MLASVS-DATA-1: Data Provenance¶
Category¶
MLASVS-DATA: Data Security & Privacy
Overview¶
Data provenance ensures that every dataset used in ML training, evaluation, and inference has a verifiable origin, transformation history, and integrity chain. Without provenance, poisoned or compromised data can enter the ML pipeline undetected.
Controls¶
DATA-001: Data Provenance Tracking (L1)¶
Description: All datasets used for ML training must have documented provenance including source, collection method, date, and responsible party.
MITRE ATLAS: AML.TA0009 (Discovery) Test Reference: MLASTG-TEST-DATA-001
Verification: 1. Review dataset documentation for provenance information 2. Verify that all training datasets include source tracking 3. Confirm that labeled data sources are identified
Remediation: Implement a data catalog system that automatically captures dataset metadata during ingestion.
DATA-002: Cryptographic Data Integrity (L1)¶
Description: All training datasets must have cryptographic hashes (SHA-256 or stronger) recorded at time of acquisition and verifiable at time of use.
MITRE ATLAS: AML.TA0010 (Collection) Test Reference: MLASTG-TEST-DATA-001
Verification: 1. Verify that SHA-256 hashes were computed and stored for each dataset 2. Recompute hashes and compare against stored values 3. Check that hash verification is performed before training begins
Remediation: Automate hash computation in the data ingestion pipeline with integrity checks before each training run.
DATA-006: Data Lineage Documentation (L1)¶
Description: All data transformations, preprocessing steps, and augmentations applied to training data must be documented and reproducible.
MITRE ATLAS: AML.TA0009 (Discovery) Test Reference: MLASTG-TEST-DATA-001
Verification: 1. Review pipeline code for data transformation steps 2. Verify that preprocessing pipelines are version-controlled 3. Confirm that data transformations are reproducible from raw data
Remediation: Use ML pipeline tools (Kubeflow, MLflow, TFX) that automatically capture data lineage.
DATA-020: Cryptographic Data Provenance (L2)¶
Description: Full cryptographic provenance chain using signed manifests or transparency logs for all training datasets.
MITRE ATLAS: AML.TA0009 (Discovery) Test Reference: MLASTG-TEST-DATA-001
Verification: 1. Verify that signed manifests exist for each dataset version 2. Check that provenance chain covers source → transformation → training 3. Validate signature chain integrity
Remediation: Implement sigstore-style signing for datasets or use a transparency log (e.g., Rekor).
DATA-026: Real-time Data Integrity Monitoring (L2)¶
Description: For continuous learning systems, data integrity must be monitored in real-time during the data ingestion pipeline.
MITRE ATLAS: AML.TA0010 (Collection) Test Reference: MLASTG-TEST-DATA-001
Verification: 1. Verify that streaming data pipelines include integrity checks 2. Confirm that integrity failures trigger alerts 3. Check that drift detection is applied to incoming data distributions
Remediation: Implement real-time data validation using tools like Apache Beam validation transforms or custom streaming checks.
DATA-030: Data Trust Scoring (L2)¶
Description: Each data source must be assigned a trust score based on provenance completeness, historical integrity, and source reputation.
MITRE ATLAS: AML.TA0009 (Discovery) Test Reference: MLASTG-TEST-DATA-001
Verification: 1. Review data source trust scoring methodology 2. Verify that low-trust sources are flagged for human review 3. Confirm that trust scores are factored into automated data selection
Remediation: Implement a data quality/trust framework with quantitative scoring criteria.
Cross-References¶
- MITRE ATLAS: AML.TA0009, AML.TA0010
- OWASP ML Top 10: ML04 (Supply Chain), ML08 (Transfer Learning)
- NIST AI RMF: MAP-1, MAP-2, MEASURE-2
- OWASP AI Exchange: Data Limitation, Development-time Threats