Research On Provenance Access Control Based On W3C PROV

Provenance data have been widely used in areas such as databases, workflows, and cloud computing. However, there also arise provenance related security threats and trustworthiness issues while data provenance has been made rapid progress in the application. Therefore, security provenance gradually becomes the focus of attention and research. Provenance-based access control is an important aspect of improving system security, but research and application of access control using data provenance have just begun, and has broad prospects for development. From how to utilize the dependency in provenance for access control perspective, a provenance access control model named P-RBAC which mainly combines RBAC and PBAC is proposed. The primary research works of this paper are as follows:1. To better utilize dependency in provenance data to control access to the data, a provenance access control model named P-RBAC which mainly based on W3 C PROV has been proposed. The core ideas of the model are as follows: The model, which is mainly built on PBAC, captures the base provenance data for P-RBAC by using the PROV-DM model. Moreover, in order to establish mapping relationship, this scheme introduces the notion of role as well as permission in Role-based Access Control, and divides the dependency list as a foundation of access control to correspondence with permissions set. Meanwhile, the P-RBAC model not only utilities the base provenance data, but captures context information as part of the decision to offer more fine-grained access control ability for the provenance.2. The architecture and access control policy language of P-RBAC have been defined formally. Also, the appropriate access control algorithm and access control policy have been proposed. Firstly, the paper defines the basic components of P-RBAC and provides the corresponding access control algorithm. In addition, the characteristics of the model compared with the traditional access control mechanism are summarized. Finally, the paper builds the application scenario of electronic medical record management system, specifying how the P-RBAC model describes the provenance data, as well as defines access control policy language.3. The access control application system based on P-RBAC is realized. In order to verify the practicability and feasibility of access control model based on provenance, this paper, given an example of patient’s medical consultation, is built on the.NET development platform to design and implement the main functions of electronic medical record management system, which is based on the P-RBAC. Results show that P-RBAC can not only simplify authorization management and improve system efficiency, but provide a more secure and fine-grained access control policy.