Publications

Refine Results

(Filters Applied) Clear All

Leveraging Data Provenance to Enhance Cyber Resilience(273.48 KB)

Date:
November 3, 2016
Published in:
Proceedings of 1st IEEE Cybersecurity Development Conference (SecDev'16), Boston, Mass.
Type:
Conference Paper

Summary

Creating bigger and better walls to keep adversaries out of our systems has been a failing strategy. The recent attacks against Target and Sony Pictures, to name a few, further emphasize this. Data provenance is a critical technology in building resilient systems that will allow systems to recover from attackers that manage to overcome the “hard-shell” defenses. In this paper, we provide background information on data provenance, details on provenance collection, analysis, and storage techniques and challenges.

Trustworthy whole-system provenance for the linux kernel(682.54 KB)

Date:
August 12, 2015
Published in:
24th USENIX Security Symposium (USENIX Security 15), Washington, D.C.
Type:
Conference Paper

Summary

A provenance-aware system automatically gathers and reports metadata that describes the history of each object being processed on the system. Provenance itself is a ripe attack vector, and its authenticity and integrity must be guaranteed before it can be put to use. We present Linux Provenance Modules (LPM), the first general framework for the development of provenance-aware systems.

Take only what you need: Leveraging mandatory access control policy to reduce provenance storage costs(280.06 KB)

Date:
July 8, 2015
Published in:
Proceedings of 7th USENIX Workshop on the Theory and Practice of Provenance (TaPP 15), Edinburgh, Scotland
Type:
Conference Paper

Summary

Provenance-aware systems offer unprecedented insight into the workings of computing systems, but retaining provenance demands considerable storage space. In this work, we propose a novel approach to policy-based provenance pruning – leverage the confinement properties provided by Mandatory Access Control (MAC) systems in order to identify subdomains of system activity for which to collect provenance.

Showing Results

1-3 of 3