Tracking Adversarial Behavior in Distributed Systems With Secure Network Provenance

Loading...
Thumbnail Image
Penn collection
Technical Reports (CIS)
Degree type
Discipline
Subject
Funder
Grant number
License
Copyright date
Distributor
Related resources
Author
Zhou, Wenchao
Sherr, Micah
Contributor
Abstract

This paper presents secure network provenance (SNP), a novel technique for tracking down compromised nodes in a distributed system and assessing the damage that they may have caused to other nodes. SNP enables operators to ask the system why it is in a certain state – for example, why a suspicious routing table entry is present on a certain router, or where a given cache entry originated. SNP is robust to manipulation; its tamper-evident properties ensure that operators can detect when compromised nodes lie or falsely implicate correct nodes. Thus, compromised nodes can at worst refuse to participate, making their presence evident to operators. We describe an algorithm for answering SNP queries, as well as a proof-of-concept implementation.

Advisor
Date Range for Data Collection (Start Date)
Date Range for Data Collection (End Date)
Digital Object Identifier
Series name and number
Publication date
2010-01-01
Volume number
Issue number
Publisher
Publisher DOI
Journal Issue
Comments
University of Pennsylvania Department of Computer and Information Science Technical Report No. MS-CIS-10-28.
Recommended citation
Collection