Title :
Information Flow Monitoring: Model, Policy, and Analysis
Author :
Lempereur, Brett ; Merabti, Madjid ; Shi, Qi
Author_Institution :
Sch. of Comput. & Math. Sci., Liverpool John Moores Univ., Liverpool, UK
Abstract :
Live digital forensic techniques that capture a snapshot of operational state at the time of seizure are helpful, but only provide information about the current state. Attempting to audit every interaction on a system will yield records that are difficult to even store, with a low ratio of useful information to noise. In this paper we propose a distributed trace based monitoring platform that applies a user-specified policy to isolate interesting sequences of actions that may potentially involve multiple processes, files, and span network connections. The primary contribution of this paper is an efficient method for composing and monitoring system behaviour at runtime both within and between hosts. Through experimentation, we show that our system accurately identifies policy violations, and that we can place reasonable bounds on its operational complexity.
Keywords :
computer forensics; data flow analysis; system monitoring; distributed trace based monitoring; information flow monitoring; interesting action sequence isolation; live digital forensic technique; network connection; operational complexity; policy violation; runtime system behaviour composition; runtime system behaviour monitoring; system interaction auditing; user-specified policy; Automata; Complexity theory; Computers; Digital forensics; Monitoring; Security; digital forensics; execution monitor; system monitoring;
Conference_Titel :
Developments in E-systems Engineering (DeSE), 2011
Conference_Location :
Dubai
Print_ISBN :
978-1-4577-2186-1
DOI :
10.1109/DeSE.2011.108
