DisProTrack: Distributed Provenance Tracking over Serverless Applications
Published in IEEE INFOCOM 2023, 2023
Authors: Utkalika Satapathy, Rishabh Thakur, Subhrendu Chattopadhyay, Sandip Chakraborty
Overview
Universal Provenance Graph Generation for Serverless Application.
How to detect if a microservice is compromised in a serverless application - DisProTrack comes to the rescue - It generates Universal Provenance Graph (UPG) by combining system logs and application logs together for provenance tracking over serverless architecture.
Key Features
Design of the UPG from application and system logs: DisProTrack’s Static analyzer module generates the application-specific Log Message String-Control Flow Graph (LMS-CFG) from the application binaries which provides a profile of the application.
Runtime Execution Unit identification: DisProTrack has a Linux Loadable Kernel Module (LKM) that can intercept the system calls generated during execution time to identify the semantic relationship between the system logs and the application logs.
Improved Search Efficacy: Instead of storing the raw log messages in the UPG, we propose conversion and storage of an equivalent regular expression. This method improves the matching accuracy of log messages during the investigation phase and reduces the runtime search complexity by providing a faster response time.
DisProTrack can be deployed as a microservice on top of the SLC without instrumenting the source code of the applications.
DisProTrack has a minimal memory footprint (~KB) & responds within 20s-30s.
Contributors
- Utkalika Satapathy - IIT Kharagpur, India
- Rishabh Thakur - IIT Kharagpur, India
- Subhrendu Chattopadhyay - IDRBT Hyderabad, India
- Sandip Chakraborty - IIT Kharagpur, India