Prof. Bates at the University of Illinois has developed ωLog, a software application which collects application context through analysis of event logs, and integrates that information into whole-system provenance. Through binary analysis, ωLog determines application logging behavior, associates events at the application level with events at the system level, and based on user queries, generates a concise, semantically-rich, execution-partitioned provenance graph.  

ωLog addresses limitations in overhead costs, with an average of 12% runtime overhead, and does not require instrumentation.  Additionally, ωLog  provides forensically-relevant semantic information that other provenance systems cannot provide. ωLog provides system administrators an unprecedented wealth of information for tracing suspicious activity to the root cause, which is particularly useful in identifying and responding to Advanced Persistent Threats.

Applications

Security Information and Event Management (SIEM), cybersecurity