Quick links: [Publications] [Talks] [People]
Provenance is the documented history of an object, in other words, how the object was created, modified, propagated, and disseminated to its current location/status. By looking into the provenance of an object, we can infer the trustworthiness of the object.
As increasing amounts of valuable information are produced and
persist digitally, the ability to determine the origin of data
becomes important. In science, medicine, commerce, and government,
data provenance tracking is essential for rights protection,
regulatory compliance, management of intelligence and medical data, and
authentication of information as it flows through workplace tasks.
While significant research has been conducted in this area, the
associated security and privacy issues have not been explored, leaving
provenance information
vulnerable to illicit alteration as it
passes through untrusted environments.
In this project, we show how to provide strong integrity and
confidentiality assurances for data provenance information at the
kernel, file system, or application layer. We have created a provenance-aware system prototype that implements provenance tracking
of data writes at the application layer, which makes it extremely
easy to deploy. Experimental results that show that, for real-life workloads, the
runtime overhead of our approach to recording provenance with
confidentiality and integrity guarantees are low, often
less than 1%- 12% depending on optimizations.
People
- Ragib Hasan, UIUC
- Radu Sion, Stony Brook
- Marianne Winslett, UIUC
Software
-
Sprov - an application layer library for secure provenance : Version 0.3 to be by the middle of March 2009.
Experimental evaluation
 |
Postmark, 20,000 small files of sizes 8KB-64KB, subjected to a workload of 100% to 0% write transaction. (i.e. read-bias 10 to 0). Overhead1 refers to the Config-Disk mode, where the provenance chains were stored in the disk. Overhead2 refers to the Config-RD mode, where the provenance chains were buffered on a RAM Disk, and periodically flushed to disk. |
Publications
- Ragib Hasan, Radu Sion, and Marianne Winslett,
"Preventing History Forgery with Secure Provenance", ACM Transactions on Storage, December 2009.
- Ragib Hasan,
"Protecting the Past and Present of Data, with Applications in Secure Provenance and Regulatory Compliant Databases",
Proceedings of the 3rd SIGMOD PhD Workshop on Innovative Database Research, 2009.
- Ragib Hasan, Radu Sion, and Marianne Winslett,
"Secure Provenance: Protecting the Genealogy of Bits", USENIX ;login: magazine, June 2009..
- Ragib Hasan, Radu Sion, and Marianne Winslett,
"The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance",
USENIX Conference on File and Storage Technologies (FAST), February 24-27, 2009, (acceptance 23/102=22.5%)
- Ragib Hasan, Radu Sion, and Marianne Winslett,
“Remembrance: The Unbearable Sentience of Being Digital",
4th Biennial Conference on Innovative Data Systems Research CIDR, January 4-7, 2009 (Perspectives Track).
- Ragib Hasan, Radu Sion, and Marianne Winslett,
Introducing Secure Provenance : Problems and Challenges,
ACM StorageSS 2007, part of ACM CCS, Alexandria, VA, October 2007.
Posters
- Ragib Hasan, Radu Sion, and Marianne Winslett,
SPROV 2.0: A Highly-Confgurable Platform-Independent Library
for Secure Provenance,
ACM Conference on Computer and Communication Security (CCS), November, 2009.
- Ragib Hasan, Radu Sion, and Marianne Winslett, SPROV: A Library for Secure Provenance
USENIX Annual Technical Conference, June 2009.
Talks
- Systems Seminar, University of Wisconsin-Madison, November 09, 2009.
- UIUC/Stony Brook CS 591/SB 690 guest lecture, October 28, 2009.
- CERIAS Security Seminar, Purdue University, September 2, 2009 [Video]
- Yahoo! / DAIS Seminar, May 5, 2009 [Slides]
- USENIX FAST 2009, February 25, 2009 [Slides]
- UIUC ITI/TSS Seminar, February 11, 2009. [Slides] [Video]
- CIDR, January 3, 2009. [Slides]
- UIUC/Stony Brook CS 591/SB 690 guest lecture, February 12, 2008.
- ACM StorageSS 2007 [Slides]
Provenance related bibliography
- Some related papers
- Assorted bibtex for provenance