CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Using process labels to obtain forensic and traceback information

Florian Buchholz - Purdue University

Mar 02, 2005

Size: 220.4MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


Much of the research in computer security, especially in digital
forensics and intrusion detection, is concerned with retrieving and
analyzing the information that is present on a system. In my talk I
will analyze what kind of information is actually desired by a
forensic investigator and examine if these needs can be fulfilled by
today's operating systems. Some of the desired information is
currently not present in many systems and I will make suggestions on
how to supply more relevant audit data on a system and increase its

The second part of my talk will focus on two particular difficult
categories of information that a forensic investigator might desire:
user influence and origin information. I will present a model that
allows a system to bind arbitrary information in the form of labels to
its principals and then propagate the labels as information is
exchanged among them. I will demonstrate the usefulness of the model
with various case studies and discuss a proof-of-concept
implementation. While my work is motivated and aimed primarily at
digital forensic investigations, it has applications in other areas of
computer science, in particular network traceback, intrusion
detection, and access control.

About the Speaker

Florian Buchholz is a graduate student in the department of Computer
Sciences at Purdue University. He holds a Diplom in Informatics from
the Technische Universitaet Braunschweig, Germany and a Masters degree
in computer science from Purdue University. He is currently working on
his Ph.D. with Professor Spafford at CERIAS and plans to receive the
degree in May 2005. His main research interests lie in Digital
Forensics as well as system and network security.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.