Univernal Provenance Graph Generation for Serverless Application.
How to detect if a microservice is compromised in a serverless application - DisProTrack comes to the rescue - It generates Universal Provenance Graph (UPG) by combining system logs and application logs together for provenance tracking over serverless architecture.
Key Features
- Design of the UPG from application and system logs: DisProTrack's Static analyzer module generates the application-specific Log Message String-Control Flow Graph (LMS-CFG) from the application binaries which provides a profile of the application.
- Runtime Execution Unit identification: DisProTrack has a Linux Loadable Kernel Module (LKM) that can intercept the system calls generated during execution time to identify the semantic relationship between the system logs and the application logs.
- Improved Search Efficacy: Instead of storing the raw log messages in the UPG, we propose conversion and storage of an equivalent regular expression. This method improves the matching accuracy of log messages during the investigation phase and reduces the runtime search complexity by providing a faster response time.
- DisProTrack can be deployed as a microservice on top of the SLC without instrumenting the source code of the applications.
- DisProTrack has a minimal memory footprint (~KB) & responds within 20s-30s.
Contributors
Utkalika Satapathy
IIT Kharagpur, India
Rishabh Thakur
IIT Kharagpur, India
Subhrendu Chattopadhyay
IDRBT Hyderabad, India
Sandip Chakraborty
IIT Kharagpur, India
Teaser Video
Publications
- Utkalika Satapathy, Rishabh Thakur, Subhrendu Chattopadhyay, and Sandip Chakraborty. "Disprotrack: Distributed provenance tracking over serverless applications." In IEEE INFOCOM 2023-IEEE Conference on Computer Communications, pp. 1-10. IEEE, 2023.