WO2019171111A1 - Application level object provenance service in cloud - Google Patents

Application level object provenance service in cloud Download PDF

Info

Publication number
WO2019171111A1
WO2019171111A1 PCT/IB2018/051376 IB2018051376W WO2019171111A1 WO 2019171111 A1 WO2019171111 A1 WO 2019171111A1 IB 2018051376 W IB2018051376 W IB 2018051376W WO 2019171111 A1 WO2019171111 A1 WO 2019171111A1
Authority
WO
WIPO (PCT)
Prior art keywords
provenance
application
objects
data
service
Prior art date
Application number
PCT/IB2018/051376
Other languages
French (fr)
Inventor
Pratik Sharma
Original Assignee
Pratik Sharma
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pratik Sharma filed Critical Pratik Sharma
Priority to PCT/IB2018/051376 priority Critical patent/WO2019171111A1/en
Publication of WO2019171111A1 publication Critical patent/WO2019171111A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/02CAD in a network environment, e.g. collaborative CAD or distributed simulation

Definitions

  • Object Provenance can provide hints on access patterns for the application object, detect anomalous behaviour for the application, and provide enhanced user search capabilities for retrieving application object or data.
  • Application Level Object Provenance as a fundamental storage system primitive and provide a cluster of virtual machines or a separate service that can infer the
  • Provenance of an application object can be abstractly defined as a Directed Acyclic Graph.
  • the nodes in the Directed Acyclic Graph represent objects such as files, processes, tuples, data sets, etc. These nodes are further annotated with attributes.
  • a process node might be annotated with attributes such as the executable path, the environment, and the command line arguments.
  • a file node is annotated with its name and version.
  • the edge between two nodes indicates a dependency between the objects. For example, an edge from an object A to an object B indicates that B was derived from A.
  • the provenance graph is acyclic as the presence of cycles indicates that objects are their own ancestors.
  • Object provenance can help validate the processes that were used to generate the objects and hence can help researchers decide if they want to use the object data.
  • object provenance helps in detecting application anomalies like for example object generated by a video-encoder application might be write-once, read-mostly. If, for some reason, a bug in the application is triggered that repeatedly over-writes the same file, the Application Level Object Provenance Service could detect this behaviour and notify the user. Also this service can help us provide application object level Access Control List (ACL).
  • ACL application object level Access Control List
  • a user can specify a policy that states all data derived from a file named top-secret should be available only to a specified set of users and that all files generated by another program can be accessible to all users.
  • This service can also be used by the application to prefetch a set of data objects related to each other in application cache and avoid access requests to the storage service itself.
  • Dependency links readily provide hints on how data are related to each other. For example, dependency links might suggest that a particular set of objects in a graph are regularly accessed sequentially and hence it might be beneficial to prefetch them as soon as the first one is requested. Also note as mentioned earlier object provenance and the application object itself should be stored atomically (or using the same method or interface) for consistency. Object provenance has to be retained beyond the lifetime of the object it describes. The provenance of an object might connect objects that are otherwise unrelated. Hence removing the object provenance when an object is deleted can sever the provenance chain. If an object had no descendants, then the service can choose to remove its provenance, since it cannot appear in the provenance chain of any other object.

Abstract

Here we provide digital provenance for all objects of an application that describes the ancestry or history of the digital object. Object Provenance can provide hints on access patterns for the application object, detect anomalous behaviour for the application, and provide enhanced user search capabilities for retrieving application object or data. As the next generation compute and storage providers, we incorporate Application Level Object Provenance as a fundamental storage system primitive and provide a cluster of virtual machines or a separate service that can infer the provenance of the data or object being generated and transmit the provenance to the storage service along with the data. Object provenance can help validate the processes that were used to generate the objects and hence can help researchers decide if they want to use the object data.

Description

Application Level Object Provenance Service In Cloud
In this invention we provide digital provenance for all objects of an application that describes the ancestry or history of the digital object. Object Provenance can provide hints on access patterns for the application object, detect anomalous behaviour for the application, and provide enhanced user search capabilities for retrieving application object or data. As the next generation compute and storage providers, we incorporate Application Level Object Provenance as a fundamental storage system primitive and provide a cluster of virtual machines or a separate service that can infer the
provenance of the data or object being generated and transmit the provenance to the storage service along with the data. Provenance of an application object can be abstractly defined as a Directed Acyclic Graph. The nodes in the Directed Acyclic Graph represent objects such as files, processes, tuples, data sets, etc. These nodes are further annotated with attributes. For example, a process node might be annotated with attributes such as the executable path, the environment, and the command line arguments. A file node is annotated with its name and version. The edge between two nodes indicates a dependency between the objects. For example, an edge from an object A to an object B indicates that B was derived from A. The provenance graph, by definition, is acyclic as the presence of cycles indicates that objects are their own ancestors. Object provenance can help validate the processes that were used to generate the objects and hence can help researchers decide if they want to use the object data. In addition to this providing object provenance for all objects in the application helps in detecting application anomalies like for example object generated by a video-encoder application might be write-once, read-mostly. If, for some reason, a bug in the application is triggered that repeatedly over-writes the same file, the Application Level Object Provenance Service could detect this behaviour and notify the user. Also this service can help us provide application object level Access Control List (ACL). For example, a user can specify a policy that states all data derived from a file named top-secret should be available only to a specified set of users and that all files generated by another program can be accessible to all users. This service can also be used by the application to prefetch a set of data objects related to each other in application cache and avoid access requests to the storage service itself.
Dependency links readily provide hints on how data are related to each other. For example, dependency links might suggest that a particular set of objects in a graph are regularly accessed sequentially and hence it might be beneficial to prefetch them as soon as the first one is requested. Also note as mentioned earlier object provenance and the application object itself should be stored atomically (or using the same method or interface) for consistency. Object provenance has to be retained beyond the lifetime of the object it describes. The provenance of an object might connect objects that are otherwise unrelated. Hence removing the object provenance when an object is deleted can sever the provenance chain. If an object had no descendants, then the service can choose to remove its provenance, since it cannot appear in the provenance chain of any other object.

Claims

Claims Following is the claim for this invention: -
1 . In this invention we provide digital provenance for all objects of an application that describes the ancestry or history of the digital object. Object Provenance can provide hints on access patterns for the application object, detect anomalous behaviour for the application, and provide enhanced user search capabilities for retrieving application object or data. As the next generation compute and storage providers, we incorporate Application Level Object Provenance as a fundamental storage system primitive and provide a cluster of virtual machines or a separate service that can infer the provenance of the data or object being generated and transmit the provenance to the storage service along with the data. Provenance of an application object can be abstractly defined as a Directed Acyclic Graph. The nodes in the Directed Acyclic Graph represent objects such as files, processes, tuples, data sets, etc. These nodes are further annotated with attributes. For example, a process node might be annotated with attributes such as the executable path, the environment, and the command line arguments. A file node is annotated with its name and version. The edge between two nodes indicates a dependency between the objects. For example, an edge from an object A to an object B indicates that B was derived from A. The provenance graph, by definition, is acyclic as the presence of cycles indicates that objects are their own ancestors. Object provenance can help validate the processes that were used to generate the objects and hence can help researchers decide if they want to use the object data. In addition to this providing object provenance for all objects in the application helps in detecting application anomalies like for example object generated by a video-encoder application might be write-once, read-mostly. If, for some reason, a bug in the application is triggered that repeatedly over-writes the same file, the Application Level Object Provenance Service could detect this behaviour and notify the user. Also this service can help us provide application object level Access Control List (ACL). For example, a user can specify a policy that states all data derived from a file named top-secret should be available only to a specified set of users and that all files generated by another program can be accessible to all users. This service can also be used by the application to prefetch a set of data objects related to each other in application cache and avoid access requests to the storage service itself. Dependency links readily provide hints on how data are related to each other. For example, dependency links might suggest that a particular set of objects in a graph are regularly accessed sequentially and hence it might be beneficial to prefetch them as soon as the first one is requested. Also note as mentioned earlier object provenance and the application object itself should be stored atomically (or using the same method or interface) for
consistency. Object provenance has to be retained beyond the lifetime of the object it describes. The provenance of an object might connect objects that are otherwise unrelated. Hence removing the object provenance when an object is deleted can sever the provenance chain. If an object had no descendants, then the service can choose to remove its provenance, since it cannot appear in the provenance chain of any other object. The above novel technique of providing application level object provenance service is the claim for this invention.
PCT/IB2018/051376 2018-03-04 2018-03-04 Application level object provenance service in cloud WO2019171111A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2018/051376 WO2019171111A1 (en) 2018-03-04 2018-03-04 Application level object provenance service in cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2018/051376 WO2019171111A1 (en) 2018-03-04 2018-03-04 Application level object provenance service in cloud

Publications (1)

Publication Number Publication Date
WO2019171111A1 true WO2019171111A1 (en) 2019-09-12

Family

ID=67845886

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/051376 WO2019171111A1 (en) 2018-03-04 2018-03-04 Application level object provenance service in cloud

Country Status (1)

Country Link
WO (1) WO2019171111A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114519101A (en) * 2020-11-18 2022-05-20 易保网络技术(上海)有限公司 Data clustering method and system, data storage method and system and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050257090A1 (en) * 2004-04-30 2005-11-17 Santos Jose R Method of restoring processes within process domain
US20150309502A1 (en) * 2014-04-24 2015-10-29 International Business Machines Corporation Managing provenance and authenticity for digitally manufactured objects
US9710332B1 (en) * 2011-12-21 2017-07-18 EMC IP Holding Company LLC Data provenance in computing infrastructure

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050257090A1 (en) * 2004-04-30 2005-11-17 Santos Jose R Method of restoring processes within process domain
US9710332B1 (en) * 2011-12-21 2017-07-18 EMC IP Holding Company LLC Data provenance in computing infrastructure
US20150309502A1 (en) * 2014-04-24 2015-10-29 International Business Machines Corporation Managing provenance and authenticity for digitally manufactured objects

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114519101A (en) * 2020-11-18 2022-05-20 易保网络技术(上海)有限公司 Data clustering method and system, data storage method and system and storage medium
CN114519101B (en) * 2020-11-18 2023-06-06 易保网络技术(上海)有限公司 Data clustering method and system, data storage method and system and storage medium

Similar Documents

Publication Publication Date Title
JP5656781B2 (en) Methods, storage media, and systems for stream-based debugging (stream-based debugging techniques)
KR20200093556A (en) Update of local tree for client synchronization service
JP6090431B2 (en) Information processing method, information processing apparatus and program for distributed processing, and distributed processing system
KR20170046784A (en) Executing graph-based program specifications
KR20170046776A (en) Managing invocation of tasks
KR20210137077A (en) Dynamic Shared Data Object Masking
US11494513B2 (en) Row-level security
KR20170046781A (en) Managing execution state of components in a graph-based program specification for controlling their associated tasks
WO2015047398A1 (en) Overlays to modify data objects of source data
US20200302080A1 (en) Database proxy service
US11620310B1 (en) Cross-organization and cross-cloud automated data pipelines
US20230065431A1 (en) Controlled updates of containers in a distributed application deployment environment
US10466991B1 (en) Computing instance software package installation
Mirtaheri et al. Dist-ria crawler: A distributed crawler for rich internet applications
WO2019171111A1 (en) Application level object provenance service in cloud
US9830307B1 (en) Ahead of time compilation of content pages
CN116034576A (en) Container Orchestration System (COS) service discovery across multiple COS clusters based on COS cluster domain name system
CN104573496A (en) Method and device for inhibiting starting items from starting
KR102026333B1 (en) Method for processing task in respect to distributed file system
CN110196879B (en) Data processing method, device, computing equipment and storage medium
JP2017515236A (en) Method and apparatus for hard disk to execute application code
Lazovik et al. Runtime modifications of spark data processing pipelines
US10140155B2 (en) Dynamically provisioning, managing, and executing tasks
WO2013161056A1 (en) Process implementation device, method and program
US7979393B2 (en) Multiphase topology-wide code modifications for peer-to-peer systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18908530

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18908530

Country of ref document: EP

Kind code of ref document: A1