CERIAS Weekly Security Seminar – Purdue University
Florian Buchholz, Using process labels to obtain forensic and traceback information
Much of the research in computer security, especially in digital forensics and intrusion detection, is concerned with retrieving and analyzing the information that is present on a system. In my talk I will analyze what kind of information is actually desired by a forensic investigator and examine if these needs can be fulfilled by today's operating systems. Some of the desired information is currently not present in many systems and I will make suggestions on how to supply more relevant audit data on a system and increase its quality. The second part of my talk will focus on two particular difficult categories of information that a forensic investigator might desire: user influence and origin information. I will present a model that allows a system to bind arbitrary information in the form of labels to its principals and then propagate the labels as information is exchanged among them. I will demonstrate the usefulness of the model with various case studies and discuss a proof-of-concept implementation. While my work is motivated and aimed primarily at digital forensic investigations, it has applications in other areas of computer science, in particular network traceback, intrusion detection, and access control. About the speaker: Florian Buchholz is a graduate student in the department of Computer Sciences at Purdue University. He holds a Diplom in Informatics from the Technische Universitaet Braunschweig, Germany and a Masters degree in computer science from Purdue University. He is currently working on his Ph.D. with Professor Spafford at CERIAS and plans to receive the degree in May 2005. His main research interests lie in Digital Forensics as well as system and network security.
Senaste avsnitt
En liten tjänst av I'm With Friends. Finns även på engelska.