Florian Buchholz - Purdue University
Mar 02, 2005
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Using process labels to obtain forensic and traceback information"
Much of the research in computer security, especially in digital
forensics and intrusion detection, is concerned with retrieving and
analyzing the information that is present on a system. In my talk I
will analyze what kind of information is actually desired by a
forensic investigator and examine if these needs can be fulfilled by
today's operating systems. Some of the desired information is
currently not present in many systems and I will make suggestions on
how to supply more relevant audit data on a system and increase its
The second part of my talk will focus on two particular difficult
categories of information that a forensic investigator might desire:
user influence and origin information. I will present a model that
allows a system to bind arbitrary information in the form of labels to
its principals and then propagate the labels as information is
exchanged among them. I will demonstrate the usefulness of the model
with various case studies and discuss a proof-of-concept
implementation. While my work is motivated and aimed primarily at
digital forensic investigations, it has applications in other areas of
computer science, in particular network traceback, intrusion
detection, and access control.
About the Speaker
Florian Buchholz is a graduate student in the department of Computer
Sciences at Purdue University. He holds a Diplom in Informatics from
the Technische Universitaet Braunschweig, Germany and a Masters degree
in computer science from Purdue University. He is currently working on
his Ph.D. with Professor Spafford at CERIAS and plans to receive the
degree in May 2005. His main research interests lie in Digital
Forensics as well as system and network security.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...