CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University
Center for Education and Research in Information Assurance and Security

Practical Automatic Determination of Causal Relationships in Software Execution Traces

Download

Download PDF Document
PDF

Author

Sundararaman Jeyaraman

Tech report number

CERIAS TR 2011-24

Entry type

phdthesis

Abstract

From the system investigator who needs to analyze an intrusion (“how did the intruder break in?”), to the forensic expert who needs to investigate digital crimes (“did the suspect commit the crime?”), security experts frequently have to answer questions about the cause-effect relationships between the various events that occur in a computer system. The implications of using causality determination techniques with a low accuracy vary from slowing down incident response to undermining the evidence unearthed by forensic experts. This dissertation presents research done in two areas: (1) We present an empirical study evaluating the accuracy and performance overhead of existing causality determination techniques. Our study shows that existing causality determination techniques are either accurate or efficient, but seldom both. (2) We propose a novel approach to causality determination based on coarse-grained observation of control-flow of program execution. Our evaluation shows that our approach is both practical in terms of low runtime overhead and accurate in terms of low false positives and false negatives.

Download

PDF

Date

2011 – 12 – 1

Key alpha

Jeyaraman

Publication Date

2011-12-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.