記錄 23 之 6058
Record:   Prev Next
作者 Chang, Seunghan
書名 Access control models for XML data and provenance metadata in scientific workflows
國際標準書號 9780549499473
book jacket
說明 106 p
附註 Source: Dissertation Abstracts International, Volume: 69-03, Section: B, page: 1727
Advisers: Farshad Fotouhi; Shiyong Lu
Thesis (Ph.D.)--Wayne State University, 2008
Today, more and more scientists use scientific workflows to integrate and structure various local and remote heterogeneous data and service resources to perform in silico experiments to produce significant scientific discoveries. As a result, scientific workflows have become the de facto cyberinfrastructure upperware for e-Science. While XML has become the most popular data model for scientific data management and data integration, provenance metadata is essential for the support of scientific discovery reproducibility, result interpretation, and problem diagnosis in scientific workflows. To support collaborative scientific research, it is critical that both XML data and provenance metadata are accessible by only authorized parties in scientific workflow environments. However, current scientific workflow infrastructure provides little support to access control for the secure access of XML data and provenance metadata. The lack of such security mechanisms seriously discourages scientists confidence in data confidentiality and thus their willingness to share data and metadata in scientific workflows. This slows down the whole scientific discovery process. Therefore, efficient and effective access control for XML data and provenance metadata are of paramount importance, but is very challenging due to the hierarchical and semi-structured characteristics of XML data, and the multi-level and graph-structured characteristics of provenance metadata
In this dissertation, we firstly propose a graph matching based access control model for the secure querying of XML data. In particular, we propose (i) the first DTD-based access control model lint employs graph matching to analyze if an input query is fully acceptable, fully rejectable, or partially acceptable, curd to rewrite for partially acceptable queries only if necessary, (ii) an authorization model that optimizes the rewriting procedure in the sense that a recursive query will be rewritten into an equivalent recursive one if possible and into a non-recursive one only if necessary, resulting queries that can fully take advantage of structural join based query optimization techniques, and (iii) an index structure for XML element types to speed up the query rewriting procedure, a facility that is potentially useful for applications with large DTDs. Our experimental results show that our algorithms are promising
We then propose an access control model for provenance metadata based on two innovative notions: security views and secure abstraction views. In particular, we propose (i) a formalization of scientific workflow provenance as the basis for querying and access control, (ii) a security specification mechanism for provenance at various granularity levels and the derivation of a full security specification based on inheritance, overriding, and conflict resolution rules, (iii) a formalization of security views that are derived from a scientific workflow run provenance for different roles of users, and (iv) a framework that integrates abstraction views and security views such that users can examine provenance information at different abstraction levels while respecting the security policy prescribed for them. We have developed the SECPROV prototype to validate the effectiveness of our approach
School code: 0254
DDC
Host Item Dissertation Abstracts International 69-03B
主題 Computer Science
0984
Alt Author Wayne State University. Computer Science
記錄 23 之 6058
Record:   Prev Next