SPADE Audit Kafka Unikernel

Dated: 7th of May, 2020

Commit: 1402b80e3fc3edacb4e7afb5ef6c5046877f9231

Following is the list of files required to build a jar to store provenance in Kafka storage with the Audit reporter:

Artifact	License
bin/allowAuditAccess	GPL-3.0
cfg/spade.core.AbstractAnalyzer.config	GPL-3.0
cfg/spade.core.AbstractStorage.config	GPL-3.0
cfg/spade.core.Kernel.config	GPL-3.0
cfg/spade.core.Unikernel.config	GPL-3.0
cfg/spade.reporter.Audit.config	GPL-3.0
cfg/spade.reporter.audit.AuditEventReader.config	GPL-3.0
cfg/spade.reporter.audit.artifact.ArtifactManager.config	GPL-3.0
cfg/spade.reporter.audit.process.ProcessManager.config	GPL-3.0
cfg/spade.storage.Kafka.avsc	GPL-3.0
cfg/spade.storage.Kafka.config	GPL-3.0
cfg/spade.storage.kafka.ServerWriter.config	GPL-3.0
lib/avro-1.8.1.jar	Apache License 2.0
lib/commons-codec-1.10.jar	Apache License 2.0
lib/commons-io-2.6.jar	Apache License 2.0
lib/commons-lang-2.6.jar	Apache License 2.0
lib/guava-16.0.1.jar	Apache License 2.0
lib/jackson-core-asl-1.9.13.jar	Apache License 2.0 or LGPL 2.1
lib/jackson-mapper-asl-1.9.13.jar	Apache License 2.0 or LGPL 2.1
lib/je-7.3.7.jar	Apache License 2.0
lib/kafka-clients-2.5.0.jar	Apache License 2.0
lib/leveldbjni-all-1.8.jar	BSD 3-Clause "New" or "Revised" License
lib/org.json-20120521.jar	MIT License
lib/slf4j-api-1.7.30.jar	MIT License
src/spade/client/QueryMetaData.java	GPL-3.0
src/spade/core/AbstractAnalyzer.java	GPL-3.0
src/spade/core/AbstractEdge.java	GPL-3.0
src/spade/core/AbstractFilter.java	GPL-3.0
src/spade/core/AbstractReporter.java	GPL-3.0
src/spade/core/AbstractSketch.java	GPL-3.0
src/spade/core/AbstractStorage.java	GPL-3.0
src/spade/core/AbstractTransformer.java	GPL-3.0
src/spade/core/AbstractVertex.java	GPL-3.0
src/spade/core/BloomFilter.java	GPL-3.0
src/spade/core/Buffer.java	GPL-3.0
src/spade/core/Edge.java	GPL-3.0
src/spade/core/Graph.java	GPL-3.0
src/spade/core/Kernel.java	GPL-3.0
src/spade/core/MatrixFilter.java	GPL-3.0
src/spade/core/SPADEQuery.java	GPL-3.0
src/spade/core/Settings.java	GPL-3.0
src/spade/core/Unikernel.java	GPL-3.0
src/spade/core/Vertex.java	GPL-3.0
src/spade/edge/opm/Used.java	GPL-3.0
src/spade/edge/opm/WasControlledBy.java	GPL-3.0
src/spade/edge/opm/WasDerivedFrom.java	GPL-3.0
src/spade/edge/opm/WasGeneratedBy.java	GPL-3.0
src/spade/edge/opm/WasTriggeredBy.java	GPL-3.0
src/spade/filter/FinalCommitFilter.java	GPL-3.0
src/spade/query/quickgrail/core/AbstractQueryEnvironment.java	GPL-3.0
src/spade/query/quickgrail/core/GraphDescription.java	GPL-3.0
src/spade/query/quickgrail/core/GraphStats.java	GPL-3.0
src/spade/query/quickgrail/core/Program.java	GPL-3.0
src/spade/query/quickgrail/core/QueriedEdge.java	GPL-3.0
src/spade/query/quickgrail/core/QueryInstructionExecutor.java	GPL-3.0
src/spade/query/quickgrail/core/QuickGrailQueryResolver.java	GPL-3.0
src/spade/query/quickgrail/entities/Entity.java	GPL-3.0
src/spade/query/quickgrail/entities/EntityType.java	GPL-3.0
src/spade/query/quickgrail/entities/Graph.java	GPL-3.0
src/spade/query/quickgrail/entities/GraphMetadata.java	GPL-3.0
src/spade/query/quickgrail/entities/GraphPredicate.java	GPL-3.0
src/spade/query/quickgrail/instruction/CollapseEdge.java	GPL-3.0
src/spade/query/quickgrail/instruction/CreateEmptyGraph.java	GPL-3.0
src/spade/query/quickgrail/instruction/CreateEmptyGraphMetadata.java	GPL-3.0
src/spade/query/quickgrail/instruction/DescribeGraph.java	GPL-3.0
src/spade/query/quickgrail/instruction/DistinctifyGraph.java	GPL-3.0
src/spade/query/quickgrail/instruction/EraseSymbols.java	GPL-3.0
src/spade/query/quickgrail/instruction/EvaluateQuery.java	GPL-3.0
src/spade/query/quickgrail/instruction/ExportGraph.java	GPL-3.0
src/spade/query/quickgrail/instruction/GetAdjacentVertex.java	GPL-3.0
src/spade/query/quickgrail/instruction/GetEdge.java	GPL-3.0
src/spade/query/quickgrail/instruction/GetEdgeEndpoint.java	GPL-3.0
src/spade/query/quickgrail/instruction/GetLineage.java	GPL-3.0
src/spade/query/quickgrail/instruction/GetLink.java	GPL-3.0
src/spade/query/quickgrail/instruction/GetPath.java	GPL-3.0
src/spade/query/quickgrail/instruction/GetShortestPath.java	GPL-3.0
src/spade/query/quickgrail/instruction/GetSubgraph.java	GPL-3.0
src/spade/query/quickgrail/instruction/GetVertex.java	GPL-3.0
src/spade/query/quickgrail/instruction/InsertLiteralEdge.java	GPL-3.0
src/spade/query/quickgrail/instruction/InsertLiteralVertex.java	GPL-3.0
src/spade/query/quickgrail/instruction/Instruction.java	GPL-3.0
src/spade/query/quickgrail/instruction/IntersectGraph.java	GPL-3.0
src/spade/query/quickgrail/instruction/LimitGraph.java	GPL-3.0
src/spade/query/quickgrail/instruction/List.java	GPL-3.0
src/spade/query/quickgrail/instruction/OverwriteGraphMetadata.java	GPL-3.0
src/spade/query/quickgrail/instruction/PrintPredicate.java	GPL-3.0
src/spade/query/quickgrail/instruction/SetGraphMetadata.java	GPL-3.0
src/spade/query/quickgrail/instruction/StatGraph.java	GPL-3.0
src/spade/query/quickgrail/instruction/SubtractGraph.java	GPL-3.0
src/spade/query/quickgrail/instruction/UnionGraph.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseAssignment.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseCommand.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseExpression.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseLiteral.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseName.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseOperation.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseProgram.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseStatement.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseString.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseTreeNode.java	GPL-3.0
src/spade/query/quickgrail/parser/ParseVariable.java	GPL-3.0
src/spade/query/quickgrail/types/Type.java	GPL-3.0
src/spade/query/quickgrail/types/TypeID.java	GPL-3.0
src/spade/query/quickgrail/types/TypedValue.java	GPL-3.0
src/spade/query/quickgrail/utility/QuickGrailPredicateTree.java	GPL-3.0
src/spade/query/quickgrail/utility/ResultTable.java	GPL-3.0
src/spade/query/quickgrail/utility/Schema.java	GPL-3.0
src/spade/query/quickgrail/utility/TreeStringSerializable.java	GPL-3.0
src/spade/query/scaffold/BerkeleyDB.java	GPL-3.0
src/spade/query/scaffold/Scaffold.java	GPL-3.0
src/spade/query/scaffold/ScaffoldFactory.java	GPL-3.0
src/spade/reporter/Audit.java	GPL-3.0
src/spade/reporter/audit/AuditEventReader.java	GPL-3.0
src/spade/reporter/audit/Globals.java	GPL-3.0
src/spade/reporter/audit/LinuxPathResolver.java	GPL-3.0
src/spade/reporter/audit/MalformedAuditDataException.java	GPL-3.0
src/spade/reporter/audit/OPMConstants.java	GPL-3.0
src/spade/reporter/audit/PathRecord.java	GPL-3.0
src/spade/reporter/audit/SYSCALL.java	GPL-3.0
src/spade/reporter/audit/VertexIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/ArtifactConfig.java	GPL-3.0
src/spade/reporter/audit/artifact/ArtifactIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/ArtifactManager.java	GPL-3.0
src/spade/reporter/audit/artifact/ArtifactState.java	GPL-3.0
src/spade/reporter/audit/artifact/BlockDeviceIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/CharacterDeviceIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/DirectoryIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/FdPairIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/FileIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/LinkIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/MemoryIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/NamedPipeIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/NetworkSocketIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/PathIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/UnixSocketIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/UnknownIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/UnnamedNetworkSocketPairIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/UnnamedPipeIdentifier.java	GPL-3.0
src/spade/reporter/audit/artifact/UnnamedUnixSocketPairIdentifier.java	GPL-3.0
src/spade/reporter/audit/kernel-modules/Makefile	GPL-3.0
src/spade/reporter/audit/kernel-modules/globals.h	GPL-3.0
src/spade/reporter/audit/kernel-modules/netio.c	GPL-3.0
src/spade/reporter/audit/kernel-modules/netio_controller.c	GPL-3.0
src/spade/reporter/audit/process/AgentIdentifier.java	GPL-3.0
src/spade/reporter/audit/process/FileDescriptor.java	GPL-3.0
src/spade/reporter/audit/process/NamespaceIdentifier.java	GPL-3.0
src/spade/reporter/audit/process/ProcessIdentifier.java	GPL-3.0
src/spade/reporter/audit/process/ProcessManager.java	GPL-3.0
src/spade/reporter/audit/process/ProcessStateManager.java	GPL-3.0
src/spade/reporter/audit/process/ProcessUnitState.java	GPL-3.0
src/spade/reporter/audit/process/ProcessWithAgentManager.java	GPL-3.0
src/spade/reporter/audit/process/ProcessWithAgentState.java	GPL-3.0
src/spade/reporter/audit/process/ProcessWithoutAgentManager.java	GPL-3.0
src/spade/reporter/audit/process/UnitIdentifier.java	GPL-3.0
src/spade/reporter/spadeAuditBridge.c	GPL-3.0
src/spade/storage/Kafka.java	GPL-3.0
src/spade/storage/kafka/DataWriter.java	GPL-3.0
src/spade/storage/kafka/Edge.java	GPL-3.0
src/spade/storage/kafka/FileWriter.java	GPL-3.0
src/spade/storage/kafka/GraphElement.java	GPL-3.0
src/spade/storage/kafka/JsonFileWriter.java	GPL-3.0
src/spade/storage/kafka/ServerWriter.java	GPL-3.0
src/spade/storage/kafka/Vertex.java	GPL-3.0
src/spade/utility/Converter.java	GPL-3.0
src/spade/utility/DoublyLinkedList.java	GPL-3.0
src/spade/utility/Execute.java	GPL-3.0
src/spade/utility/FileUtility.java	GPL-3.0
src/spade/utility/HelperFunctions.java	GPL-3.0
src/spade/utility/HostInfo.java	GPL-3.0
src/spade/utility/LogManager.java	GPL-3.0
src/spade/utility/Result.java	GPL-3.0
src/spade/utility/Serializable2ByteArrayConverter.java	GPL-3.0
src/spade/utility/Series.java	GPL-3.0
src/spade/utility/map/external/ExternalMap.java	GPL-3.0
src/spade/utility/map/external/ExternalMapArgument.java	GPL-3.0
src/spade/utility/map/external/ExternalMapManager.java	GPL-3.0
src/spade/utility/map/external/ExternalMapTest.java	GPL-3.0
src/spade/utility/map/external/cache/Cache.java	GPL-3.0
src/spade/utility/map/external/cache/CacheArgument.java	GPL-3.0
src/spade/utility/map/external/cache/CacheManager.java	GPL-3.0
src/spade/utility/map/external/cache/CacheName.java	GPL-3.0
src/spade/utility/map/external/cache/CacheProfile.java	GPL-3.0
src/spade/utility/map/external/cache/LRUCache.java	GPL-3.0
src/spade/utility/map/external/cache/LRUCacheArgument.java	GPL-3.0
src/spade/utility/map/external/cache/LRUCacheManager.java	GPL-3.0
src/spade/utility/map/external/cache/ProfiledCache.java	GPL-3.0
src/spade/utility/map/external/screen/BloomFilterArgument.java	GPL-3.0
src/spade/utility/map/external/screen/BloomFilterManager.java	GPL-3.0
src/spade/utility/map/external/screen/BloomFilterScreen.java	GPL-3.0
src/spade/utility/map/external/screen/ProfiledScreen.java	GPL-3.0
src/spade/utility/map/external/screen/Screen.java	GPL-3.0
src/spade/utility/map/external/screen/ScreenArgument.java	GPL-3.0
src/spade/utility/map/external/screen/ScreenManager.java	GPL-3.0
src/spade/utility/map/external/screen/ScreenName.java	GPL-3.0
src/spade/utility/map/external/screen/ScreenProfile.java	GPL-3.0
src/spade/utility/map/external/store/DBStore.java	GPL-3.0
src/spade/utility/map/external/store/ProfiledStore.java	GPL-3.0
src/spade/utility/map/external/store/Store.java	GPL-3.0
src/spade/utility/map/external/store/StoreArgument.java	GPL-3.0
src/spade/utility/map/external/store/StoreManager.java	GPL-3.0
src/spade/utility/map/external/store/StoreName.java	GPL-3.0
src/spade/utility/map/external/store/StoreProfile.java	GPL-3.0
src/spade/utility/map/external/store/db/DatabaseArgument.java	GPL-3.0
src/spade/utility/map/external/store/db/DatabaseHandle.java	GPL-3.0
src/spade/utility/map/external/store/db/DatabaseManager.java	GPL-3.0
src/spade/utility/map/external/store/db/berkeleydb/BerkeleyDBArgument.java	GPL-3.0
src/spade/utility/map/external/store/db/berkeleydb/BerkeleyDBEnvironmentHandle.java	GPL-3.0
src/spade/utility/map/external/store/db/berkeleydb/BerkeleyDBHandle.java	GPL-3.0
src/spade/utility/map/external/store/db/berkeleydb/BerkeleyDBManager.java	GPL-3.0
src/spade/utility/map/external/store/db/leveldb/LevelDBArgument.java	GPL-3.0
src/spade/utility/map/external/store/db/leveldb/LevelDBHandle.java	GPL-3.0
src/spade/utility/map/external/store/db/leveldb/LevelDBManager.java	GPL-3.0
src/spade/utility/profile/Intervaler.java	GPL-3.0
src/spade/utility/profile/ReportingArgument.java	GPL-3.0
src/spade/utility/profile/TimeProfile.java	GPL-3.0
src/spade/vertex/opm/Agent.java	GPL-3.0
src/spade/vertex/opm/Artifact.java	GPL-3.0
src/spade/vertex/opm/Process.java	GPL-3.0

This material is based upon work supported by the National Science Foundation under Grants OCI-0722068, IIS-1116414, and ACI-1547467. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Setting up SPADE
Storing provenance
Collecting provenance
- Across the operating system
- Limiting collection to a part of the filesystem
  - On Linux
  - On macOS
- From an external application
- With compile-time instrumentation
- Using the reporting API
- Of transactions in the Bitcoin blockchain
- Filtering provenance
  - Using filters
  - Available filters
Viewing provenance
- In a graph database
- In a relational database
Querying SPADE
- Illustrative example
- Transforming query responses
  - Using transformers
  - Available transformers
- Protecting query responses
Miscellaneous

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SPADE Audit Kafka Unikernel

Clone this wiki locally