A Provenance-Policy Based Access Control Model For Data Usage Validation In Cloud

TL;DR

This paper introduces a provenance-policy based access control model for cloud data that enhances security by tracking data origin and usage, enabling real-time auditing and accountability for data alterations.

Contribution

It proposes a novel access control framework integrating provenance information to improve data security and accountability in cloud environments.

Findings

Enhanced data security through provenance tracking

Real-time auditing of data access and modifications

Improved accountability for data alterations

Abstract

In an organization specifically as virtual as cloud there is need for access control systems to constrain users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access to confidential data the third party auditing and accounting is done which could stir up further data leaks. To control such data leaks and integrity, in past several security policies based on role, identity and user attributes were proposed and found ineffective since they depend on static policies which do not monitor data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to store metadata on the subject of data alteration which is universally called as the Provenance Information. This paper presents a provenance-policy based access control model which is designed and integrated with the system that not only makes data auditable but also incorporates accountability for data alteration events.