Abstract:

Provenance is the historical metadata of data objects. It has recently been used to enable provenancebased access control (PBAC), which grants or denies an access request according to the provenance of either the subjects or the objects. However, provenance can only be collected at runtime via complex directed acyclic graphs, so it is very difficult for security architects to efficiently specify PBAC policies due to the complexity of provenance graphs and its unavailability at design time. We explore a UML modelbased approach to analyze PBAC policies. Specifically, we first introduce a conceptual provenance model to shield the complexity of the provenance graphs and to enable policy analysis at the design time. We then introduce a UML modelbased process to guide the analysis of the conceptual provenance model and the PBAC policies along with the objectoriented development. We validate the proposed approach within an enterprise online training system.

Key words: provenance;provenance model;access control;UML;security engineering