Title:
Tagging and Tracking of Multi-level Host Events for Transparent Computing
Tagging and Tracking of Multi-level Host Events for Transparent Computing
dc.contributor.author | Fazzini, Mattia | |
dc.contributor.corporatename | Georgia Institute of Technology. Institute for Information Security & Privacy | en_US |
dc.contributor.corporatename | Georgia Institute of Technology. College of Computing | en_US |
dc.date.accessioned | 2017-03-13T18:24:08Z | |
dc.date.available | 2017-03-13T18:24:08Z | |
dc.date.issued | 2017-02-24 | |
dc.description | Presented on February 24, 2017 at 12:00 p.m. in t he Klaus Advanced Computing Building, Room 1116W. | en_US |
dc.description | Mattia Fazzini is a Ph.D. student in the School of Computer Science at the Georgia Institute of Technology. His research interests are in the areas of software testing, program analysis, and computer security. | en_US |
dc.description | Runtime: 57:30 minutes | en_US |
dc.description.abstract | Advanced persistent threats (APTs) are characterized by their abilities to render existing security mechanisms ineffective; for example, APT activities can blend in with normal user and program activities to blindside intrusion detection systems. APTs can evade security protection because existing mechanisms lack the sufficient visibility into user, program and operating system activities to ascertain the authenticity of an activity and the provenance of its data. For example, it is not possible for a network intrusion detection system to determine that data sent from an end-host has been modified by a malicious browser extension after a user had entered the data on a web form. On the other hand, if we have full tracking of how data is processed by the browser, intuitively, we can detect such an APT activity. In this talk, I will present THEIA, a system for tagging and tracking of multi-level host events and data for security analysis such as APT detection. THEIA is a system based on full-system record and replay and fine-grained dynamic information-flow analysis. THEIA is able to track data provenance from user input to program internal representation, and to filesystem storage and network output, and likewise, from network or filesystem to program internals, and to user interface. THEIA achieves both high accuracy and high efficiency by recording just the sufficient amount of data at runtime, instead of coupling computation-heavy tag analyses to the system’s execution, and by performing thorough analysis while replaying the recorded events. We evaluated THEIA in the context of the Transparent Computing program and observed that it achieves high accuracy while encountering low runtime overhead. | en_US |
dc.format.extent | 57:30 minutes | |
dc.identifier.uri | http://hdl.handle.net/1853/56510 | |
dc.language.iso | en_US | en_US |
dc.publisher | Georgia Institute of Technology | en_US |
dc.relation.ispartofseries | Cybersecurity Lecture Series | |
dc.subject | Advanced persistent threats | en_US |
dc.subject | Dynamic taint analysis | en_US |
dc.subject | Record and replay | en_US |
dc.title | Tagging and Tracking of Multi-level Host Events for Transparent Computing | en_US |
dc.type | Moving Image | |
dc.type.genre | Lecture | |
dspace.entity.type | Publication | |
local.contributor.corporatename | School of Cybersecurity and Privacy | |
local.contributor.corporatename | College of Computing | |
local.relation.ispartofseries | Institute for Information Security & Privacy Cybersecurity Lecture Series | |
relation.isOrgUnitOfPublication | f6d1765b-8d68-42f4-97a7-fe5e2e2aefdf | |
relation.isOrgUnitOfPublication | c8892b3c-8db6-4b7b-a33a-1b67f7db2021 | |
relation.isSeriesOfPublication | 2b4a3c7a-f972-4a82-aeaa-818747ae18a7 |
Files
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 3.13 KB
- Format:
- Item-specific license agreed upon to submission
- Description: