Garm: Cross Application Data Provenance and Policy Enforcement

We present Garm, a new tool for tracing data provenance and enforcing data access policies with arbitrary binaries. Users can use Garm to attach access policies to data and Garm ensures that all accesses to the data (and derived data) across all applications and executions are consistent with the policy. Garm uses a staged analysis that combines a static analysis with a dynamic analysis to trace the provenance of an application’s state and the policies that apply to this state. The implementation monitors the interactions of the application with the underlying operating system to enforce policies. Conceptually, Garm combines trusted computing support from the underlying operating system with a stream cipher to ensure that data protected by an access policy cannot be accessed outside of Garm’s policy enforcement mechanisms. We have evaluated Garm with several common Linux applications. We found that Garm can successfully trace the provenance of data across executions of multiple applications and enforce data access policies on the application’s executions.