R. Hasan, R. Sion, and M. Winslett. Proceedings of the 7th USENIX Conference on File and Storage Technologies (FAST), (2009)As increasing amounts of valuable information are produced and persist
digitally, the ability to determine the origin of data becomes
important. In science, medicine, commerce, and government, data
provenance tracking is essential for rights protection, regulatory
compliance, management of intelligence and medical data, and
authentication of information as it flows through workplace tasks.
While significant research has been conducted in this area, the
associated security and privacy issues have not been explored, leaving
provenance information vulnerable to illicit alteration as it passes
through untrusted environments.
In this talk, we show how to provide strong integrity and
confidentiality assurances for data provenance information in an
untrusted distributed environment. We describe our provenance-aware
system prototype that implements provenance tracking of data writes at
the application layer, which makes it extremely easy to deploy. We
present empirical results that show that, for typical real-life
workloads, the run-time overhead of our approach to recording
provenance with confidentiality and integrity guarantees ranges from
1% - 13%..