research-article

PROV_2R: Practical Provenance Analysis of Unstructured Processes

Authors:

Manolis Stamatogiannakis,

Elias Athanasopoulos,

Herbert Bos,

Paul GrothAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 17, Issue 4

Article No.: 37, Pages 1 - 24

https://doi.org/10.1145/3062176

Published: 18 August 2017 Publication History

Get Access

Abstract

Information produced by Internet applications is inherently a result of processes that are executed locally. Think of a web server that makes use of a CGI script, or a content management system where a post was first edited using a word processor. Given the impact of these processes to the content published online, a consumer of that information may want to understand what those impacts were. For example, understanding from where text was copied and pasted to make a post, or if the CGI script was updated with the latest security patches, may all influence the confidence on the published content. Capturing and exposing this information provenance is thus important to ascertaining trust to online content. Furthermore, providers of internet applications may wish to have access to the same information for debugging or audit purposes. For processes following a rigid structure (such as databases or workflows), disclosed provenance systems have been developed that efficiently and accurately capture the provenance of the produced data. However, accurately capturing provenance from unstructured processes, for example, user-interactive computing used to produce web content, remains a problem to be tackled.

In this article, we address the problem of capturing and exposing provenance from unstructured processes. Our approach, called PROV_2R (PROVenance Record and Replay) is composed of two parts: (a) the decoupling of provenance analysis from its capture; and (b) the capture of high-fidelity provenance from unmodified programs. We use techniques originating in the security and reverse engineering communities, namely, record and replay and taint tracking. Taint tracking fundamentally addresses the data provenance problem but is impractical to apply at runtime due to extremely high overhead. With a number of case studies, we demonstrate that PROV_2R enables the use of taint analysis for high-fidelity provenance capture, while keeping the runtime overhead at manageable levels. In addition, we show how captured information can be represented using the W3C PROV provenance model for exposure on the Web.

References

[1]

Andrei Bacs, Remco Vermeulen, Asia Slowinska, and Herbert Bos. 2012. System-level support for intrusion recovery. In Proceedings of DIMVA’12.

Abstract

References

Cited By

Index Terms

Recommendations

An Ecore Metamodel for the W3C PROV Provenance Data Model

Looking Inside the Black-Box: Capturing Data Provenance Using Dynamic Instrumentation

A survey on provenance: What for? What form? What from?

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations