Progger 3: A low-overhead, tamper-proof provenance system
Corrick, T. J. C. (2021). Progger 3: A low-overhead, tamper-proof provenance system (Thesis, Master of Cyber Security (MCS)). The University of Waikato, Hamilton, New Zealand. Retrieved from https://hdl.handle.net/10289/14280
Permanent Research Commons link: https://hdl.handle.net/10289/14280
Data provenance, which describes how data is accessed and used since the time it is created, is a valuable resource with a wide range of uses. It can be used simply to know who has accessed one's data, or be used in more complex scenarios such as detecting malware. One method for collecting data provenance is to observe system calls. This thesis presents Progger 3, a system that observes system calls on Linux in order to collect data provenance. There are several existing provenance systems that observe system calls, but they have limitations regarding security, efficiency, and usability. Progger 3 remedies many of these limitations. As a result, Progger 3 is a working implementation of a provenance system that can observe any system call, guarantee tamper-proof provenance collection as long as the kernel on the client is not compromised, and transfer the provenance to other systems with confidentiality and integrity, all with a relatively low performance overhead.
The University of Waikato
All items in Research Commons are provided for private study and research purposes and are protected by copyright with all rights reserved unless otherwise indicated.
- Masters Degree Theses