(Integrity Justified) Experimental Provenance Patrick McDaniel, - - PowerPoint PPT Presentation

integrity justified experimental provenance
SMART_READER_LITE
LIVE PREVIEW

(Integrity Justified) Experimental Provenance Patrick McDaniel, - - PowerPoint PPT Presentation

Sep 23, 2023 414 likes •487 views

slide-1
SLIDE 1

฀฀฀฀ ฀

  • ฀฀฀฀

฀฀฀฀฀ ฀฀฀฀฀฀

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

(Integrity Justified) Experimental Provenance

Patrick McDaniel, Pennsylvania State University Workshop on GENI and Security Davis, CA -- January 22, 2009

1

slide-2
SLIDE 2

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Provenance

  • A human scale problem:

Data often comes from many sources ... ... is synthesized/influenced by complex/hidden processes ... ... thus, how do you really know what the data means?

  • Data provenance immutably identifies how data came

to be in the state it is.

Who/what contributed to it? What was it based on? When was it generated? Why was it generated? How was it generated?

2

slide-3
SLIDE 3

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Why GENI provenance?

  • Error handling

Detection, isolation, and recovery

  • Source attribution

Forensics, consistency, believability

  • Experimental Reproducability

Extension, instrumentation

  • Data revision

Updates, correction, extension, refinement

  • Evidentiary

Evidence that data is legitimate/legal (certification, verification)

  • Experimental data can only be judged in light of how, when

and where it comes from

3

slide-4
SLIDE 4

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

GENI System Provenance

  • Assessing system provenance is key to understanding

achieving the goals of GENI

What software was a component (slice/aggregate) running? What inputs and configuration were used? What security policy was being enforced?

  • e.g., isolation, data protection, privacy
  • Stated as experimental criteria during the setup/acceptance

Think about sensitive experiments: NCR-esque, proprietary

algoritms, opt-in with personal information

Determines apparatus acceptability of validation

4

GENI adoption requires answers to these questions

slide-5
SLIDE 5

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Integrity Justified Provenance

  • Integrity measurement techniques provide information about

the instantaneous state of a system, but not its data, or over time, or for other computational elements (VMs)

  • What if you could build an aggregate of mutually attesting

components that uses that apparatus to attest to the system state, protection state, data, and environment.

... and tie a proof of that aggregate to experimental results.

  • Building on the shared reference monitor (Shamon)

5 Physical Platform 2

VM/OS

Physical Platform 1

VM/OS App VM Shamon Core Other Application VM App

...

Application VM

...

Shamon Connections

...

Shamon Core Untrusted Services Trusted Services Sys Untrusted Services Trusted Services App VM App Sys Client