Shiqing Ma - Purdue University
Students: Spring 2022, unless noted otherwise, sessions will be virtual on Zoom.
MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning
Aug 23, 2017Download: MP4 Video Size: 4KB
Watch on YouTube
AbstractOperating system level auditing is one of the most important forensics techniques. With operating system level audit systems, e.g., the Linux audit system, investigators can generate attack causal graphs by analyzing the causal relationships between the logged events. However, traditional techniques usually generate large and inaccrute causal graphs. This is because applications are not aware of the existence of the OS level audit systems, and can not provide its own context information. To solve this problem, we propose MPI (short for Multiple Perspective attack Investigation), a semantics aware program annotation and instrumentation technique to partition process executions based on the application specific high level task structures. It converts current applications to be provenance-aware, generates execution partitions with rich semantic information and provides multiple perspectives of an attack. We develop a prototype and integrate it with three different provenance systems: the Linux Audit system, ProTracer and the LPM-HiFi system. The evaluation results show that our technique generates simple and accurate attack graphs with rich high-level semantics and has much lower space and time overheads.
About the Speaker
Shiqing Ma is a Ph.D. student from the Department of Computer Science at Purdue University, advised by Dr. Xiangyu Zhang and Dr. Dongyan Xu. His research focuses on system and software security especially data provenance problems. His past works include building low-overhead, cost-effective operating system level provenance systems, and automatically translating normal programs into provenance-aware programs to help assist accurate provenance analysis. He is a recipient of two Distinguished Paper Awards from NDSS 2016 and USENIX Security 2017.