Integrity Checking and Abnormality Detection of Provenance Records

Sheung Chi Chan, Ashish Gehani, Hassaan Irshad, James Cheney

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Data provenance is a kind of meta-data recording inputs, entities and processes. It provides historical records and origin information of the data. Because of the rich information provided, provenance is increasingly being used as a foundation for security analysis and forensic auditing. For example, system-level provenance can help us trace activities at thelevel of libraries or system calls, which offers great potentialfor detecting subtle malicious activities that can otherwise goundetected. However, most of these security related applica-tions of provenance data require completeness and correctnessof the provenance collection process. This cannot be guar-anteed in some cases because some provenance recordingmodules collect information from some unreliable sources.We present work in progress on provenance graph integritychecking and abnormal component detection using ProvMark,the provenance expressiveness benchmarking tool. We alsodiscuss possible applications of the ProvMark tool in aid ofthe quality checking of provenance data.
Original languageEnglish
Title of host publication2020 International Workshop on Theory and Practice of Provenance
PublisherUSENIX Association
Number of pages6
Publication statusPublished - 21 Jun 2020
Event12th International Workshop on Theory and Practice of Provenance - Virtual workshop
Duration: 22 Jun 202022 Jun 2020
https://www.usenix.org/conference/tapp2020

Workshop

Workshop12th International Workshop on Theory and Practice of Provenance
Abbreviated titleTaPP 2020
CityVirtual workshop
Period22/06/2022/06/20
Internet address

Fingerprint

Dive into the research topics of 'Integrity Checking and Abnormality Detection of Provenance Records'. Together they form a unique fingerprint.

Cite this