Efficient Tracking, Logging, and Blocking of Accesses to Digital Objects
Abstract
In this project, the performer moved the field of digital provenance forward by designing and implementing techniques for following the chain of custody of data in a virtualized environment. Specifically, the goals were to provide an approach for tracking accesses to objects that originate from disk, and capture subsequent accesses to these objects in memory. To that end, one key capability provided is an accurate, and efficient, tracking and reconstruction mechanism for collating and storing events collected at different levels of abstraction. The effort also provided a rich interface for managing and mining the captured information, thereby providing deeper insights into what transpired after a compromise has been detected (e.g., a suspicious transfer of data to an external device or modification of files). Additionally, capabilities to not only record, but to also deny unauthorized accesses or transfer of data from objects within a protected data store (e.g., a disk partition) for which provenance tracking has been enabled.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2015
- Accession Number
- ADA624449
Entities
People
- Charles Schmitt
- Fabian Monrose
- Michael Bailey
Organizations
- University of North Carolina at Chapel Hill