TWC TTP: Small: Mitigating Insider Attacks in Provenance Systems

TWC TTP：小：减轻起源系统中的内部攻击

• 批准号: 1318955
• 负责人: Christian Collberg
• 金额: $ 49.61万
• 依托单位: University of Arizona
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-10-01 至 2017-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1318955&HistoricalAwards=false
• 关键词: TWC; TTP; Small; Mitigating; Insider

The digital provenance of a digital object gives a history of its life cycle including its creation, update, and access. It thus provides meta-level information about the sequence of events that lead up to the current version of the object, as well as its chain of custody. Such provenance information can be used for a variety of purposes, such as identifying the origins of a document, assessing the quality or reliability of data, and detecting undesirable actions such as forgery or unauthorized alteration of data. However, all of these practical uses of provenance information presuppose that the provenance system is secure, i.e. that provenance data is collected, processed, and stored in a manner that ensures its confidentiality and integrity. Without such guarantees, users can get an incorrect impression of document authenticity, potentially with significant real-world consequences.This project investigates the design of secure provenance collection systems where the collected meta-data can be relied upon even in light of realistic insider attack models. Security, however, is not sufficient; a practical system must also be efficient even when large amounts of fine-grained provenance data needs to be stored and processed. The project is aimed at addressing both issues through the following three objectives. (1) Techniques for continuously updatable software tamperproofing to ensure the integrity of the system itself. (2) Techniques for robust, continuous marking, collusion-free, text fingerprinting to mitigate document leakage. (3) Techniques for anonymous storage on untrusted storage servers to allow for efficient storage and access of fine-grained provenance data.

数字对象的数字出处给出了其生命周期的历史，包括其创建，更新和访问。因此，它提供了有关导致对象当前版本的事件序列及其监管链的元级别信息。这种来源信息可以用于各种目的，例如识别文档的来源，评估数据的质量或可靠性，以及检测不期望的行为，例如伪造或未经授权的更改数据。然而，来源信息的所有这些实际用途的前提是来源系统是安全的，即来源数据的收集、处理和存储方式确保其机密性和完整性。如果没有这样的保证，用户可以得到一个不正确的印象，文件的真实性，潜在的重大real-world consequences.本项目调查的安全来源收集系统的设计，收集的元数据可以依赖于即使在现实的内幕攻击模型。然而，安全性是不够的;一个实用的系统还必须是高效的，即使需要存储和处理大量细粒度的起源数据。该项目旨在通过以下三个目标解决这两个问题。(1)可持续更新的软件防篡改技术，以确保系统本身的完整性。(2)用于鲁棒、连续标记、无共谋、文本指纹识别的技术，以减少文档泄漏。(3)在不受信任的存储服务器上进行匿名存储的技术，可以高效地存储和访问细粒度的出处数据。