[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Design and Architecture of Progger 3: A Low-Overhead, Tamper-Proof Provenance System

  • Conference paper
  • First Online:
Ubiquitous Security (UbiSec 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1557))

Included in the following conference series:

Abstract

This paper presents Progger 3, the latest version of the provenance collection tool, Progger. We outline the design goals for Progger 3 and describe in detail how the architecture achieves those goals. In contrast to previous versions of Progger, this version can observe any system call, guarantee tamper-proof provenance collection as long as the kernel on the client is not compromised, and transfer the provenance to other systems with confidentiality and integrity, all with a relatively low performance overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 55.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 69.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    This achieves design goal J.

  2. 2.

    There is a feature of Linux called “kernel TLS”, but that deals with data encryption only; the more complicated handshake is left to user space [5].

  3. 3.

    The only exceptions to this were that Progger 3 warned when running without using the TPM—which is benign when done intentionally during testing—and that some ring buffer overflows occurred, as sometimes the test server didn’t receive the data sent by Progger 3 fast enough, due to data reception and processing being on the same thread in the server.

References

  1. Carata, L., et al.: A primer on provenance. Commun. ACM 57(5), 52–60 (2014). https://doi.org/10.1145/2596628

    Article  Google Scholar 

  2. Corrick, T.: Progger 3: A low-overhead, tamper-proof provenance system. Master’s thesis, The University of Waikato (2021). https://hdl.handle.net/10289/14280

  3. Ko, R.K.L., Will, M.A.: Progger: an efficient, tamper-evident kernel-space logger for cloud data provenance tracking. In: IEEE 7th International Conference on Cloud Computing, pp. 881–889 (2014). https://doi.org/10.1109/CLOUD.2014.121

  4. Torvalds, L., et al.: 64-bit system call numbers and entry vectors. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/entry/syscalls/syscall_64.tbl?h=v5.8.18

  5. Torvalds, L., et al.: Kernel TLS. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/Documentation/networking/tls.rst?h=v5.8.18

  6. Nir, Y., Langley, A.: ChaCha20 and Poly1305 for IETF protocols. RFC 8439 (2018). https://tools.ietf.org/html/rfc8439

  7. Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446 (2018). https://tools.ietf.org/html/rfc8446

  8. Arciszewski, S.: XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305. Technical Report. https://tools.ietf.org/html/draft-irtf-cfrg-xchacha-03

  9. Trusted Computing Group: Trusted Platform Module Library, Family “2.0”, Rev. 01.59. https://trustedcomputinggroup.org/resource/tpm-library-specification/

Download references

Acknowledgments

This work was supported by funding from STRATUS (https://stratus.org.nz), a science investment project funded by the New Zealand Ministry of Business, Innovation and Employment (MBIE). The authors would also like to acknowledge support from Prof. Ryan Ko and the team at Firstwatch for providing access to Progger 1 and 2.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Vimal Kumar .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Corrick, T., Kumar, V. (2022). Design and Architecture of Progger 3: A Low-Overhead, Tamper-Proof Provenance System. In: Wang, G., Choo, KK.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds) Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science, vol 1557. Springer, Singapore. https://doi.org/10.1007/978-981-19-0468-4_14

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-0468-4_14

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-0467-7

  • Online ISBN: 978-981-19-0468-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics