Information Flow Monitoring: Model, Policy, and Analysis

Information Flow Monitoring: Model, Policy, and Analysis

Live digital forensic techniques that capture a snapshot of operational state at the time of seizure are helpful, but only provide information about the current state. Attempting to audit every interaction on a system will yield records that are difficult to even store, with a low ratio of useful in...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Lempereur, B., Merabti, M., Qi Shi
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Automata
Complexity theory
Computers
Digital forensics
execution monitor
Monitoring
Security
system monitoring
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Live digital forensic techniques that capture a snapshot of operational state at the time of seizure are helpful, but only provide information about the current state. Attempting to audit every interaction on a system will yield records that are difficult to even store, with a low ratio of useful information to noise. In this paper we propose a distributed trace based monitoring platform that applies a user-specified policy to isolate interesting sequences of actions that may potentially involve multiple processes, files, and span network connections. The primary contribution of this paper is an efficient method for composing and monitoring system behaviour at runtime both within and between hosts. Through experimentation, we show that our system accurately identifies policy violations, and that we can place reasonable bounds on its operational complexity.
DOI:10.1109/DeSE.2011.108