Distributed systems have rapidly evolved, from simple client/server applications in local area networks, to Internet-scale peer-to-peer networks and large-scale cloud platforms deployed on thousands of nodes across multiple administrative domains and geographical areas. Despite of the growing popularity and interests, designing and deploying distributed systems remain challenging, due to their ever-increasing scales and the complexity and unpredictability of the system executions.

Operators of distributed systems often find themselves needing to answer forensic questions, to perform a variety of managerial tasks including fault detection, system debugging, accountability enforcement, and attack analysis. We present NetTrails, a novel provenance-based approach that provides the fundamental functionality required for answering such forensic questions -- the capability to "explain" the existence (or change) of a certain distributed system state at a given time in a potentially adversarial environment.

The NetTrails project makes several contributions, including distributed provenance maintenance and querying, secure provenance support in dynamic and adversarial environments, and a visualization toolkit that allows users to explore and understand provenance in an interactive manner.

Code Release

An initial prototype of NetTrails has been developed using the RapidNet declarative networking system. This release includes support for Network Provenance [NetDB08, SIGMOD10]. Source code is available at download.