Towards a Universal Data Provenance Framework Using Dynamic Instrumentation

The advantage of collecting data provenance information has driven research on how to extend or modify applications and systems in order to provide it, or the creation of architectures that are built from the ground up with provenance capabilities. In this paper we propose a universal data provenance framework, using dynamic instrumentation, which gathers data provenance information for real-world applications without any code modifications. Our framework simplifies the task of finding the right points to instrument, which can be cumbersome in large and complex systems. We have built a proof-of-concept implementation of the framework on top of DTrace. Moreover, we evaluated its functionality by using it for three different scenarios: file-system operations, database transactions and web browser HTTP requests. Based on our experiences we believe that it is possible to provide data provenance, transparently, to any layer of the software stack

Reliably determining data leakage in the presence of strong attackers

We address the problem of determining what data has been leaked from a system after its recovery from a successful attack. This is a forensic process which is relevant to give a better understanding of the impact of a data breach, but more importantly it is becoming mandatory according to the recent developments of data breach notification laws. Existing work in this domain has discussed methods to create digital evidence that could be used to determine data leakage, however most of them fail to secure the evidence against malicious adversaries or use strong assumptions such as trusted hardware. In some limited cases, data can be processed in the encrypted domain which, although being computationally expensive, can ensure that nothing leaks to an attacker, thereby making the leakage determination trivial. Otherwise, victims are left with the only option of considering all data to be leaked. In contrast, our work presents an approach capable of determining the data leakage using a distributed log that securely records all accesses to the data without relying on trusted hardware, and which is not all-or-nothing. We demonstrate our approach to guarantee secure and reliable evidence against even strongest adversaries capable of taking complete control over a machine. For the concrete application of client-server authentication, we show the preciseness of our approach, that it is feasible in practice, and that it can be integrated with existing services. Applied Computer Security Associates (ACSA

Hydraulic conductivity and soil-sewage sludge interactions

One of the main problems faced by humanity is pollution caused by residues resulting from the production and use of goods, e.g, sewage sludge. Among the various alternatives for its disposal, the agricultural use seems promising. The purpose of this study was to evaluate the hydraulic conductivity and interaction of soil with sandy-silty texture, classified as Spodosols, from the Experimental Station Itapirema - IPA, in Goiana, state of Pernambuco, in mixtures with sewage sludge from the Mangueira Sewage Treatment Station, in the city of Recife, Pernambuco at rates of 25, 50 and 75 Mg ha-1. Tests were conducted to let water percolate the natural saturated soil and soil-sludge mixtures to characterize their physical, chemical, and microstructural properties as well as hydraulic conductivity. Statistical data analysis showed that the presence of sewage sludge in soils leads to an increase of the < 0.005 mm fraction, reduction in real specific weight and variation in optimum moisture content from 11.60 to 12.90 % and apparent specific dry weight from 17.10 and 17.50 kN m-3. In the sludge-soil mixture, the quartz grains were covered by sludge and filling of the empty soil macropores between grains. There were changes in the chemical characteristics of soil and effluent due to sewage sludge addition and a small decrease in hydraulic conductivity. The results indicate the possibility that soil acidity influenced the concentrations of the elements found in the leachate, showing higher levels at higher sludge doses. It can be concluded that the leaching degree of potentially toxic elements from the sewage sludge treatments does not harm the environment

PrIMe: a methodology for developing provenance-aware applications

Provenance refers to the past processes that brought about a given (version of an) object, item or entity. By knowing the provenance of data, users can often better understand, trust, reproduce, and validate it. A provenance-aware application has the functionality to answer questions regarding the provenance of the data it produces, by using documentation of past processes. PrIMe is a software engineering technique for adapting application designs to enable them to interact with a provenance middleware layer, thereby making them provenance-aware. In this article, we specify the steps involved in applying PrIMe, analyse its effectiveness, and illustrate its use with two case studies, in bioinformatics and medicine

Design and evaluation of Oasis: An active storage framework based on T10 OSD standard

In this paper, we present the design and performance evaluation of Oasis, an active storage framework for object-based storage systems that complies with the current T10 OSD standard. In contrast with previous work, Oasis has the following advantages. First, Oasis enables users to transparently process the OSD object and supports different processing granularity (from the single object to all the objects in the OSD) by extending the OSD object attribute page defined in the T10 OSD standard. Second, Oasis provides an easy and efficient way for users to manage the application functions in the OSD by using the existing OSD commands. Third, Oasis can authorize the execution of the application function in the OSD by enhancing the T10 OSD security protocol, allowing only authorized users to use the system. We evaluate the performance and scalability of our system implementation on Oasis by running three typical applications. The results indicate that active storage far outperforms the traditional object-based storage system in applications that filter data on the OSD. We also experiment with Java based applications and C based applications. Our experiments indicate that Java based applications may be bottlenecked for I/O-intensive applications, while for applications that do not heavily rely on the I/O operations, both Java based applications and C based applications achieve comparable performance. Our microbenchmarks indicate that Oasis implementation overhead is minimal compared to the Intel OSD reference implementation, between 1.2% to 5.9% for Read commands and 0.6% to 9.9% for Write commands. © 2011 IEEE