Person:
Braun, Uri

Profile Picture

Email Address

AA Acceptance Date

Birth Date

Research Projects

Organizational Units

Job Title

Last Name

Braun

First Name

Uri

Name

Braun, Uri
Author's Publications: search.filters.isAuthorOfPublication.d1188b0e-00a6-439c-9e1b-03f33da14fc0

Search Results

Now showing 1 - 10 of 10
  • Thumbnail Image
    Publication
    Limiting Disclosure in Annotated Graphs
    (2014-06-06) Braun, Uri; Seltzer, Margo I.; Chong, Stephen; Morrisett, Greg; Waldo, Jim
    Data is increasingly represented in annotated graphs, but graphs pose novel security and privacy challenges that at present lack solutions. We begin by identifying the new challenges graphs introduce and explain why existing security approaches are insufficient.
  • Thumbnail Image
    Publication
    Provenance-Aware Storage Systems
    (2006) Muniswamy-Reddy, Kiran-Kumar; Holland, David; Braun, Uri; Seltzer, Margo
    A Provenance-Aware Storage System (PASS) is a storage system that automatically collects and maintains provenance or lineage, the complete history or ancestry of an item. We discuss the advantages of treating provenance as meta-data collected and maintained by the storage system, rather than as manual annotations stored in a separately administered database. We present a PASS implementation, discussing the challenges and performance cost, and the new functionality it enables. We show that with reasonable overhead, we can provide useful functionality not available in today’s file systems or provenance management systems.
  • Thumbnail Image
    Publication
    Provenance-Aware Storage Systems
    (2005) Seltzer, Margo; Muniswamy-Reddy, Kiran-Kumar; Holland, David A.; Braun, Uri; Ledlie, Jonathan
    Provenance is a type of meta-data that describes the history or ancestry of an object. Although provenance is typically manually generated and stored in a stand-alone database, we make the case that it must be managed by the storage system. In this paper, we describe provenance-aware storage systems (PASS), a new class of storage system that automatically tracks provenance. A PASS takes responsibility for recording provenance meta-data for the objects stored on it and maintaining that provenance over time. We predict that within the next decade, all storage systems will be expected to be provenance-aware. We describe a PASS prototype, demonstrate that tracking provenance does not incur significant overhead, and present comments from a prospective user indicating that provenance-aware storage helps scientists get their jobs done better than is currently possible.
  • Thumbnail Image
    Publication
    A Security Model for Provenance
    (2006) Braun, Uri; Shinnar, Avi
    Most security models are designed to protect data. Some also deal with traditional metadata. Provenance metadata introduces additional complexity, as does the delicate interactions between provenance metadata and the data it describes. We designed a security model for provenance metadata. Our requirements were derived from potential users. The security model consists of two non-interfering models. One protects the structure or work-flow — namely which ancestors and descendants are accessible to which users. A second model specifies which node attributes are accessible to which users. Our evaluation suggests that our security model meets the users’ requirements.
  • Thumbnail Image
    Publication
    Layering in Provenance-Aware Storage Systems
    (2008) Muniswamy-Reddy, Kiran-Kumar; Barillari, Joseph; Braun, Uri; Holland, David; Maclean, Diana; Seltzer, Margo; Holland, Stephen D.
    Digital provenance describes the ancestry or history of a digital document. Provenance provides answers to questions such as: “How does the ancestry of these objects differ?” “Are there source code files tainted by proprietary software?” “How was this object created?” Prior systems used to collect and maintain provenance operate within a single layer of abstraction: the system call boundary, a workflow specification language, or in a domain-specific application level. The provenance collected at each of these layers of abstraction is different, and all of it is important at one time or another. All of these solutions fundamentally fail to account for the different layers of abstraction at which users need to reason about their data and processes. None of these systems support queries across different layers of abstraction to answer a question such as “The calculated values in my spreadsheet have changed. Is this due to a change in the spreadsheet, a difference in the spreadsheet application, the libraries being used, or the operating system being used?” We present an architecture for provenance collection that facilitates the integration of provenance across multiple layers of abstraction and across network boundaries. We show how the need to support provenance collection at multiple layers drives the architecture. We present provenance-aware use cases from the field of thermography and quantify system overheads, showing that we can provide new functionality with acceptable overhead.
  • Thumbnail Image
    Publication
    Towards Query interoperability: PASSing PLUS
    (USENIX Association, 2011-04-13) Braun, Uri; Seltzer, Margo; Chapman, Adriane; Blaustein, Barbara; Allen, M. David; Seligman, Len
    We describe our experiences importing PASS [16] provenance into PLUS [7]. Although both systems import and export provenance that conforms to the Open Provenance Model (OPM) [14], the two systems vary greatly with respect to the granularity of provenance captured, how much semantic knowledge the system contributes, and the completeness of provenance capture. We encountered several problems reconciling provenance between the two systems and use that experience to specify a Common Provenance Framework, that provides a higher degree of interoperability between provenance systems. In each case, the problems stem from the fact that OPM interoperability is a weaker requirement than query interoperability. Our goal in presenting this work is to generate discussion about differing degrees of interoperability and the requirements thereof.
  • Thumbnail Image
    Publication
    Provenance Integration Requires Reconciliation
    (2011) Angelino, Elaine Lee; Braun, Uri; Holland, David; Macko, Peter; Margo, Daniel; Seltzer, Margo
    While there has been a great deal of research on provenance systems, there has been little discussion about challenges that arise when making different provenance systems interoperate. In fact, most of the literature focuses on provenance systems in isolation and does not discuss interoperability – what it means, its requirements, and how to achieve it. We designed the Provenance-Aware Storage System to be a general- purpose substrate on top of which it would be “easy” to add other provenance-aware systems in a way that would provide “seamless integration” for the provenance captured at each level. While the system did exactly what we wanted on toy problems, when we began integrating StarFlow, a Python-based workflow/provenance system, we discovered that integration is far trickier and more subtle than anyone has suggested in the literature. This work describes our experience undertaking the integration of StarFlow and PASS, identifying several important additions to existing provenance models necessary for interoperability among provenance systems.
  • Thumbnail Image
    Publication
    Securing Provenance
    (USENIX Association, 2008) Braun, Uri; Shinnar, Avraham; Seltzer, Margo
    Provenance describes how an object came to be in its present state. Intelligence dossiers, medical records and corporate financial reports capture provenance information. Many of these applications call for security, but existing security models are not up to the task. Provenance is a causality graph with annotations. The causality graph connects the various participating objects describing the process that produced an object’s present state. Each node represents an object and each edge represents a relationship between two objects. This graph is an immutable directed acyclic graph (DAG). Existing security models do not apply to DAGs nor do they easily extend to DAGs. Any model to control access to the structure of the graph must integrate with existing security models for the objects. We need to develop an access control model tailored to provenance and study how it interacts with existing access control models. This paper frames the problem and identifies issues requiring further research.
  • Thumbnail Image
    Publication
    Choosing a Data Model and Query Language for Provenance
    (Springer, 2008) Holland, David; Braun, Uri; Maclean, Diana; Muniswamy-Reddy, Kiran-Kumar; Seltzer, Margo
    The ancestry relationships found in provenance form a directed graph. Many provenance queries require traversal of this graph. The data and query models for provenance should directly and naturally address this graph-centric nature of provenance. To that end, we set out the requirements for a provenance data and query model and discuss why the common solutions (relational, XML, RDF) fall short. A semistructured data model is more suited for handling provenance. We propose a query model based on the Lorel query language, and briefly describe how our query language PQL extends Lorel.
  • Thumbnail Image
    Publication
    Layering in Provenance Systems
    (USENIX Association, 2009) Muniswamy-Reddy, Kiran-Kumar; Braun, Uri; Holland, David; Macko, Peter; Maclean, Diana; Margo, Daniel; Seltzer, Margo; Smogor, Robin
    Digital provenance describes the ancestry or history of a digital object. Most existing provenance systems, however, operate at only one level of abstraction: the sys- tem call layer, a workflow specification, or the high-level constructs of a particular application. The provenance collectable in each of these layers is different, and all of it can be important. Single-layer systems fail to account for the different levels of abstraction at which users need to reason about their data and processes. These systems cannot integrate data provenance across layers and cannot answer questions that require an integrated view of the provenance. We have designed a provenance collection structure facilitating the integration of provenance across multiple levels of abstraction, including a workflow engine, a web browser, and an initial runtime Python provenance tracking wrapper. We layer these components atop provenance-aware network storage (NFS) that builds upon a Provenance-Aware Storage System (PASS). We discuss the challenges of building systems that integrate provenance across multiple layers of abstraction, present how we augmented systems in each layer to integrate provenance, and present use cases that demonstrate how provenance spanning multiple layers provides functionality not available in existing systems. Our evaluation shows that the overheads imposed by layering provenance systems are reasonable.