively evaluating provenance metadata in the ACDC paradigm as well as a case study of an electronic voting scheme to demonstrate the applicability of ACDC and the provenance policies needed to ensure data integrity.