Secure Network Provenance

pdf

This poster will present secure network provenance (SNP), a novel capability that enables networked systems to explain to their operators why they are in a certain state – e.g., why a suspicious routing table entry is present on a certain router, or where a given cache entry originated. SNP provides network forensics capabilities by permitting operators to track down faulty or misbehaving nodes, and to assess the damage such nodes may have caused to the rest of the system. SNP is designed for adversarial settings and is robust to manipulation; its tamper‐evident properties ensure that operators can detect when compromised nodes lie or falsely implicate correct nodes.

The poster will highlight some of our recent progress including the DTaP time‐aware provenance model, the PVR approach to privacy‐preserving forensics, and SNooPy, a general‐purpose SNP system we have used with applications like BGP interdomain routing, a distributed hashtable, and Hadoop MapReduce.

Award ID: 1065130

  • Forensics
  • Georgetown University
  • insider attacks
  • privacy
  • security
  • University of Pennsylvania
  • 1065130
  • SaTC PI Meeting 2012
  • Poster
  • Academia
  • SaTC Posters
Submitted by Anonymous on Tue, 12/11/2012 - 19:44