Secure Systems

MARCH/APRIL 2011 1540-7993/11/$26.00 © 2011 IEEE COPUBLISHED BY THE IEEE COMPUTER AND RELIABILITY SOCIETIES 83 Patrick McDaniel Pennsylvania State University cesses and inputs that created or transformed the data. Where provenance enumerates the entities that contributed to the data. Consider a patient x-ray image document used in a healthcare system. The provenance record for that document would identify the x-ray inputs; any postprocessing operations, such as image enhancements; the annotations created by specialists (why provenance) as well as technicians, nurses, and doctors who created and modified the record; the hosts on which the software executed; and the times and dates the processes were formed (where provenance). Data provenance has had its widest adoption in the scientific computing community. Provenance is often recorded in these environments by capturing data from instrumented workflows and systems that process large data sets. The database community has recently explored how to support provenance collection in database records and streams by retaining query structures and input. Others have examined the use of these features to measure provenance in social networks and general information retrieval processes. A more recent area of focus is provenance in operating and storage systems, which have the advantage of being difficult to circumvent, but are expensive and hard to deploy. The ProvenanceAware Storage System uses a modified Linux kernel, collecting elaborate information flow and workflow descriptions at the OS level. Further efforts defined Information is often filtered, sampled, repackaged, condensed, or altered to suit any number of purposes. Over time, the entropy of these processes causes information to lose its essential validity. Far too often, we’re left with data without knowledge. Context is necessary for good decision-making. Whether attempt ing to determine if a website is legitimate or diagnosing a patient ailment, understanding the origins and processes that formed the data is essential to a successful outcome. However, this understanding is frequently cobbled together from vague notions of physical origins and assumed datahandling practices. Intelligence failures, poor medical diagnoses, and monetary losses resulting from poor source data and attribution are far too common in both physical processes and computer systems. Data provenance documents data’s genesis and subsequent modification as it’s processed in and across systems. Manifest as annotations, logs, or workflow histories, provenance indicates the data’s origins and pedigree. Data provenance and security are symbiotic. Good security leads to accurate, timely, and detailed provenance, and good provenance lets systems and users make good security decisions. Unfortunately, support for provenance in information systems is largely experimental at this time.