Distributed systems have rapidly evolved, from simple
client/server applications in local area networks, to Internet-scale
peer-to-peer networks and large-scale cloud platforms deployed on
thousands of nodes across multiple administrative domains and
geographical areas. Despite of the growing popularity and interests,
designing and deploying distributed systems remain challenging, due to
their ever-increasing scales and the complexity and unpredictability
of the system executions.
Operators of distributed systems often find themselves needing to answer forensic questions, to perform a variety of managerial tasks including fault detection, system debugging, accountability enforcement, and attack analysis. We present NetTrails, a novel provenance-based approach that provides the fundamental functionality required for answering such forensic questions -- the capability to "explain" the existence (or change) of a certain distributed system state at a given time in a potentially adversarial environment.
The NetTrails project makes several contributions, including distributed provenance maintenance and querying, secure provenance support in dynamic and adversarial environments, and a visualization toolkit that allows users to explore and understand provenance in an interactive manner.