Projects per year
Abstract / Description of output
Provenance is increasingly being used as a foundation for security analysis and forensics. System-level provenance can help us trace activities at the level of libraries or system calls, which offers great potential for detecting subtle malicious activities that can otherwise go undetected. However, analysing the raw provenance trace is challenging, due to scale and to differences in data representation among system-level provenance recorders: for example, common queries to identify malicious patterns need to be formulated in different ways on different systems. As a first step toward understanding the similarities and differences among approaches, this paper proposes an expressiveness benchmark consisting of tests intended to capture the provenance of individual system calls. We present work in progress on the benchmark examples for Linux and discuss how they are handled by two different provenance collection tools, SPADE and OPUS.
Original language | English |
---|---|
Title of host publication | 2017 Workshop on Theory and Practice of Provenance (TaPP 2017) |
Number of pages | 6 |
Publication status | Published - 23 Jun 2017 |
Event | 9th USENIX Workshop on the Theory and Practice of Provenance 2017 - Seattle, United States Duration: 22 Jun 2017 → 23 Jun 2017 https://www.usenix.org/conference/tapp2017 |
Conference
Conference | 9th USENIX Workshop on the Theory and Practice of Provenance 2017 |
---|---|
Abbreviated title | TaPP 2017 |
Country/Territory | United States |
City | Seattle |
Period | 22/06/17 → 23/06/17 |
Internet address |
Fingerprint
Dive into the research topics of 'Expressiveness benchmarking for system-level provenance'. Together they form a unique fingerprint.Projects
- 2 Finished