Transparent Web Service Auditing via Network Provenance Functions

Adam Bates, Wajih Ul Hassan, Kevin Butler, Alin Dobra, Bradley Reaves, Patrick Cable, Thomas Moyer, and Nabil Schear

Proceedings of the International World Wide Web Conference, 2017

Network provenance functions trace attacks across distributed web service components with application-layer awareness and no software modifications.

Abstract

Detecting and explaining the nature of attacks in distributed web services is often difficult – determining the nature of suspicious activity requires following the trail of an attacker through a chain of heterogeneous software components including load balancers, proxies, worker nodes, and storage services. Unfortunately, existing forensic solutions cannot provide the necessary context to link events across complex workflows, particularly in instances where application layer semantics (e.g., SQL queries, RPCs) are needed to understand the attack. In this work, we present a transparent provenance-based approach for auditing web services through the

Citation (IEEE)

A. Bates, W. U. Hassan, K. Butler, A. Dobra, B. Reaves, P. Cable, T. Moyer, and N. Schear, “Transparent Web Service Auditing via Network Provenance Functions,” in Proceedings of the International World Wide Web Conference, 2017.

BibTeX

@inproceedings{bbd+16,
  author = {Bates, Adam and Hassan, Wajih Ul and Butler, Kevin and Dobra, Alin and {Bradley Reaves} and Cable, Patrick and Moyer, Thomas and Schear, Nabil},
  booktitle = {Proceedings of the International World Wide Web Conference},
  date = {2017-04},
  title = {Transparent Web Service Auditing via Network Provenance Functions},
}