Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs
نویسندگان
چکیده
When performing automatic provenance collection within the operating system, inevitable storage overheads are made worse by the fact that much of the generated lineage is uninteresting, describing noise and background activities that lie outside the scope the system’s intended use. In this work, we propose a novel approach to policy-based provenance pruning – leverage the confinement properties provided by Mandatory Access Control (MAC) systems in order to identify subdomains of system activity for which to collect provenance. We consider the assurances of completeness that such a system could provide by sketching algorithms that reconcile provenance graphs with the information flows permitted by the MAC policy. We go on to identify the design challenges in implementing such a mechanism. In a simplified experiment, we demonstrate that adding a policy component to the Hi-Fi provenance monitor could reduce storage overhead by as much as 82%. To our knowledge, this is the first practical policy-based provenance monitor to be proposed in the literature.
منابع مشابه
Data Breaches and Identity Theft: When is Mandatory Disclosure Optimal?
In order to reduce identity theft and consumer loss caused by data breaches, many U.S. states have enacted laws requiring firms to notify individuals when their personal information has been stolen or lost. The effect of these disclosure laws has yet to be rigorously tested, and some claim that they only serve to burden firms and consumers with unnecessary costs. Leveraging the economic analysi...
متن کاملNational Pharmacare in Canada: Equality or Equity, Accessibility or Affordability; Comment on “Universal Pharmacare in Canada: A Prescription for Equity in Healthcare”
Canada’s federal government intends to take steps to implement national pharmacare so that all Canadians have prescription drug coverage they need at an affordable price. Relatively limited funds have so far been pledged to support national pharmacare, which raises the question: what kind of program is envisioned? Since the government has already introduced regulations intended to reduce new dr...
متن کاملCloud Access Security On File System Using Secure Policies For Jelastic Cloud
Now a days we can outsource data backups offsite to third-party cloud storage services(Jelastic cloud) by which we can reduce data management costs. However, we need to provide security guarantees for the outsourced data, maintained by third parties. In this paper we design and implement FADE, a secure overlay cloud storage system which is able to achieve fine-grained, policy-based access contr...
متن کاملMeeting the Challenge of Diabetes in China
China’s estimated 114 million people with diabetes pose a massive challenge for China’s health policy-makers who have significantly extended health insurance coverage over the past decade. What China is doing now, what it has achieved, and what remains to be done should be of interest to health policy-makers, worldwide. We identify the challenges posed by China’s two pr...
متن کاملA Provenance-Policy Based Access Control Model For Data Usage Validation In Cloud
In an organization specifically as virtual as cloud there is need for access control systems to constrain users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access to confidential data the third party auditing and accounting is done which could stir up further data leaks. To control such data leaks and integrity, in past several security policies...
متن کامل