
219
Chapter 16
Inference and Provenance
16.1 Overview
Traditionally, we protect documents using policies such as access control policies
and sanitization-based policies. However, current mechanisms for enforcing these
policies do not operate over provenance that takes the form of a directed graph
(Braun et al. 2008). Additionally, users can infer sensitive information from the
results returned by performing frequent queries over a provenance graph. Such con-
clusions may include data that the user is not authorized to acquire. We refer to
the process of forming these conclusions from the premises as inference. When the
information inferred is somet ...