Presentation is loading. Please wait.

Presentation is loading. Please wait.

Provenance. Provenance – From Dictionary the place of origin or earliest known history of something. the beginning of something's existence; something's.

Published byDortha Annis Bell Modified over 9 years ago

Similar presentations

Presentation on theme: "Provenance. Provenance – From Dictionary the place of origin or earliest known history of something. the beginning of something's existence; something's."— Presentation transcript:

1 Provenance

2 Provenance – From Dictionary the place of origin or earliest known history of something. the beginning of something's existence; something's origin. a record of ownership of a work of art or an antique, used as a guide to authenticity or quality.

3 Provenance Provenance, from the French provenir, "to come from", refers to the chronology of the ownership or location of a historical object Who, what, when, where, confidence and original source, security labels Weapons of Mass Destruction... not being in Iraq.

4 What Would Provenance Look Like Make an Assertion.... Barack Obama is the 44th President of the United States.... Confidence = 100% When – September 12, 2012 Security Label = Unclassified Source = http://www.whitehouse.gov

5 Another Example Assertion – Mitt Romney will be the 45th President of the United States on November 6, 2012 Confidence:.47 When: September 12, 2012 Security Label: Unclassfied Source: rasmussenreports.com

6 We Wish to be Provene All data must be stored with Provenance Who What When Original Source Security Labels Probability

7 Triples Because the Semantic Web represents everything as triples (Statements) if we have provenance with every statement then: All of our data is provene We have all of our data labelled. We can do MAC adjudication.

8 Reification for Provenance We take every statement and add attributes. All statements shall have these attributes. We can now adjudicate using Provenance. We can get to our original source using Provenance. It is easy to prove the systems has labeling and continuous protection.

9 Take The Following Problem We have data. The data has labels. The users have roles. Users may belong to many Groups and a Group may have many Users. We have Roles and a User many have many Roles and a Role may related to many Users. We can assign Roles to Groups as a way of getting the Roles to the Users.

10 What Does This Look Like?. UserRole Group

11 What Does This Mean We do Roles at the User level. So we ask, is the User in a particular Role. What becomes interesting is...... how did the User get the Role. The answer is either directly as in a User has the Role Administrator, or indirectly as in the User is part of the Group DBAs and DBA's have the Role Database_Owner, so now all Users that are part of the Group DBAs have the role Database_Owner.

12 Users and Their Roles So we say, that a User has Roles, either directly or through what we might call a Transitive Property of Group. Meaning the we take a User, look up its Groups and add in the Union of all the Roles for the Groups that the User has membership. So the bottom line is Users have Roles.

13 Users Having Roles So a given User having a finite set of Roles is just half the problem. But, let's talk about that half. It firmly dictates our rules for reading. That means if the Users Roles are a Superset of the Data Labels, the User may read the Data. This is from the Bell-Lapadula Model we covered in Lecture 3.

14 Let's Move Outside of Reading So when we move outside of Reading, we have other operations. The operation can be writing (Bell Lapadula), or executing, or anything a set of requirements will tell us to do. So how do we do this.

15 The Case of Writing We know that if the User is working at a level say Administrator, then they can only write data out as Administrator and could not write out as say a Guest. This prohibits writing down. So that is easy. But what if the User says you can write if you are an Administrator but you can Execute if you are a Guest. What do we have here?

16 Beyond Writing and Bell Lapadula Bell Lapadula considers reading and writing. But what if we had something like a emailing list that a Group could not write, but could execute emails. How would we do this?

17 More Provenance to the Rescue We need to take our labeling and do something like..... Group: Email-List-1 Group Guest Both groups contain: Users: User1, User2, User3, And now the group Email-List-1 has a label of Role Guest:Execute. So now with our Transitive property we get that User1, User2, User3 can execute if the have the Guest Role.

18 What Does this Look Like User1, Guest, Email List 1 User2, Guest, Email List 1 User3, Guest, Email List 1 List Label Email List 1 Guest:Execute Contains User1, User2, User3

19 So Relationally What Happens Table Provenance

20 So Relationally User: scott@scottstreit.comscott@scottstreit.com Scott Streit, Woodbine, MD, 11/15/1962 555-XX-XXXX Provenance scott@scottstreit.comscott@scottstreit.com source drivers License. Img of my drivers License. Label: User.

21 What Is Wrong With Relationally My SS-No requires a higher level of Role, but if we put the higher level with the Provenance, we have over classified by Name and the other attributes. We live with this. Or we do the following:

22 One Remedy User_A scott@scottstreit.comscott@scottstreit.com Scott Streit, Woodbine, MD, 11/15/1962 User_B scott@scottstreit.comscott@scottstreit.com 555-XX-XXXX Provenance User_B=Ascott@scottstreit.com source drivers License. Img of my drivers License. Label: User.scott@scottstreit.com User_B= Source SS-Card, Label:Administrator

23 What Happens Semantically? Subject Predicate Object scott@scottstreit.comscott@scottstreit.com Lives_In Woodbine scott@scottstreit.comscott@scottstreit.com has_DOB 11/15/62 scott@scottstreit.comscott@scottstreit.com has_SSNO 555-XX....

24 Semantically With Provenance Subject Predicate Object Label scott@scottstreit.comscott@scottstreit.com Lives_In Woodbine User scott@scottstreit.comscott@scottstreit.com has_DOB 11/15/62 User scott@scottstreit.comscott@scottstreit.com has_SSNO 555-X Admin

25 Provenance - Detailed Subject Predicate Object R1 is StatementSubject scott@... R1 is Statement Pred Lives In R1 is Statement Object Woodbine R1Source Dl

26 Summary Some things do not fit neatly into Bell Lapadula because it is a simple model. Simple is good, but we need more. We extend the model through Provenance. We always match Roles against Labels. We may have more complex Roles, more Complex Labels, but Adjudication is still Roles vs. Labels.

27 What is the Tradeoff? Semantically we have full provenance guaranteed. Every piece of data has it's own provenance. But, we require more storage. Do we care?

28 Do We Care? Most things we do today, if not all, rely on Disk storage as being so cheap that it is almost infinite. We see this in search where we index everything. If Disk is expensive, our whole world falls apart, so therefore, we assume disk is cheap. We actually, and intellectually consider disk to be free.

29 Summary Provenance is a key component of Computer Security. All data must have Provenance and then all data has: 1) Original Source. 2) Probability. 3) When. 4) Security Labels. 5) Owner 6) etc.

Download ppt "Provenance. Provenance – From Dictionary the place of origin or earliest known history of something. the beginning of something's existence; something's."

Similar presentations

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
CVs & Telephone Skills Top Tips to remember …

CVs & Telephone Skills Top Tips to remember …
MEMORY MANAGEMENT Y. Colette Lemard. MEMORY MANAGEMENT The management of memory is one of the functions of the Operating System MEMORY = MAIN MEMORY =

MEMORY MANAGEMENT Y. Colette Lemard. MEMORY MANAGEMENT The management of memory is one of the functions of the Operating System MEMORY = MAIN MEMORY =
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
IT253: Computer Organization Lecture 6: Assembly Language and MIPS: Programming Tonga Institute of Higher Education.

IT253: Computer Organization Lecture 6: Assembly Language and MIPS: Programming Tonga Institute of Higher Education.
Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Functions CSLU 1100.003 Fall 2007 Cameron McInally Fordham University.

Functions CSLU Fall 2007 Cameron McInally Fordham University.
Theoretical Probability Distributions We have talked about the idea of frequency distributions as a way to see what is happening with our data. We have.

Theoretical Probability Distributions We have talked about the idea of frequency distributions as a way to see what is happening with our data. We have.
15 Steps to Building a Winning CV Liam Horan & Elizabeth Hutcheson, Sli Nua Careers.

15 Steps to Building a Winning CV Liam Horan & Elizabeth Hutcheson, Sli Nua Careers.
Assignment I, part 1. Groups of three students. Specify one as group leader. Email group names to TA and me. Create an object-oriented conceptualization.

Assignment I, part 1. Groups of three students. Specify one as group leader. group names to TA and me. Create an object-oriented conceptualization.
July 23rd, 2009 Daily Goal: IWBAT identify a higher level question. Homework: Costa’s Level Review. Dispatch (copy and answer): Which of the questions.

July 23rd, 2009 Daily Goal: IWBAT identify a higher level question. Homework: Costa’s Level Review. Dispatch (copy and answer): Which of the questions.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Design Principles: Faithfulness

Design Principles: Faithfulness
1 Creating and Tweaking Data HRP223 – 2010 October 24, 2011 Copyright © 1999-2011 Leland Stanford Junior University. All rights reserved. Warning: This.

1 Creating and Tweaking Data HRP223 – 2010 October 24, 2011 Copyright © Leland Stanford Junior University. All rights reserved. Warning: This.
CS 5150 1 CS 5150: Software Engineering Lecture 5 Legal Aspects of Software Engineering 1.

CS CS 5150: Software Engineering Lecture 5 Legal Aspects of Software Engineering 1.
Wrapup Amol Deshpande CMSC424. “Inventing the Future” Wednesday at 3:30pm 1115 CSIC Exam.

Wrapup Amol Deshpande CMSC424. “Inventing the Future” Wednesday at 3:30pm 1115 CSIC Exam.
Other time considerations Source: Simon Garrett Modifications by Evan Korth.

Other time considerations Source: Simon Garrett Modifications by Evan Korth.
Essentials of interaction diagrams Lecture 23. 2 Outline Collaborations Interaction on collaboration diagrams Sequence diagrams Messages from an object.

Essentials of interaction diagrams Lecture Outline Collaborations Interaction on collaboration diagrams Sequence diagrams Messages from an object.

Similar presentations

Ads by Google