A Security Framework for Scientific Workflow Provenance Access Control Policies

The notion of collaborative scientific workflow is coined to address the increasing need for collaborative data analytics. In collaborative environments, access control policies are necessary for controlling the sharing of workflows, data products, and provenance information among collaborating parties. In particular, the protection of workflow provenance is critical because it often encodes the detailed protocol of a scientific experiment and carries the intellectual property of the respective stakeholders. In addition, since scientific workflows often evolve quickly, the corresponding access control policies for workflow provenance have to evolve as well. It is important to ensure that the evolution of workflow provenance access control policies maintain certain properties, in order to guarantee the correctness and performance of the corresponding policy enforcement. In this paper, we 1) propose a role-based access control model for scientific workflow provenance; 2) define three quality requirements for scientific workflow provenance access control policies - consistency, completeness, and conciseness; 3) develop a mechanism mapping from specifications of workflows to their counterparts in a provenance that preserves such quality properties, and 4) conduct a case study on a scientific workflow for autism behavioral data analysis that demonstrates the feasibility of our proposed analysis algorithms.

Automated summary

The concept of collaborative scientific workflow is introduced to meet the growing demand for collaborative data analytics. Access control policies are essential in collaborative environments for controlling the sharing of workflows, data products, and provenance information among collaborators. This paper proposes a role-based access control model for scientific workflow provenance and defines three quality requirements for access control policies. Additionally, a mapping mechanism is developed to preserve the quality properties of workflow provenance, and a case study on autism behavioral data analysis demonstrates the feasibility of the proposed analysis algorithms.