Please enable JavaScript.
Coggle requires JavaScript to display documents.
2017 - PROV2R: Practical Provenance Analysis of Unstructured Processes…
2017 - PROV2R: Practical Provenance Analysis of Unstructured Processes
Information
What is?
Overhead
Processing time required by system software, which includes the operating system and any utility that supports application programs
The decoupling of provenance analysis from its capture
The capture of high fidelity provenance from unmodified programs
Steps
Execution Capture
Capture a self-contained, replayable execution trace
Application of instrumentation
Depending on goal of the analysis, we select an instrumentation plugin to process the execution trace and generate a provenance graph
Provenance analysis
User interrogates the provenance graph using a query language to focus on, and/or select portions of, the graph
Selection and iteration
Based on the provenance analysis, the user can select a portion of the execution trace on which to apply additional, more intensive, instrumentation, the user starts again from stage 2.
PROV2r
PANDA
Plugins
file_taint_sink
Custom plugin
Taint analysis in PANDA previously only had been used by plugins that were analyzing the influence of tainted data to program control flow
Can log taint for multiple files specified at runtime
Keep track of taint count number, how many tainted byte written to the file
file_taint
Used in PROV2R as the taint source for the taint analysis
Dependendcies
taint2
Serves as the core for taint analysis in the PANDA framework
Defines and implements the taint type and the taint propagation policies
Provides an API for other plugins to implement the remaining two components—taint sources and sinks. API is used to apply taint on memory locations and registers, as well as to query for it
Taint2 always propagates taint on direct assignments and arithmetic operations
PROV-Tracer
Implements system events based provenance analysis for PANDA
Collection of loosely coupled analysis modules that can be used for provenance analysis
Modules have been implemented as PANDA plugins
Taint-analysis
Taint type
Encapsulates the semantics tracked for each piece of data
Taint sources
Locations where new taint marks are applied
Taint sinks
Locations where the propagated taint marks are checked or logged
Propagation policies
Define how that taint marks are handled during program execution
Limitation
Imposes extremely high execution overheads
Provenance
Record that describes the people, institutions, entities, and activities involved in producing, influencing, or delivering a piece of data or a thing
Often application is developed without provenance enable considered, provenance is often captured and processed by third party application
Unstructured process
When application includes extension or modification by third party or include input by user intereaction
Goals
Problem
Accurately capturing provenance from unstructured processes is difficult
Information produced by Internet applications is inherently a result of processes that are executed locally
Capturing and exposing this information provenance is thus important in order to ascertaining trust to online content
Furthermore, providers of internet applications may wish to have access to the same information for debugging or audit purposes
Authors
Athanasopoulos E
Stamatogiannakis M
Bos H
Elsevier L
Contribution
A system that combines taint tracking and record and replay for provenance capture