HECURA: Collaborative Research: Secure Provenance in High-End Computing Systems

Award #: 0937944
Amount Awarded: $307,073
Sponsoring Organization:NSF (CCF)
Grant Period:09/15/2009-08/31/2012
Primary Investigator(s): Patrick McDaniel


Data provenance documents the inputs, entities, systems, and processes that influence data of interest---in effect providing a historical record of the data and its origins. The generated evidence supports essential forensic activities such as data-dependency analysis, error/compromise detection and recovery, and auditing and compliance analysis. This collaborative project is focused on theory and systems supporting practical end-to-end provenance in high-end computing systems. Here, systems are investigated where provenance authorities accept host-level provenance data from validated provenance monitors, to assemble a trustworthy provenance record. Provenance monitors externally observe systems or applications and securely record the evolution of data they manipulate. The provenance record is shared across the distributed environment. In support of this vision, tools and systems are explored that identify policy (what provenance data to record), trusted authorities (which entities may assert provenance information), and infrastructure (where to record provenance data). Moreover, the provenance has the potential to hurt system performance: collecting too much provenance information or doing so in an inefficient or invasive way can introduce unacceptable overheads. In response, the project is further focused on ways to understand and reduce the costs of provenance collection.

Related Research Projects

Data Provenance

Related Publications

Patrick McDaniel, Kevin Butler, Stephen McLaughlin , Radu Sion, Erez Zadok, and Marianne Winslett, Towards a Secure and Efficient System for End-to-End Provenance. 2nd USENIX Workshop on the Theory and Practice of Provenance, February 2010. [Full Paper: pdf]