insider attacks


Visible to the public Secure Network Provenance

This poster will present secure network provenance (SNP), a novel capability that enables networked systems to explain to their operators why they are in a certain state - e.g., why a suspicious routing table entry is present on a certain router, or where a given cache entry originated. SNP provides network forensics capabilities by permitting operators to track down faulty or misbehaving nodes, and to assess the damage such nodes may have caused to the rest of the system.