Kumar, VimalCorrick, Tristan James Carlile2021-05-052021-05-052021Corrick, T. J. C. (2021). Progger 3: A low-overhead, tamper-proof provenance system (Thesis, Master of Cyber Security (MCS)). The University of Waikato, Hamilton, New Zealand. Retrieved from https://hdl.handle.net/10289/14280https://hdl.handle.net/10289/14280Data provenance, which describes how data is accessed and used since the time it is created, is a valuable resource with a wide range of uses. It can be used simply to know who has accessed one's data, or be used in more complex scenarios such as detecting malware. One method for collecting data provenance is to observe system calls. This thesis presents Progger 3, a system that observes system calls on Linux in order to collect data provenance. There are several existing provenance systems that observe system calls, but they have limitations regarding security, efficiency, and usability. Progger 3 remedies many of these limitations. As a result, Progger 3 is a working implementation of a provenance system that can observe any system call, guarantee tamper-proof provenance collection as long as the kernel on the client is not compromised, and transfer the provenance to other systems with confidentiality and integrity, all with a relatively low performance overhead.application/pdfenAll items in Research Commons are provided for private study and research purposes and are protected by copyright with all rights reserved unless otherwise indicated.ProggerLinuxTPMProvenanceSecurityKernelCryptographySystem callTracingComputer securityComputer networks -- Security measuresLinux device drivers (Computer programs)Operating systems (Computers)Malware (Computer software) -- PreventionElectronic data processing -- Security measuresData protectionComputer viruses -- PreventionComputers -- Access controlKernel functionsComputer network protocolsThesis2021-04-28