Data Provenance architecture to support Information Assurance in a Multi-Level Secure Environment

We describe a framework for capturing data provenance information to support Information assurance attributes like availability, authentication, confidentiality, integrity and non-repudiation. Our approach is applicable to multi-level secure systems where it is not always possible to directly provide data source and data transformation information. We achieve this by combining the subjective and objective trust in data as a "Figure of Merit" value that can cross security boundaries. Our architecture captures the data provenance information around the \´invariant\´ part of a message in an XML-based SOA architecture. We also introduce the notion of \´wrappers\´ so that data provenance can be added on while minimizing impact to an existing workflow. We outline a simulation-based framework that allows us to inject faults to model various threats and attacks. We also discuss a dashboard view of a workflow that brings together the intrinsic information assurance attributes of a workflow as it was designed as well as its execution in a deployed system. The dashboard can also be used for "what-if analysis to understand vulnerabilities and determine impact of compromised assets.