PROV2R: Practical Provenance Analysis of Unstructured Processes
作者: Manolis Stamatogiannakis , Elias Athanasopoulos , Herbert Bos , Paul Groth
DOI: 10.1145/3062176
关键词:
摘要: Information produced by Internet applications is inherently a result of processes that are executed locally. Think web server makes use CGI script, or content management system where post was first edited using word processor. Given the impact these to published online, consumer information may want understand what those impacts were. For example, understanding from text copied and pasted make post, if script updated with latest security patches, all influence confidence on content. Capturing exposing this provenance thus important ascertaining trust online Furthermore, providers internet wish have access same for debugging audit purposes. following rigid structure (such as databases workflows), disclosed systems been developed efficiently accurately capture data. However, capturing unstructured processes, user-interactive computing used produce content, remains problem be tackled.In article, we address processes. Our approach, called PROV2R (PROVenance Record Replay) composed two parts: (a) decoupling analysis its capture; (b) high-fidelity unmodified programs. We techniques originating in reverse engineering communities, namely, record replay taint tracking. Taint tracking fundamentally addresses data but impractical apply at runtime due extremely high overhead. With number case studies, demonstrate enables capture, while keeping overhead manageable levels. In addition, show how captured can represented W3C PROV model exposure Web.
acm.org
narcis.nl参考文章(65)
Josh Hodosh, Brendan F. Dolan-Gavitt, Tim Leek, Patrick Hulin, Ryan Whelan, Repeatable Reverse Engineering for the Greater Good with PANDA Department of Computer Science, Columbia University. ,(2014) , 10.7916/D8WM1C1P
Heng Yin, Dawn Song, TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution ,(2010)
Ashish Gehani, Dawood Tariq, SPADE: support for provenance auditing in distributed environments international middleware conference. pp. 101- 120 ,(2012) , 10.1007/978-3-642-35170-9_6
Andrei Bacs, Remco Vermeulen, Asia Slowinska, Herbert Bos, System-Level support for intrusion recovery international conference on detection of intrusions and malware and vulnerability assessment. pp. 144- 163 ,(2012) , 10.1007/978-3-642-37300-8_9
Luc Moreau, Paul Groth, PROV-Overview. An Overview of the PROV Family of Documents World Wide Web Consortium. ,(2013)
Adam Bates, Dave Tian, Kevin R. B. Butler, Thomas Moyer, Trustworthy whole-system provenance for the Linux kernel usenix security symposium. pp. 319- 334 ,(2015)
Michael D. Ernst, Stephen McCamant, Quantitative Information-Flow Tracking for C and Related Languages ,(2006)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Tal Garfinkel, Peter M. Chen, Jim Chow, Decoupling dynamic program analysis from execution in virtual environments usenix annual technical conference. pp. 1- 14 ,(2008)
Eleni Gessiou, Vasilis Pappas, Elias Athanasopoulos, Angelos D. Keromytis, Sotiris Ioannidis, Towards a Universal Data Provenance Framework Using Dynamic Instrumentation information security conference. pp. 103- 114 ,(2012) , 10.1007/978-3-642-30436-1_9