Usenix WOOT presentations available

” (Sign in to your USENIX account to download these files.)”

https://www.usenix.org/conference/woot17/workshop-program

APT monitoring & analysis …below Ring 0

Applying Provenance in APT Monitoring and Analysis Practical Challenges for Scalable, Efficient and Trustworthy Distributed Provenance
Jenkinson G, Carata L, Bytheway T, Sohan R, Watson RNM, Anderson J, Kidney B, Strnad A, Thomas A, Neville-Neil G

[…] Below Ring 0 – hardware primitives can potentially support provenance capture in a number of ways. Trusted Computing primitives such as Intel SGX (Software Guard Extensions) can be used provide stronger non-repudiation (even in the presence of a compromised OS). And new hardware primitives could directly support provenance capture, for example providing an append only log for use by the kernel to store provenance records prior to sending over a network.[…]

https://www.usenix.org/conference/tapp17/workshop-program/presentation/jenkinson
https://www.usenix.org/system/files/conference/tapp2017/tapp17_paper_jenkinson.pdf
https://www.researchgate.net/publication/317827922_Applying_Provenance_in_APT_Monitoring_and_Analysis_Practical_Challenges_for_Scalable_Efficient_and_Trustworthy_Distributed_Provenance