trademark
2c2kIhh
2c2kIhh
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
10.0 Data Provenance (cont.)<br />
hashed component and will not impact other components in the hash chain. That is to<br />
say, different parts of provenance records can achieve independent persistence.<br />
10.8 Utilize dynamic fine-grained access control<br />
10.8.1 Why?<br />
To allow only authorized users to obtain certain data. Fine-grained data access control<br />
provides users (data consumers) with access privileges that are determined by attributes.<br />
In most real-world cases, user-assigned privileges and/or attributes vary with time and<br />
location, which may need to be incorporated in access control decision.<br />
10.8.2 How?<br />
Using attribute-based encryption, fine-grained access control can be applied to<br />
encrypted provenance data. In order to reach the dynamic property, users can<br />
introduce the dynamic attribute and weighted attribute into the attribute-based<br />
encryption. The dynamic attribute can be described as a frequently changing attribute,<br />
such as a location coordinate, while other attributes are considered weighted attributes.<br />
These attributes have different weights according to their importance, which are defined<br />
in the access control system. Every user in the system possesses a set of weighted<br />
attributes, and the data owner encrypts information for all users who have a certain<br />
set of attributes. However, a user’s private key has a specific kind of weighted access<br />
structure. In order to decrypt a message, a ciphertext with a set of weighted attributes<br />
must satisfy the weighted access structure. The weight of the attribute can be increased<br />
or decreased to reflect the dynamic property.<br />
10.9 Implement scalable fine-grained access control<br />
10.9.1 Why?<br />
To protect large-scale provenance data. A considerable amount of provenance data is<br />
stored and exchanged in databases. Database systems allow data consumers access to<br />
various types of provenance data in accordance to access policies designed by the data<br />
owner. However, an access policy should be scalable in order to meet the ever-growing<br />
volume of provenance data and user activity within a group. If the access policy is not<br />
scalable, any future policy modifications that may be necessary will be difficult to implement.<br />
CLOUD SECURITY ALLIANCE Big Data Working Group Guidance<br />
© Copyright 2016, Cloud Security Alliance. All rights reserved.<br />
58