DocumentCode
3303679
Title
Information Flow Monitoring: Model, Policy, and Analysis
Author
Lempereur, Brett ; Merabti, Madjid ; Shi, Qi
Author_Institution
Sch. of Comput. & Math. Sci., Liverpool John Moores Univ., Liverpool, UK
fYear
2011
fDate
6-8 Dec. 2011
Firstpage
227
Lastpage
232
Abstract
Live digital forensic techniques that capture a snapshot of operational state at the time of seizure are helpful, but only provide information about the current state. Attempting to audit every interaction on a system will yield records that are difficult to even store, with a low ratio of useful information to noise. In this paper we propose a distributed trace based monitoring platform that applies a user-specified policy to isolate interesting sequences of actions that may potentially involve multiple processes, files, and span network connections. The primary contribution of this paper is an efficient method for composing and monitoring system behaviour at runtime both within and between hosts. Through experimentation, we show that our system accurately identifies policy violations, and that we can place reasonable bounds on its operational complexity.
Keywords
computer forensics; data flow analysis; system monitoring; distributed trace based monitoring; information flow monitoring; interesting action sequence isolation; live digital forensic technique; network connection; operational complexity; policy violation; runtime system behaviour composition; runtime system behaviour monitoring; system interaction auditing; user-specified policy; Automata; Complexity theory; Computers; Digital forensics; Monitoring; Security; digital forensics; execution monitor; system monitoring;
fLanguage
English
Publisher
ieee
Conference_Titel
Developments in E-systems Engineering (DeSE), 2011
Conference_Location
Dubai
Print_ISBN
978-1-4577-2186-1
Type
conf
DOI
10.1109/DeSE.2011.108
Filename
6149944
Link To Document