More Web Proxy on the site http://driver.im/

Article

Take only what you need: leveraging mandatory access control policy to reduce provenance storage costs

Authors:

Kevin R. B. Butler,

Thomas MoyerAuthors Info & Claims

TaPP'15: Proceedings of the 7th USENIX Conference on Theory and Practice of Provenance

Page 7

Published: 08 July 2015 Publication History

Abstract

When performing automatic provenance collection within the operating system, inevitable storage overheads are made worse by the fact that much of the generated lineage is uninteresting, describing noise and background activities that lie outside the scope the system's intended use. In this work, we propose a novel approach to policy-based provenance pruning - leverage the confinement properties provided by Mandatory Access Control (MAC) systems in order to identify subdomains of system activity for which to collect provenance. We consider the assurances of completeness that such a system could provide by sketching algorithms that reconcile provenance graphs with the information flows permitted by the MAC policy. We go on to identify the design challenges in implementing such a mechanism. In a simplified experiment, we demonstrate that adding a policy component to the Hi-Fi provenance monitor could reduce storage overhead by as much as 82%. To our knowledge, this is the first practical policy-based provenance monitor to be proposed in the literature.

References

[1]

J. P. Anderson. Computer security technology planning study. Technical Report ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA, Oct. 1972.

[2]

A. Bates, D. Tian, K. R. Butler, and T. Moyer. Trustworthy Whole-System Provenance for the Linux Kernel. In Proceedings of 24th USENIX Security Symposium on USENIX Security Symposium, Aug. 2015.

[3]

U. Braun, S. L. Garfinkel, D. A. Holland, K.-K. Muniswamy-Reddy, and M. I. Seltzer. Issues in Automatic Provenance Collection. In L. Moreau and I. T. Foster, editors, International Provenance and Annotation Workshop, volume 4145 of Lecture Notes in Computer Science, pages 171-183. Springer, 2006.

Digital Library

[4]

L. Carata, S. Akoush, N. Balakrishnan, T. Bytheway, R. Sohan, M. Seltzer, and A. Hopper. A primer on provenance. Commun. ACM, 57(5):52-60, May 2014.

Digital Library

[5]

J. Edge. Another LSM stacking approach. https://lwn.net/Articles/518345/, Oct. 2012.

[6]

A. Gehani and U. Lindqvist. Bonsai: Balanced Lineage Authentication. In Proceedings of the 23rd Annual Computer Security Applications Conference, ACSAC'07, Dec 2007.

[7]

A. Gehani and D. Tariq. SPADE: Support for Provenance Auditing in Distributed Environments. In Proceedings of the 13th International Middleware Conference, Middleware '12, Dec 2012.

Digital Library

[8]

B. Hicks, S. Rueda, L. St. Clair, T. Jaeger, and P. McDaniel. A Logical Specification and Analysis for SELinux MLS Policy. ACM Trans. Inf. Syst. Secur., 13(3):26:1-26:31, July 2010.

Digital Library

[9]

S. N. Jones, C. R. Strong, D. D. E. Long, and E. L. Miller. Tracking Emigrant Data via Transient Provenance. In 3rd Workshop on the Theory and Practice of Provenance, TAPP'11, June 2011.

[10]

J. Leskovec and R. Sosič. SNAP: A general purpose network analysis and graph mining library in C++. http://snap.stanford.edu/snap, June 2014.

[11]

J. Lyle and A. Martin. Trusted Computing and Provenance: Better Together. In 2nd Workshop on the Theory and Practice of Provenance, TaPP'10, Feb. 2010.

Digital Library

[12]

P. McDaniel, K. Butler, S. McLaughlin, R. Sion, E. Zadok, and M. Winslett. Towards a Secure and Efficient System for End-to-End Provenance. In Proceedings of the 2nd conference on Theory and practice of provenance, San Jose, CA, USA, Feb. 2010. USENIX Association.

Digital Library

[13]

K.-K. Muniswamy-Reddy, U. Braun, D. A. Holland, P. Macko, D. Maclean, D. Margo, M. Seltzer, and R. Smogor. Layering in Provenance Systems. In Proceedings of the 2009 Conference on USENIX Annual Technical Conference, ATC'09, June 2009.

Digital Library

[14]

K.-K. Muniswamy-Reddy, D. A. Holland, U. Braun, and M. Seltzer. Provenance-aware Storage Systems. In Proceedings of the Annual Conference on USENIX '06 Annual Technical Conference, Proceedings of the 2006 Conference on USENIX Annual Technical Conference, June 2006.

Digital Library

[15]

D. Pohly, S. McLaughlin, P. McDaniel, and K. Butler. Hi-Fi: Collecting High-Fidelity Whole-System Provenance. In Proceedings of the 28th Annual Comptuer Security Applications Conference, ACSAC'12, Orlando, FL, USA, 2012.

Digital Library

[16]

H. Vijayakumar, G. Jakka, S. Rueda, J. Schiffman, and T. Jaeger. Integrity Walls: Finding Attack Surfaces from Mandatory Access Control Policies. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS '12, pages 75-76, New York, NY, USA, 2012. ACM.

Digital Library

[17]

C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux security modules: General security support for the linux kernel. In USENIX Security Symposium, pages 17-31, 2002.

Digital Library

[18]

Y. Xie, D. Feng, Z. Tan, L. Chen, K.-K. Muniswamy-Reddy, Y. Li, and D. D. Long. A Hybrid Approach for Efficient Provenance Storage. In Proceedings of the 21st ACM International Conference on Information and Knowledge Management, CIKM '12, 2012.

Digital Library

[19]

Y. Xie, K.-K. Muniswamy-Reddy, D. Feng, Y. Li, and D. D. E. Long. Evaluation of a Hybrid Approach for Efficient Provenance Storage. Trans. Storage, 9(4):14:1-14:29, Nov. 2013.

Digital Library

[20]

Y. Xie, K.-K. Muniswamy-Reddy, D. D. E. Long, A. Amer, D. Feng, and Z. Tan. Compressing Provenance Graphs. In 3rd Workshop on the Theory and Practice of Provenance, TAPP'11, June 2011.

Cited By

Pasquier TEyers DBacon J(2019)Personal data and the internet of thingsCommunications of the ACM10.1145/332293362:6(32-34)Online publication date: 21-May-2019
https://dl.acm.org/doi/10.1145/3322933
Mohan SAsplund MBloom GSadeghi AIbrahim ASalajageh NGriffioen PSinopoli BBrandenburg BSankaranarayanan S(2018)The future of IoT securityProceedings of the International Conference on Embedded Software10.5555/3283535.3283551(1-7)Online publication date: 30-Sep-2018
https://dl.acm.org/doi/10.5555/3283535.3283551
Pasquier THan XMoyer TBates AHermant OEyers DBacon JSeltzer MLie DMannan MBackes MWang X(2018)Runtime Analysis of Whole-System ProvenanceProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243776(1601-1616)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243776
Show More Cited By

Take only what you need: leveraging mandatory access control policy to reduce provenance storage costs
1. Security and privacy
  1. Systems security

Recommendations

HELP! I need to install/reinstall Microsoft Windows 10: Yes, beginners can do it too
Grumble to Policy Need: Deriving Public Policy Needs from Daily Life on Social Media Platform
DIS '18: Proceedings of the 2018 Designing Interactive Systems Conference

This research explored ways of utilizing social media to engage non-activist users in public policy development using a design intervention. The intervention was designed to enable the users to derive policy needs from their daily life contents. We ...
On the Need for Negotiation in Policy-based Interaction with Autonomic Computing Systems
ICAC '05: Proceedings of the Second International Conference on Automatic Computing

Large organizations develop guidelines, processes, and tools to help them implement and manage IT. In many cases, these encode policies, the central means of control for Autonomic Computing systems. Policies consist of goals, scope, constraints, and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

TaPP'15: Proceedings of the 7th USENIX Conference on Theory and Practice of Provenance

July 2015

14 pages

Program Chairs:
Paolo Missier
Newcastle University
,
Jun Zhao
Lancaster University

Publisher

USENIX Association

United States

Publication History

Published: 08 July 2015

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 10 of 17 submissions, 59%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pasquier TEyers DBacon J(2019)Personal data and the internet of thingsCommunications of the ACM10.1145/332293362:6(32-34)Online publication date: 21-May-2019
https://dl.acm.org/doi/10.1145/3322933
Mohan SAsplund MBloom GSadeghi AIbrahim ASalajageh NGriffioen PSinopoli BBrandenburg BSankaranarayanan S(2018)The future of IoT securityProceedings of the International Conference on Embedded Software10.5555/3283535.3283551(1-7)Online publication date: 30-Sep-2018
https://dl.acm.org/doi/10.5555/3283535.3283551
Pasquier THan XMoyer TBates AHermant OEyers DBacon JSeltzer MLie DMannan MBackes MWang X(2018)Runtime Analysis of Whole-System ProvenanceProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243776(1601-1616)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243776
Pasquier TSingh JPowles JEyers DSeltzer MBacon J(2018)Data provenance to audit compliance with privacy policy in the Internet of ThingsPersonal and Ubiquitous Computing10.1007/s00779-017-1067-422:2(333-344)Online publication date: 1-Apr-2018
https://dl.acm.org/doi/10.1007/s00779-017-1067-4
Bates ATian DHernandez GMoyer TButler KJaeger T(2017)Taming the Costs of Trustworthy Provenance through Policy ReductionACM Transactions on Internet Technology10.1145/306218017:4(1-21)Online publication date: 9-Sep-2017
https://dl.acm.org/doi/10.1145/3062180

View Options

View options

Media

Figures

Other

Tables

View Table of Contents