Collecting Provenance via the Xen Hypervisor

Peter Macko, Marc Chiarini, Margo Seltzer

Abstract

The Provenance Aware Storage Systems project (PASS) currently collects system-level provenance by intercept- ing system calls in the Linux kernel and storing the provenance in a stackable filesystem. While this ap- proach is reasonably efficient, it suffers from two sig- nificant drawbacks: each new revision of the kernel re- quires reintegration of PASS changes, the stability of which must be continually tested; also, the use of a stack- able filesystem makes it difficult to collect provenance on root volumes, especially during early boot. In this paper we describe an approach to collecting system-level provenance from virtual guest machines running under the Xen hypervisor. We make the case that our approach alleviates the aforementioned difficulties and promotes adoption of provenance collection within cloud comput- ing platforms.
Postscript Slides