Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Florian Buchholz - Purdue University

"Using process labels to obtain forensic and traceback information"

Mar 02, 2005

Download: Video Icon MP4 Video Size: 220.4MB  
Watch on Youtube Watch on YouTube


Much of the research in computer security, especially in digital
forensics and intrusion detection, is concerned with retrieving and
analyzing the information that is present on a system. In my talk I
will analyze what kind of information is actually desired by a
forensic investigator and examine if these needs can be fulfilled by
today's operating systems. Some of the desired information is
currently not present in many systems and I will make suggestions on
how to supply more relevant audit data on a system and increase its

The second part of my talk will focus on two particular difficult
categories of information that a forensic investigator might desire:
user influence and origin information. I will present a model that
allows a system to bind arbitrary information in the form of labels to
its principals and then propagate the labels as information is
exchanged among them. I will demonstrate the usefulness of the model
with various case studies and discuss a proof-of-concept
implementation. While my work is motivated and aimed primarily at
digital forensic investigations, it has applications in other areas of
computer science, in particular network traceback, intrusion
detection, and access control.

About the Speaker

Florian Buchholz is a graduate student in the department of Computer
Sciences at Purdue University. He holds a Diplom in Informatics from
the Technische Universitaet Braunschweig, Germany and a Masters degree
in computer science from Purdue University. He is currently working on
his Ph.D. with Professor Spafford at CERIAS and plans to receive the
degree in May 2005. His main research interests lie in Digital
Forensics as well as system and network security.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!