Abstract
Provenance templates are now a recognised methodology for the construction of data provenance records. Each template defines the provenance of a domain-specific action in abstract form, which may then be instantiated as required by a single call to the provenance template service. As data reliability and trustworthiness becomes a critical issue in an increasing number of domains, there is a corresponding need to ensure that the provenance of that data is non-repudiable. In this paper we contribute two new, complementary modules to our template model and implementation to produce non-repudiable data provenance. The first, a module that traces the operation of the provenance template service itself, and records a provenance trace of the construction of an object-level document, at the level of individual service calls. The second, a non-repudiation module that generates evidence for the data recorded about each call, annotates the service trace accordingly, and submits a representation of that evidence to a provider-agnostic notary service. We evaluate the applicability of our approach in the context of a clinical decision support system. We first define a policy to ensure the non-repudiation of evidence with respect to a security threat analysis in order to demonstrate the suitability of our solution. We then select three use cases from within a particular system, Consult, with contrasting data provenance recording requirements and analyse the subsequent performance of our prototype implementation against three different notary providers.
This work has been supported by European Union’s Horizon 2020 research and innovation programme under grant agreement No 654248, project CORBEL, and under grant agreement No 824087, project EOSC-Life.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The provenance template model adds three special attributes (start, end, time) to the prov namespace in order to allow the start and end times of activities, and the times of influences to be instantiated as template value variables. These attributes are translated in the document model into the respective PROV timings. This is necessary because the PROV data model only allows these timings to be of type xsd:dateTime and so cannot be replaced by a variable name directly.
- 2.
References
Ahmed, I., Khan, A., Khan, M.S., Ahmed, M.: Aggregated signatures for chaining: a secure provenance scheme. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 2012–2017, August 2016
Anderson, R.J.: Liability and computer security: nine principles. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 231–245. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58618-0_67
Braun, U., Shinnar, A., Seltzer, M.: Securing provenance. In: Proceedings of the 3rd Conference on Hot Topics in Security, HOTSEC 2008, Berkeley, CA, USA, pp. 4:1–4:5. USENIX Association (2008)
Chapman, M., et al.: Computational Argumentation-based Clinical Decision Support. In: Proceedings of the 18th International Conference on Autonomous Agents and MultiAgent Systems, AAMAS 2019, pp. 2345–2347, Richland, SC. International Foundation for Autonomous Agents and Multiagent Systems (2019)
Curcin, V., Fairweather, E., Danger, R., Corrigan, D.: Templates as a method for implementing data provenance in decision support systems. J. Biomed. Inf. 65, 1–21 (2017)
Fairweather, E., Alper, P., Porat, T., Curcin, V.: Architecture for template-driven provenance recording. In: Belhajjame, K., Gehani, A., Alper, P. (eds.) IPAW 2018. LNCS, vol. 11017, pp. 217–221. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98379-0_23
Gleeson, S., Zimman, C.: PKCS #11 cryptographic token interface base specification. Technical report, OASIS (2015)
Gordon, W.J., Catalini, C.: Blockchain technology for healthcare: facilitating the transition to patient-driven interoperability. Comput. Struct. Biotechnol. J. 16, 224–230 (2018)
Hafner, M., Memon, M., Breu, R.: Seaas - a reference architecture for security services in SOA. J. Univ. Comput. Sci. 15(15), 2916–2936 (2009)
Hasan, R., Sion, R., Winslett, M.: Introducing secure provenance: Problems and challenges. In: Proceedings of the 2007 ACM Workshop on Storage Security and Survivability, StorageSS 2007, New York, NY, USA, pp. 13–18. ACM (2007)
Hasselgren, A., Kralevska, K., Gligoroski, D., Pedersen, S.A., Faxvaag, A.: Blockchain in healthcare and health sciences - a scoping review. Int. J. Med. Inf. 134, 104040 (2020)
ISO/TC JTC1, SC 27: ISO 13888–1:2009 Information technology - Security techniques - Non-repudiation Part 1 - General. Technical report, International Organisation for Standardization (2009)
Jamil, F., Khan, A., Anjum, A., Ahmed, M., Jabeen, F., Javaid, N.: Secure provenance using an authenticated data structure approach. Comput. Secur. 73, 34–56 (2018)
Kleinaki, A.S., Mytis-Gkometh, P., Drosatos, G., Efraimidis, P.S., Kaldoudi, E.: A blockchain-based notarization service for biomedical knowledge retrieval. Comput. Struct. Biotechnol. J. 16, 288–297 (2018)
Kokciyan, N., et al.: Towards an argumentation system for supporting patients in self-managing their chronic conditions. In: Joint Workshop on Health Intelligence (W3PHIAI) (2018)
Massi, M., Miladi, A., Margheri, A., Sassone, V., Rosenzweig, J.: Using PROV and Blockchain to Achieve Health Data Provenance. University of Southampton, Technical report (2018)
Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press Inc., Boca Raton (1996)
Miller, T.: Explanation in artificial intelligence: Insights from the social sciences (2019)
Moreau, L.: A canonical form for PROV documents and its application to equality, signature, and validation. ACM Trans. Internet Technol. 17(4), 1–21 (2017)
Moreau, L., et al.: The open provenance model core specification (v1.1). Future Gener. Comput. Syst. 27(6), 743–756 (2011)
Moreau, L., et al.: Prov-DM: The PROV data model. W3C (2013)
Moxey, A., Robertson, J., Newby, D., Hains, I., Williamson, M., Pearson, S.A.: Computerized clinical decision support for prescribing: provision does not guarantee uptake. J. Am. Med. Inf. Assoc. 17(1), 25–33 (2010)
Pinto, F.: Digital time-stamping to support non repudiation in electronic communications. Proceedings of SECURICOM 1996-14th Worldwide Congress on Computer and Communications Security and Protection, pp. 397–406 (1990)
Provenance Working Group W3C: W3C-PROV (2011)
Roe, M.: Cryptography and evidence. Technical report UCAM-CL-TR-780, University of Cambridge, Computer Laboratory (2010)
Toniolo, A., Cerutti, F., Oren, N., Norman, T., Sycara, K.: Making Informed Decisions with Provenance and Argumentation Schemes. In: 11th International Workshop on Argumentation in Multi-Agent Systems, pp. 1–20 (2014)
Vigil, M., Buchmann, J., Cabarcas, D., Weinert, C., Wiesmaier, A.: Integrity, authenticity, non-repudiation, and proof of existence for long-term archiving: A survey. Comput. Secur. 50, 16–32 (2015)
Zuccherato, R., Cain, P., Adams, D.C., Pinkas, D.: Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP). Technical report, Internet Engineering Task Force (Aug 2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Fairweather, E., Wittner, R., Chapman, M., Holub, P., Curcin, V. (2021). Non-repudiable Provenance for Clinical Decision Support Systems. In: Glavic, B., Braganholo, V., Koop, D. (eds) Provenance and Annotation of Data and Processes. IPAW IPAW 2020 2021. Lecture Notes in Computer Science(), vol 12839. Springer, Cham. https://doi.org/10.1007/978-3-030-80960-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-80960-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-80959-1
Online ISBN: 978-3-030-80960-7
eBook Packages: Computer ScienceComputer Science (R0)