Abstract

Whole-system provenance is the record of flows of information between kernel objects (e.g., files, task, sockets etc.). This information is represented as a directed acyclic graph that can be analysed to extract information about the execution of the system. Building on the DARPA transparent computing programme a number of research groups have explored means to develop provenance-based intrusion detection systems. In this talk, we will discuss how provenance can be captured and analysed to achieve such an objective.

Bio

Dr Thomas Pasquier is a Lecturer (Assistant Professor) at the University of Bristol in the Department of Computer Science and affiliated with the Cybersecurity Research Group. He is a member of the Microsoft Cloud Computing Research Centre where they explore research topics at the intersection of Computer Science and Law. Before joining the University of Bristol, he held fellowships at Harvard University and the University of Cambridge. Dr Pasquier obtained his PhD under the supervision of Prof. Jean Bacon in 2016 at the University of Cambridge. His primary research focus is the development of more transparent computer systems; his research includes topics such as whole-system provenance, computational experiments reproducibility, intrusion detection, privacy and compliance.