A Security Framework for Scientific Workflow Provenance Access Control Policies

The notion of collaborative scientific workflow is coined to address the increasing need for collaborative data analytics. In collaborative environments, access control policies are necessary for controlling the sharing of workflows, data products, and provenance information among collaborating parties. In particular, the protection of workflow provenance is critical because it often encodes the detailed protocol of a scientific experiment and carries the intellectual property of the respective stakeholders. In addition, since scientific workflows often evolve quickly, the corresponding access control policies for workflow provenance have to evolve as well. It is important to ensure that the evolution of workflow provenance access control policies maintain certain properties, in order to guarantee the correctness and performance of the corresponding policy enforcement. In this paper, we 1) propose a role-based access control model for scientific workflow provenance; 2) define three quality requirements for scientific workflow provenance access control policies - consistency, completeness, and conciseness; 3) develop a mechanism mapping from specifications of workflows to their counterparts in a provenance that preserves such quality properties, and 4) conduct a case study on a scientific workflow for autism behavioral data analysis that demonstrates the feasibility of our proposed analysis algorithms.