SECProv: Trustworthy and Efficient Provenance Management in the Cloud

The black-box nature of clouds introduces a lack of trusts in clouds. Since provenance can provide a complete history of an entity, trustworthy provenance management for data, application, or workflow can make the cloud more accountable. Current research on cloud provenance mainly focuses on collecting provenance records and trusting the cloud providers in managing the provenance records. However, a dishonest cloud provider can alter the provenance records, as the records are stored within the control of the cloud provider. To solve this problem, we first propose CloProv - a provenance model to capture the complete provenance of any type of entities in the cloud. We analyze the threats on the CloProv model considering collusion among malicious users and dishonest cloud providers. Based on the threat model, we propose a secure data provenance scheme - SECProv for cloud-based, multi-user, shared data storage systems. We integrate SECProv with the object storage module of an open source cloud framework - OpenStack Swift and analyze the efficiency of the proposed scheme.