Publications

Refine Results

(Filters Applied) Clear All

Bootstrapping and Maintaining Trust in the Cloud(469.63 KB)

Date:
December 5, 2016
Published in:
Proceedings of the 32nd Annual Computer Security Applications Conference, ACSAC 2016
Type:
Conference Paper

Summary

Today's infrastructure as a service (IaaS) cloud environments rely upon full trust in the provider to secure applications and data. In this paper we introduce keylime, a scalable trusted cloud key management system. Keylime provides an end-to-end solution for both bootstrapping hardware rooted cryptographic identities for IaaS nodes and for system integrity monitoring of those nodes via periodic attestation.

Leveraging Data Provenance to Enhance Cyber Resilience(273.48 KB)

Date:
November 3, 2016
Published in:
Proceedings of 1st IEEE Cybersecurity Development Conference (SecDev'16), Boston, Mass.
Type:
Conference Paper

Summary

Creating bigger and better walls to keep adversaries out of our systems has been a failing strategy. The recent attacks against Target and Sony Pictures, to name a few, further emphasize this. Data provenance is a critical technology in building resilient systems that will allow systems to recover from attackers that manage to overcome the “hard-shell” defenses. In this paper, we provide background information on data provenance, details on provenance collection, analysis, and storage techniques and challenges.

High-throughput Ingest of Data Provenance Records into Accumulo(349.93 KB)

Author:
Date:
September 13, 2016
Published in:
Proceedings of IEEE High Performance Extreme Computing Conference (HPEC '16)
Type:
Conference Paper

Summary

Whole-system data provenance provides deep insight into the processing of data on a system, including detecting data integrity attacks. The downside to systems that collect whole-system data provenance is the sheer volume of data that is generated under many heavy workloads. In this paper, we investigate the use of D4M and Accumulo to support high-throughput data ingest of whole-system provenance data.

Trustworthy whole-system provenance for the linux kernel(682.54 KB)

Date:
August 12, 2015
Published in:
24th USENIX Security Symposium (USENIX Security 15), Washington, D.C.
Type:
Conference Paper

Summary

A provenance-aware system automatically gathers and reports metadata that describes the history of each object being processed on the system. Provenance itself is a ripe attack vector, and its authenticity and integrity must be guaranteed before it can be put to use. We present Linux Provenance Modules (LPM), the first general framework for the development of provenance-aware systems.

Take only what you need: Leveraging mandatory access control policy to reduce provenance storage costs(280.06 KB)

Date:
July 8, 2015
Published in:
Proceedings of 7th USENIX Workshop on the Theory and Practice of Provenance (TaPP 15), Edinburgh, Scotland
Type:
Conference Paper

Summary

Provenance-aware systems offer unprecedented insight into the workings of computing systems, but retaining provenance demands considerable storage space. In this work, we propose a novel approach to policy-based provenance pruning – leverage the confinement properties provided by Mandatory Access Control (MAC) systems in order to identify subdomains of system activity for which to collect provenance.

Runtime Integrity Measurement and Enforcement with Automated Whitelist Generation(554.15 KB)

Date:
December 7, 2014
Published in:
Proceedings of the 2014 Computer Security Applications Conference (ACSAC)
Type:
Abstract

Summary

This poster discusses a strategy for automatic whitelist generation and enforcement using techniques from information flow control and trusted computing. Our prototype system, built on top of Intel's PIN emulation environment and the libdft taint tracking system, demonstrates high accuracy in tracking the sources of instructions.

Poster URL: https://homes.cs.washington.edu/~aksimpso/publications/ACSAC2014Poster.pdf

Showing Results

1-6 of 6