TC: Large: Collaborative Research: Privacy-Enhanced Secure Data Provenance

TC：大型：协作研究：隐私增强的安全数据来源

• 批准号: 1111925
• 负责人: Ravinderpal Sandhu
• 金额: $ 103.26万
• 依托单位: University of Texas at San Antonio
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-08-01 至 2017-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1111925&HistoricalAwards=false
• 关键词: TC; Large; Collaborative; Research; Privacy

Data provenance refers to the history of the contents of an object and its successive transformations. Knowledge of data provenance is beneficial to many ends, such as enhancing data trustworthiness, facilitating accountability, verifying compliance, aiding forensics, and enabling more effective access and usage controls. Provenance data minimally needs integrity assurance to realize these benefits. Additionally, provenance data may need assurances of confidentiality (e.g., protect the identity of a reviewer in a blinded paper review process from the authors but not from the editor) or of privacy (e.g., do not disclose identity of a source without the source's consent). In the past decade there has been significant progress regarding the structure and representation of provenance data as a directed acyclic graph. However, currently there is no overarching, systematic framework for the security and privacy of provenance data and their tradeoffs with respect to the utility of provenance data. The development of such a framework is recognized as one of a handful of promising thrusts in recent reports on Federal game-changing R&D for cyber security, particularly aligned with the theme of Tailored Trustworthy Spaces.This project is to develop a comprehensive technical and scientific framework to address the security and privacy challenges of provenance data, and the attendant tradeoffs, so that our society can gain maximum benefit from applications of provenance data. Detailed foundational research is to be performed on security enhanced data models, access control and usage models, privacy including annonymization and sanitization, integrity, accountability and risk management techniques for provenance data. This foundational research is complemented by data provenance case studies in scientific and cyber security information sharing, and construction of prototype data provenance systems at the operating systems and data layers. Moreover, reference architectures and definitions of corresponding provenance management services are to be defined, identifying how these services can be effectively deployed in enterprises, and developing a risk-management framework to guide application architects, designers and users to effectively embed data provenance in their specific context. The project results will beneficially impact society at large by increasing trustworthiness of data acquired, transmitted and processed by computer systems. From the educational side, both theory and practice of data provenance are to be integrated in the undergraduate and graduate training of students, including underrepresented minority and female students, in all the collaborative institutions of this project.

数据起源指的是对象的内容及其连续转换的历史。了解数据来源对许多目的都有好处，例如增强数据可信度、促进问责、验证合规性、协助取证以及实现更有效的访问和使用控制。种源数据最低限度需要完整性保证才能实现这些好处。此外，出处数据可能需要保密保证(例如，在盲目的纸质审查过程中保护审查者的身份不受作者的影响，但不受编辑的影响)或隐私保证(例如，未经消息来源同意，不得透露消息来源的身份)。在过去的十年中，在种源数据的结构和表示为有向无环图方面取得了重大进展。然而，目前还没有关于来源数据的安全和隐私及其在来源数据使用方面的权衡的总体、系统的框架。这种框架的开发被认为是最近关于联邦网络安全游戏规则改变研发的少数几个有希望的推动力之一，特别是与定制可信空间的主题相一致。该项目旨在开发一个全面的技术和科学框架，以解决来源数据的安全和隐私挑战，以及随之而来的权衡，以便我们的社会能够从来源数据的应用中获得最大利益。将对安全增强的数据模型、访问控制和使用模型、隐私，包括匿名和消毒、完整性、问责制和来源数据的风险管理技术进行详细的基础性研究。这项基础性研究得到了科学和网络安全信息共享方面的数据来源案例研究的补充，并在操作系统和数据层建立了原型数据来源系统。此外，还将确定相应来源管理服务的参考架构和定义，查明如何在企业中有效地部署这些服务，并开发一个风险管理框架，以指导应用程序架构师、设计者和用户在其特定背景下有效地嵌入数据来源。项目成果将通过提高计算机系统获取、传输和处理的数据的可信度，对整个社会产生有益的影响。在教育方面，数据来源的理论和实践将纳入该项目所有合作机构的本科生和研究生培训，包括代表人数不足的少数族裔学生和女性学生。

项目成果

Authorization Framework for Secure Cloud Assisted Connected Cars and Vehicular Internet of Things

• DOI: 10.1145/3205977.3205994
• 发表时间: 2018-06
• 期刊: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies
• 作者: Maanak Gupta;R. Sandhu

Access Control Model for Virtual Objects (Shadows) Communication for AWS Internet of Things

AWS 物联网虚拟对象（影子）通信的访问控制模型

• DOI: 10.1145/3176258.3176328
• 发表时间: 2018
• 期刊: AZ
• 作者: Alshehri, Asma;Benson, James;Patwa, Farhan;Sandhu, Ravi
• 通讯作者: Sandhu, Ravi