-
Notifications
You must be signed in to change notification settings - Fork 77
Using SPADE's provenance reporting API
To create a reporter that sends information programmatically to the SPADE server, create a class in the spade.reporter.*
package that extends the spade.core.AbstractReporter class. For example, to activate a class named myReporter
, use:
-> add reporter myReporter arguments
This will cause the server to invoke the spade.reporter.myReporter.launch()
method and pass the arguments
string to it. Note that myReporter
must be in the spade.reporter.*
package and the Java class must be stored in the SPADE/src/spade/reporter
directory. The server will load the spade.reporter.myReporter
class dynamically when the above command is issued in the SPADE controller.
Similarly, the reporter can be deactivated while the server is running:
-> remove reporter myReporter
The above command will cause the SPADE server to invoke the spade.reporter.myReporter.shutdown()
method, which will also be called when the SPADE server is exiting.
The following steps are used to send a provenance vertex to the SPADE server:
- Create an instance of
spade.vertex.opm.Agent
,spade.vertex.opm.Process
, orspade.vertex.opm.Artifact
. For example, to create a vertex describing a file use:
import spade.vertex.opm.Artifact;
Artifact artifact = new Artifact();
- Optionally, add key-value pair annotations to the vertex using the
addAnnotation()
method that the vertex subclass inherits from thespade.core.AbstractVertex
class:
artifact.addAnnotation("file name", "/etc/passwd");
artifact.addAnnotation("modification time", "04:20:00 am");
- Send the vertex to the server using the
putVertex()
method that the reporter subclass inherits from thespade.core.AbstractReporter
class:
putVertex(artifact);
The following steps are used to send a provenance edge to the SPADE server:
- Create an instance of
spade.edge.opm.Used
,spade.edge.opm.WasGeneratedBy
,spade.edge.opm.WasDerivedFrom
,spade.edge.opm.WasTriggeredBy
, orspade.edge.opm.WasControlledBy
. For example, to create an edge describing that a file was read by a process:
import spade.edge.opm.Used;
Used used = new Used(process, file);
In the above example, the variable process
must be an instance of spade.vertex.opm.Process
and the variable file
must be an instance of spade.vertex.opm.Artifact
.
- Optionally, add key-value pair annotations to the edge using the
addAnnotation()
method that the edge subclass inherits from thespade.core.AbstractEdge
class:
used.addAnnotation("I/O time", "42ms");
- Send the edge to the server using the
putEdge()
method that the reporter subclass inherits from thespade.core.AbstractReporter
class:
putEdge(artifact);
This material is based upon work supported by the National Science Foundation under Grants OCI-0722068, IIS-1116414, and ACI-1547467. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
- Setting up SPADE
- Storing provenance
-
Collecting provenance
- Across the operating system
- Limiting collection to a part of the filesystem
- From an external application
- With compile-time instrumentation
- Using the reporting API
- Of transactions in the Bitcoin blockchain
- Filtering provenance
- Viewing provenance
-
Querying SPADE
- Illustrative example
- Transforming query responses
- Protecting query responses
- Miscellaneous