Abstract
This paper presents Progger 3, the latest version of the provenance collection tool, Progger. We outline the design goals for Progger 3 and describe in detail how the architecture achieves those goals. In contrast to previous versions of Progger, this version can observe any system call, guarantee tamper-proof provenance collection as long as the kernel on the client is not compromised, and transfer the provenance to other systems with confidentiality and integrity, all with a relatively low performance overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This achieves design goal J.
- 2.
There is a feature of Linux called “kernel TLS”, but that deals with data encryption only; the more complicated handshake is left to user space [5].
- 3.
The only exceptions to this were that Progger 3 warned when running without using the TPM—which is benign when done intentionally during testing—and that some ring buffer overflows occurred, as sometimes the test server didn’t receive the data sent by Progger 3 fast enough, due to data reception and processing being on the same thread in the server.
References
Carata, L., et al.: A primer on provenance. Commun. ACM 57(5), 52–60 (2014). https://doi.org/10.1145/2596628
Corrick, T.: Progger 3: A low-overhead, tamper-proof provenance system. Master’s thesis, The University of Waikato (2021). https://hdl.handle.net/10289/14280
Ko, R.K.L., Will, M.A.: Progger: an efficient, tamper-evident kernel-space logger for cloud data provenance tracking. In: IEEE 7th International Conference on Cloud Computing, pp. 881–889 (2014). https://doi.org/10.1109/CLOUD.2014.121
Torvalds, L., et al.: 64-bit system call numbers and entry vectors. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/entry/syscalls/syscall_64.tbl?h=v5.8.18
Torvalds, L., et al.: Kernel TLS. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/Documentation/networking/tls.rst?h=v5.8.18
Nir, Y., Langley, A.: ChaCha20 and Poly1305 for IETF protocols. RFC 8439 (2018). https://tools.ietf.org/html/rfc8439
Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446 (2018). https://tools.ietf.org/html/rfc8446
Arciszewski, S.: XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305. Technical Report. https://tools.ietf.org/html/draft-irtf-cfrg-xchacha-03
Trusted Computing Group: Trusted Platform Module Library, Family “2.0”, Rev. 01.59. https://trustedcomputinggroup.org/resource/tpm-library-specification/
Acknowledgments
This work was supported by funding from STRATUS (https://stratus.org.nz), a science investment project funded by the New Zealand Ministry of Business, Innovation and Employment (MBIE). The authors would also like to acknowledge support from Prof. Ryan Ko and the team at Firstwatch for providing access to Progger 1 and 2.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Corrick, T., Kumar, V. (2022). Design and Architecture of Progger 3: A Low-Overhead, Tamper-Proof Provenance System. In: Wang, G., Choo, KK.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds) Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science, vol 1557. Springer, Singapore. https://doi.org/10.1007/978-981-19-0468-4_14
Download citation
DOI: https://doi.org/10.1007/978-981-19-0468-4_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-0467-7
Online ISBN: 978-981-19-0468-4
eBook Packages: Computer ScienceComputer Science (R0)