Joud Khoury, Timothy Upthegrove, Armando Caro, Brett Benyo, and Derrick Kong, Raytheon BBN Technologies
We present a common data model for representing causal events across a wide range of platforms and granularities. The model was developed for attack provenance analysis under the DARPA Transparent Computing program. The unified model successfully expresses data provenance across a range of granularities (e.g., object or byte level) and platforms (e.g., Linux and Android, BSD, and Windows). This paper describes our experience developing the common data model, the lessons learned, and performance results in controlled lab experiments.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Joud Khoury and Timothy Upthegrove and Armando Caro and Brett Benyo and Derrick Kong},
title = {An Event-based Data Model for Granular Information Flow Tracking},
booktitle = {12th International Workshop on Theory and Practice of Provenance (TaPP 2020)},
year = {2020},
url = {https://www.usenix.org/conference/tapp2020/presentation/khoury},
publisher = {USENIX Association},
month = jun
}
