| Summary: | Provenance is defined as the origin or the earliest known history of a thing. In the
aspect of data provenance, it defines the origin of a data and how it was created,
and actions performed on the data. These data could be used for forensics and
security. This project aims to capture whole system provenance to detect any
intrusion. There are multiple systems to capture the provenance such as Provenance
Aware Storage System(PASS), Hi-Fi, Linux Provenance Module (LPM), CamFlow.
This project focuses on setting up CamFlow, a whole-system provenance capture
mechanism. The data captured from various intrusion scenarios using the CamFlow
system would be streamed to Flurry. Flurry is a web server based; end-to-end data
pipeline connected to CamFlow to generate provenance graphs. This project shows
how CamFlow, and Flurry can be integrated to analyse for any intrusion in systems.
|
|---|