Building a provenance capture mechanism

Building a provenance capture mechanism

Abstract

There is a consensus that understanding data provenance, the origin and history of digital artifacts, is important. Whole-system provenance systems are capture mechanisms aimed at recording all information flows in an operating system. Such systems have been the subject of recent attention from the research security community. However, whole-system provenance as yet to make a significant impact outside of academic circles. In this talk, I will present our work on CamFlow an open-source whole-system provenance implementation for Linux, and briefly introduce ongoing work on provenance-based intrusion detection as an application example. I will discuss the technical barriers to practical whole-system provenance we aimed to overcome, and those left to address.

Date
Location
Cambridge, United Kingdom
Avatar
Thomas Pasquier
Lecturer (Assistant Professor)

My research interests include Digital Provenance, Operating Systems, Distributed Systems, Data Protection and Privacy, Internet of Things and Intrusion Detection.