Today, more and more scientists use scientific workflows to integrate and structure various local and remote heterogeneous data and service resources to perform in silico experiments to produce significant scientific discoveries. As a result, scientific workflows have become the de facto cyberinfrastructure upperware for e-Science. While XML has become the most popular data model for scientific data management and data integration, provenance metadata is essential for the support of scientific discovery reproducibility, result interpretation, and problem diagnosis in scientific workflows. To support collaborative scientific research, it is critical that both XML data and provenance metadata are accessible by only authorized parties in scientific workflow environments. However, current scientific workflow infrastructure provides little support to access control for the secure access of XML data and provenance metadata. The lack of such security mechanisms seriously discourages scientists confidence in data confidentiality and thus their willingness to share data and metadata in scientific workflows. This slows down the whole scientific discovery process. Therefore, efficient and effective access control for XML data and provenance metadata are of paramount importance, but is very challenging due to the hierarchical and semi-structured characteristics of XML data, and the multi-level and graph-structured characteristics of provenance metadata
In this dissertation, we firstly propose a graph matching based access control model for the secure querying of XML data. In particular, we propose (i) the first DTD-based access control model lint employs graph matching to analyze if an input query is fully acceptable, fully rejectable, or partially acceptable, curd to rewrite for partially acceptable queries only if necessary, (ii) an authorization model that optimizes the rewriting procedure in the sense that a recursive query will be rewritten into an equivalent recursive one if possible and into a non-recursive one only if necessary, resulting queries that can fully take advantage of structural join based query optimization techniques, and (iii) an index structure for XML element types to speed up the query rewriting procedure, a facility that is potentially useful for applications with large DTDs. Our experimental results show that our algorithms are promising
We then propose an access control model for provenance metadata based on two innovative notions: security views and secure abstraction views. In particular, we propose (i) a formalization of scientific workflow provenance as the basis for querying and access control, (ii) a security specification mechanism for provenance at various granularity levels and the derivation of a full security specification based on inheritance, overriding, and conflict resolution rules, (iii) a formalization of security views that are derived from a scientific workflow run provenance for different roles of users, and (iv) a framework that integrates abstraction views and security views such that users can examine provenance information at different abstraction levels while respecting the security policy prescribed for them. We have developed the SECPROV prototype to validate the effectiveness of our approach
Rate It