Leveraging Data Provenance to Enhance Cyber Resilience

Thomas Moyer, Patrick Cable, Karishma Chada, Robert Cunningham, Nabil Schear, Warren Smith, Adam Bates, Kevin Butler, Frank Capobianco, and Trent Jaeger..
1st IEEE Cybersecurity Development Conference (SecDev'16).
Boston, MA, USA. November 4, 2016.
(acceptance rate=38.6%)
Available Media


Building secure systems used to mean ensuring a secure perimeter, but that is no longer the case. Today’s systems are ill-equipped to deal with attackers that are able to pierce perimeter defenses. Data provenance is a critical technology in building resilient systems that will allow systems to recover from attackers that manage to overcome the “hard-shell” defenses. In this paper, we provide background information on data provenance, details on provenance collection, analysis, and storage techniques and challenges. Data provenance is situated to address the challenging problem of allowing a system to “fight-through” an attack, and we help to identify necessary work to ensure that future systems are resilient.