-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprov.vtt
318 lines (237 loc) · 10.6 KB
/
prov.vtt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
WEBVTT
Kind: captions
Language: en
00:00:01.200 --> 00:00:04.640
In this training session, we will
cover secure computation techniques,
00:00:05.600 --> 00:00:09.520
data provenance for secure
computation, and provenance policies.
00:00:12.400 --> 00:00:17.200
Secure computation techniques are methods that
use cryptography to securely compute functions
00:00:17.200 --> 00:00:21.040
when some or all of the inputs should
remain secret to unauthorized parties.
00:00:21.760 --> 00:00:25.920
Some examples of secure computation
techniques include multi-party computation,
00:00:25.920 --> 00:00:30.320
secure enclaves, and zero-knowledge proofs.
00:00:30.320 --> 00:00:35.680
As an example, consider a scenario in which Bob
would like to compute the average of his, Alice,
00:00:35.680 --> 00:00:41.680
and Mallory's salaries. Alice and Mallory agree to
participate only if they can keep their individual
00:00:41.680 --> 00:00:46.640
salaries secret. To do this, they can employ
a secure computation technique that will only
00:00:46.640 --> 00:00:51.760
reveal the output of the average function to Bob
while keeping each of their input salaries secret.
00:00:53.200 --> 00:00:59.120
They can each begin by encrypting their data
with a secret cryptographic key. Then, Bob,
00:00:59.120 --> 00:01:03.520
Alice, and Mallory can each provide their
secret inputs to the secure average function,
00:01:03.520 --> 00:01:07.920
which will cryptographically compute the average
of their salaries and reveal the result to Bob.
00:01:09.680 --> 00:01:12.960
Now let's introduce data provenance
for secure computation techniques.
00:01:14.240 --> 00:01:18.800
Data provenance is documentation describing
the history of data from its inception to a
00:01:18.800 --> 00:01:24.400
slated state and can be used to assess the
integrity of data. It is represented as a
00:01:24.400 --> 00:01:28.640
labeled directed acyclic graph and the
possible nodes for a provenance graph
00:01:28.640 --> 00:01:34.000
of a secure computation in this study consist
of entities which can be: a contract entity,
00:01:34.000 --> 00:01:40.320
a key entity, or a data entity; agents, can be
an account agent or node agent; and activities.
00:01:41.200 --> 00:01:46.880
The labeled edges can be one of seven relations
which includes was attributed to, was derived
00:01:46.880 --> 00:01:53.840
from, used, acted on behalf of, was associated
with, was informed by, and was generated by.
00:01:55.680 --> 00:01:58.720
Contract entities represent the
logic that defines functions.
00:01:59.360 --> 00:02:04.640
Key entities represent cryptographic keys and
all other data is represented by data entities.
00:02:05.600 --> 00:02:10.960
Account agents represent users or organizations
that own entities and share some responsibility
00:02:10.960 --> 00:02:16.880
for the execution of a secure computation, and
node agents represent secure computation engines.
00:02:17.760 --> 00:02:21.920
Lastly, activities represent functions.
00:02:21.920 --> 00:02:26.960
Now let's discuss each of the provenance edge
relations. The first relation is was attributed
00:02:26.960 --> 00:02:32.880
to. For this edge, the source node can be any
entity and the destination node can be any agent.
00:02:32.880 --> 00:02:38.400
This relation means that the agent was responsible
for the creation of the entity. In the following
00:02:38.400 --> 00:02:44.800
example, the data entity salary b is the source
node and account agent Bob is the destination
00:02:44.800 --> 00:02:50.080
node. The relation between these two nodes
indicate that salary b was attributed to Bob.
00:02:52.320 --> 00:02:55.680
The next relation is was
derived from. For this edge,
00:02:55.680 --> 00:02:59.840
both the source and destination nodes must
be entities. This relation means that the
00:02:59.840 --> 00:03:05.280
destination entity influenced the creation of
the source entity. In the following example,
00:03:05.280 --> 00:03:11.520
the data entity average salary is the source node
and data entity salary b is the destination node.
00:03:11.520 --> 00:03:17.840
The relation between these two nodes indicate
that the average salary was derived from salary b.
00:03:19.120 --> 00:03:24.400
The next relation is used. For this edge, the
source node is an activity and the destination
00:03:24.400 --> 00:03:29.840
node is an entity. This relation means that
the activity used the entity as input. In
00:03:29.840 --> 00:03:34.960
the following example, the activity average is
the source node and data entity salary b is the
00:03:34.960 --> 00:03:40.240
destination node. The relation between these
two nodes indicate that average used salary b.
00:03:42.560 --> 00:03:48.480
The next relation is acted on behalf of. For this
edge, the source node is a node agent, which is a
00:03:48.480 --> 00:03:53.280
secure computation engine, and the destination
node is an account agent, which is a user.
00:03:53.280 --> 00:03:58.560
This relation means that the node agent performed
a computation on behalf of the account agent. In
00:03:58.560 --> 00:04:03.840
the following example, the node agent SCE is
the source node, and account agent Bob is the
00:04:03.840 --> 00:04:09.680
destination node. The relation between these two
nodes indicate that SCE acted on behalf of Bob.
00:04:11.840 --> 00:04:16.720
The next relation is was associated with. For
this edge, the source node is an activity,
00:04:16.720 --> 00:04:21.040
which represents a function, and the destination
node is a node agent, which represents a secure
00:04:21.040 --> 00:04:26.560
computation engine. This relation means that
the activity was executed by the node agent.
00:04:26.560 --> 00:04:30.000
In the following example, the
activity average is the source node,
00:04:30.000 --> 00:04:33.120
and the node agent SCE is the destination node.
00:04:33.120 --> 00:04:37.760
The relation between these two nodes indicate
that average was associated with SCE.
00:04:39.600 --> 00:04:43.840
The next relation is was generated
by. For this edge, the source node
00:04:43.840 --> 00:04:48.400
is an entity and the destination node is
an activity. This relation means that the
00:04:48.400 --> 00:04:52.720
entity was produced as output by the
activity. In the following example,
00:04:52.720 --> 00:04:58.240
the data entity average salary is the source node
and the activity average is the destination node.
00:04:58.240 --> 00:05:03.040
The relation between these two nodes indicates
that average salary was generated by average.
00:05:05.360 --> 00:05:09.920
The provenance nodes and relations can be
combined to form provenance graphs. Let's
00:05:09.920 --> 00:05:15.120
walk through a partial provenance graph for the
generation of average salary. This graph consists
00:05:15.120 --> 00:05:21.760
of six entities. Salary m, salary a, and salary
b are all data entities. Average contract is a
00:05:21.760 --> 00:05:26.400
contract entity and represents a contract that
provides instructions for how the average is to
00:05:26.400 --> 00:05:32.720
be computed. KeySCE is a key entity and represents
a cryptographic key that secures the computation.
00:05:32.720 --> 00:05:39.760
And average salary is a data entity. This graph
contains four agents: Mallory, Alice, and Bob
00:05:39.760 --> 00:05:45.920
are all account agents, and SCE, which represents
a secure computation engine, is a node agent.
00:05:45.920 --> 00:05:51.840
And lastly, the graph contains one activity
which represents the average function
00:05:53.280 --> 00:05:59.440
In this graph, salary M was attributed to Mallory,
salary A was attributed to Alice, and salary B was
00:05:59.440 --> 00:06:07.360
attributed to Bob. Average contract and keySCE was
attributed to SCE and SCE acted on behalf of Bob.
00:06:09.520 --> 00:06:12.800
The average activity used salary M, salary A,
00:06:12.800 --> 00:06:20.160
salary B, average contract, keySCE as
input, and was associated with SCE.
00:06:20.160 --> 00:06:25.920
The average salary was generated by the
average activity and was derived from salary M,
00:06:25.920 --> 00:06:30.160
salary A salary B, average contract, and keySCE.
00:06:32.480 --> 00:06:36.480
And lastly, the average salary
was attributed to Bob and SCE,
00:06:38.960 --> 00:06:41.280
resulting in the final provenance graph.
00:06:43.600 --> 00:06:49.200
Now we will introduce provenance policies.
Provenance policies are constraints placed
00:06:49.200 --> 00:06:53.840
on provenance graphs to either verify
that data was generated as expected
00:06:53.840 --> 00:06:59.120
or to detect when data was manipulated in
an unexpected way. Provenance policies are
00:06:59.120 --> 00:07:06.000
designed to prevent the consumption of untrusted
data. Going back to our average salary example,
00:07:06.000 --> 00:07:11.360
Bob can verify that the average salary was
generated as expected by specifying provenance
00:07:11.360 --> 00:07:15.840
policies that can be automatically checked
when given the appropriate provenance graph.
00:07:17.120 --> 00:07:22.080
In this study, you will use two languages and
systems to specify provenance policies that
00:07:22.080 --> 00:07:29.600
will be evaluated on provenance graphs. These
languages and systems include ProProv and Rego.