Dependency Path Patterns as the Foundation of Access Control in Provenance-Aware Systems
A unique characteristics of provenance data is that it forms a Directed Acyclic Graph (DAG) in accordance with the underlying causality dependencies between entities (acting users, action processes and data objects) involved in transactions. Data provenance raises at least two distinct security-related issues. One is how to control access to provenance data which the authors call Provenance Access Control (PAC). The other is Provenance-Based Access Control (PBAC) which focuses on how to utilize provenance data to control access to data objects. Both PAC and PBAC are built on a common foundation that requires security architects to define application-specific dependency path patterns of provenance data.