GARM: Cross Application Data Provenance and Policy Enforcement
Tech ID: 20900 / UC Case 2009-346-0
Current computing systems typically do not store information about the provenance or origins of the files they contain. More specifically, the information sources used to create the file is also unknown. UCI researchers have developed GARM, a new tool for tracing data provenance and enforcing data access policies with arbitrary binaries.
GARM is a binary-rewriting tool that tracks data provenance and enforces data access policies. Conceptually, GARM combines trusted computing support from the underlying operating system with a stream cipher to ensure that data protected by an access policy cannot be accessed outside of GARM’s policy enforcement mechanisms.
By using a staged analysis that combines a static analysis with a dynamic analysis to trace the provenance of an application’s state and the policies that apply to that state. The implementation monitors the interactions of the application with the underlying operating system to enforce policies.
Unlike previous work, GARM’s data access policies follow the protected data through the modifications and across execution, application and machine boundaries.
Personal data security, digital rights management, secure use of confidential medical information
Ability to enforce data policies across a wide range of applications
State Of Development
Prototype implemented in Valgrind