Stories of devastating data breaches continue to dominate headlines around the world. Equifax, Target, and Office of Personnel Management are just a few examples of high-profile data breaches over the past decade. Despite a panoply of security products and increasing investment in data security, attackers are continually finding new ways to outsmart defenses to gain access to valuable data, indicating that current security approaches are ineffective.
Data provenance describes the detailed history of system execution, allowing us to understand how system objects came to exist in their present state and providing means to identify the root cause of system intrusions. My research leverages provenance analytics to empower system defenders to quickly and effectively detect and investigate malicious behaviors. In this talk, I will first present a provenance-based solution for combatting the “Threat Alert Fatigue” problem that currently plagues enterprise security. Next, I will describe an approach for performing accurate and high-fidelity attack forensics using a novel adaptation of program analysis techniques. I will conclude by discussing the promise of provenance analytics to address open security and auditing problems in complex computing systems and emerging technologies.
Wajih Ul Hassan is a doctoral candidate advised by Professor Adam Bates in the Department of Computer Science at the University of Illinois at Urbana-Champaign. His research focuses on securing complex networked systems by leveraging data provenance approaches and scalable system design. He has collaborated with NEC Labs and Symantec Research Labs to integrate his defensive techniques into commercial security products. He received a Symantec Research Labs Graduate Fellowship, a Young Researcher in Heidelberg Laureate Forum, an RSA Security Scholarship, a Mavis Future Faculty Fellowship, a Sohaib and Sara Abbasi Fellowship, and an ACM SIGSOFT Distinguished Paper Award.