WO2019171111A1 - Application level object provenance service in cloud - Google Patents
Application level object provenance service in cloud Download PDFInfo
- Publication number
- WO2019171111A1 WO2019171111A1 PCT/IB2018/051376 IB2018051376W WO2019171111A1 WO 2019171111 A1 WO2019171111 A1 WO 2019171111A1 IB 2018051376 W IB2018051376 W IB 2018051376W WO 2019171111 A1 WO2019171111 A1 WO 2019171111A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- provenance
- application
- objects
- data
- service
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2111/00—Details relating to CAD techniques
- G06F2111/02—CAD in a network environment, e.g. collaborative CAD or distributed simulation
Definitions
- Object Provenance can provide hints on access patterns for the application object, detect anomalous behaviour for the application, and provide enhanced user search capabilities for retrieving application object or data.
- Application Level Object Provenance as a fundamental storage system primitive and provide a cluster of virtual machines or a separate service that can infer the
- Provenance of an application object can be abstractly defined as a Directed Acyclic Graph.
- the nodes in the Directed Acyclic Graph represent objects such as files, processes, tuples, data sets, etc. These nodes are further annotated with attributes.
- a process node might be annotated with attributes such as the executable path, the environment, and the command line arguments.
- a file node is annotated with its name and version.
- the edge between two nodes indicates a dependency between the objects. For example, an edge from an object A to an object B indicates that B was derived from A.
- the provenance graph is acyclic as the presence of cycles indicates that objects are their own ancestors.
- Object provenance can help validate the processes that were used to generate the objects and hence can help researchers decide if they want to use the object data.
- object provenance helps in detecting application anomalies like for example object generated by a video-encoder application might be write-once, read-mostly. If, for some reason, a bug in the application is triggered that repeatedly over-writes the same file, the Application Level Object Provenance Service could detect this behaviour and notify the user. Also this service can help us provide application object level Access Control List (ACL).
- ACL application object level Access Control List
- a user can specify a policy that states all data derived from a file named top-secret should be available only to a specified set of users and that all files generated by another program can be accessible to all users.
- This service can also be used by the application to prefetch a set of data objects related to each other in application cache and avoid access requests to the storage service itself.
- Dependency links readily provide hints on how data are related to each other. For example, dependency links might suggest that a particular set of objects in a graph are regularly accessed sequentially and hence it might be beneficial to prefetch them as soon as the first one is requested. Also note as mentioned earlier object provenance and the application object itself should be stored atomically (or using the same method or interface) for consistency. Object provenance has to be retained beyond the lifetime of the object it describes. The provenance of an object might connect objects that are otherwise unrelated. Hence removing the object provenance when an object is deleted can sever the provenance chain. If an object had no descendants, then the service can choose to remove its provenance, since it cannot appear in the provenance chain of any other object.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Geometry (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Here we provide digital provenance for all objects of an application that describes the ancestry or history of the digital object. Object Provenance can provide hints on access patterns for the application object, detect anomalous behaviour for the application, and provide enhanced user search capabilities for retrieving application object or data. As the next generation compute and storage providers, we incorporate Application Level Object Provenance as a fundamental storage system primitive and provide a cluster of virtual machines or a separate service that can infer the provenance of the data or object being generated and transmit the provenance to the storage service along with the data. Object provenance can help validate the processes that were used to generate the objects and hence can help researchers decide if they want to use the object data.
Description
Application Level Object Provenance Service In Cloud
In this invention we provide digital provenance for all objects of an application that describes the ancestry or history of the digital object. Object Provenance can provide hints on access patterns for the application object, detect anomalous behaviour for the application, and provide enhanced user search capabilities for retrieving application object or data. As the next generation compute and storage providers, we incorporate Application Level Object Provenance as a fundamental storage system primitive and provide a cluster of virtual machines or a separate service that can infer the
provenance of the data or object being generated and transmit the provenance to the storage service along with the data. Provenance of an application object can be abstractly defined as a Directed Acyclic Graph. The nodes in the Directed Acyclic Graph represent objects such as files, processes, tuples, data sets, etc. These nodes are further annotated with attributes. For example, a process node might be annotated with attributes such as the executable path, the environment, and the command line arguments. A file node is annotated with its name and version. The edge between two nodes indicates a dependency between the objects. For example, an edge from an object A to an object B indicates that B was derived from A. The provenance graph, by definition, is acyclic as the presence of cycles indicates that objects are their own ancestors. Object provenance can help validate the processes that were used to generate the objects and hence can help researchers decide if they want to use the object data. In addition to this providing object provenance for all objects in the application helps in detecting application anomalies like for example object generated by a video-encoder application might be write-once, read-mostly. If, for some reason, a bug in the application is triggered that repeatedly over-writes the same file, the Application Level Object Provenance Service could detect this behaviour and notify the user. Also this service can help us provide application object level Access Control List (ACL). For example, a user can specify a policy that states all data derived from a file named top-secret should be available only to a specified set of users and that all files generated by another program can be accessible to all users. This service can also be used by the application to prefetch a set of data objects related to each other in application cache and avoid access requests to the storage service itself.
Dependency links readily provide hints on how data are related to each other. For example, dependency links might suggest that a particular set of objects in a graph are regularly accessed sequentially and hence it might be beneficial to prefetch them as soon as the first one is requested. Also note as mentioned earlier object provenance and the application object itself should be stored atomically (or using the same method or interface) for consistency. Object provenance has to be retained beyond the lifetime of the object it describes. The provenance of an object might connect objects that are otherwise unrelated. Hence removing the object provenance when an object is deleted can sever the provenance chain. If an object had no descendants, then the service can choose to remove its provenance, since it cannot appear in the provenance chain of any other object.
Claims
1 . In this invention we provide digital provenance for all objects of an application that describes the ancestry or history of the digital object. Object Provenance can provide hints on access patterns for the application object, detect anomalous behaviour for the application, and provide enhanced user search capabilities for retrieving application object or data. As the next generation compute and storage providers, we incorporate Application Level Object Provenance as a fundamental storage system primitive and provide a cluster of virtual machines or a separate service that can infer the provenance of the data or object being generated and transmit the provenance to the storage service along with the data. Provenance of an application object can be abstractly defined as a Directed Acyclic Graph. The nodes in the Directed Acyclic Graph represent objects such as files, processes, tuples, data sets, etc. These nodes are further annotated with attributes. For example, a process node might be annotated with attributes such as the executable path, the environment, and the command line arguments. A file node is annotated with its name and version. The edge between two nodes indicates a dependency between the objects. For example, an edge from an object A to an object B indicates that B was derived from A. The provenance graph, by definition, is acyclic as the presence of cycles indicates that objects are their own ancestors. Object provenance can help validate the processes that were used to generate the objects and hence can help researchers decide if they want to use the object data. In addition to this providing object provenance for all objects in the application helps in detecting application anomalies like for example object generated by a video-encoder application might be write-once, read-mostly. If, for some reason, a bug in the application is triggered that repeatedly over-writes the same file, the Application Level Object Provenance Service could detect this behaviour and notify the user. Also this service can help us provide application object level Access Control List (ACL). For example, a user can specify a policy that states all data derived from a file named top-secret should be available only to a specified set of users and that all files generated by another program can be accessible to all users. This service can also be used by the application to prefetch a set of data objects related to each other in application cache and avoid access requests to the storage service itself. Dependency links readily provide hints on how data are related to each other. For example, dependency links might suggest that a particular set of objects in a graph are regularly accessed sequentially and hence it might be beneficial to prefetch them as soon as the first one is requested. Also note as mentioned earlier object provenance and the application object itself should be stored atomically (or using the same method or interface) for
consistency. Object provenance has to be retained beyond the lifetime of the object it describes. The provenance of an object might connect objects that are otherwise unrelated. Hence removing the object provenance when an object is deleted can sever the provenance chain. If an object had no descendants, then the service can choose to remove its provenance, since it cannot appear in the provenance chain of any other object. The above novel technique of providing application level object provenance service is the claim for this invention.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2018/051376 WO2019171111A1 (en) | 2018-03-04 | 2018-03-04 | Application level object provenance service in cloud |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2018/051376 WO2019171111A1 (en) | 2018-03-04 | 2018-03-04 | Application level object provenance service in cloud |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019171111A1 true WO2019171111A1 (en) | 2019-09-12 |
Family
ID=67845886
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2018/051376 WO2019171111A1 (en) | 2018-03-04 | 2018-03-04 | Application level object provenance service in cloud |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2019171111A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114519101A (en) * | 2020-11-18 | 2022-05-20 | 易保网络技术(上海)有限公司 | Data clustering method and system, data storage method and system and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050257090A1 (en) * | 2004-04-30 | 2005-11-17 | Santos Jose R | Method of restoring processes within process domain |
US20150309502A1 (en) * | 2014-04-24 | 2015-10-29 | International Business Machines Corporation | Managing provenance and authenticity for digitally manufactured objects |
US9710332B1 (en) * | 2011-12-21 | 2017-07-18 | EMC IP Holding Company LLC | Data provenance in computing infrastructure |
-
2018
- 2018-03-04 WO PCT/IB2018/051376 patent/WO2019171111A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050257090A1 (en) * | 2004-04-30 | 2005-11-17 | Santos Jose R | Method of restoring processes within process domain |
US9710332B1 (en) * | 2011-12-21 | 2017-07-18 | EMC IP Holding Company LLC | Data provenance in computing infrastructure |
US20150309502A1 (en) * | 2014-04-24 | 2015-10-29 | International Business Machines Corporation | Managing provenance and authenticity for digitally manufactured objects |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114519101A (en) * | 2020-11-18 | 2022-05-20 | 易保网络技术(上海)有限公司 | Data clustering method and system, data storage method and system and storage medium |
CN114519101B (en) * | 2020-11-18 | 2023-06-06 | 易保网络技术(上海)有限公司 | Data clustering method and system, data storage method and system and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7044879B2 (en) | Local tree update for client synchronization service | |
JP5656781B2 (en) | Methods, storage media, and systems for stream-based debugging (stream-based debugging techniques) | |
US10867063B1 (en) | Dynamic shared data object masking | |
JP6090431B2 (en) | Information processing method, information processing apparatus and program for distributed processing, and distributed processing system | |
KR20170046784A (en) | Executing graph-based program specifications | |
KR20170046776A (en) | Managing invocation of tasks | |
US11868502B2 (en) | Row-level security | |
KR20140129042A (en) | Application installation | |
US20160232191A1 (en) | Overlays to modify data objects of source data | |
US20200302080A1 (en) | Database proxy service | |
Celik et al. | Build system with lazy retrieval for Java projects | |
US11620310B1 (en) | Cross-organization and cross-cloud automated data pipelines | |
US12014162B2 (en) | Controlled updates of containers in a distributed application deployment environment | |
CA3083965C (en) | Redistributing table data in a database cluster | |
WO2019171111A1 (en) | Application level object provenance service in cloud | |
US9830307B1 (en) | Ahead of time compilation of content pages | |
JP6418419B2 (en) | Method and apparatus for hard disk to execute application code | |
US12072840B2 (en) | Catalog query framework on distributed key value store | |
CN104573496A (en) | Method and device for inhibiting starting items from starting | |
KR102026333B1 (en) | Method for processing task in respect to distributed file system | |
US9720710B2 (en) | Dynamically provisioning, managing, and executing tasks | |
WO2013161056A1 (en) | Process implementation device, method and program | |
US10684840B1 (en) | Software package installation and monitoring | |
US7979393B2 (en) | Multiphase topology-wide code modifications for peer-to-peer systems | |
US11132185B2 (en) | Embedding of multiple versions in monolithic applications during compilation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18908530 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18908530 Country of ref document: EP Kind code of ref document: A1 |