| Cyber physical systems (CPS) have revolutionized the way humans interact with computing devices by coupling process automation with networked services leading to increased productivity and ease of life. However, privacy and security problems arise as a result of CPS connectivity, heterogeneity, and complexity. One major issue is data trust--how do we ensure that data generated from these devices have not been compromised by malicious actors? Data provenance offers a solution to this question of data trustworthiness by maintaining and tracking dependency and causality among data objects, which can then be used as a tool in detecting malicious attacks.;In this dissertation, we explore the application of data provenance to device security in the CPS ecosystem by way of a provenance collection framework for CPS that uses lightweight software tracing via application instrumentation. Problematic to automatic and thorough provenance collection is the overhead of storing complete historical metadata for all data objects. To address this problem, we investigate the use of data pruning algorithms to discard non-essential provenance metadata from streaming traces prior to their aggregation and conversion to provenance. We evaluate the effectiveness of provenance collection using a provenance anomaly-based intrusion detection system (IDS) in a climate control system and an automotive domain. Additionally, we evaluate the effectiveness of pruning algorithms in the automotive CPS application domain. |
