{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T15:42:12Z","timestamp":1725896532752},"publisher-location":"Berlin, Heidelberg","reference-count":21,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642319082"},{"type":"electronic","value":"9783642319099"}],"license":[{"start":{"date-parts":[[2012,1,1]],"date-time":"2012-01-01T00:00:00Z","timestamp":1325376000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-31909-9_27","type":"book-chapter","created":{"date-parts":[[2012,9,22]],"date-time":"2012-09-22T03:23:23Z","timestamp":1348284203000},"page":"460-469","source":"Crossref","is-referenced-by-count":0,"title":["Trading Elephants for Ants: Efficient Post-attack Reconstitution"],"prefix":"10.1007","author":[{"given":"Meixing","family":"Le","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhaohui","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Quan","family":"Jia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Angelos","family":"Stavrou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anup K.","family":"Ghosh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sushil","family":"Jajodia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"27_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/3-540-44450-5_6","volume-title":"FST TCS 2000: Foundations of Software Technology and Theoretical Science","author":"P. Buneman","year":"2000","unstructured":"Buneman, P., Khanna, S., Tan, W.-C.: Data Provenance: Some Basic Issues. In: Kapoor, S., Prasad, S. (eds.) FST TCS 2000. LNCS, vol.\u00a01974, pp. 87\u201393. Springer, Heidelberg (2000)"},{"key":"27_CR2","doi-asserted-by":"crossref","unstructured":"Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: Revirt: Enabling intrusion analysis through virtual-machine logging and replay. ACM SIGOPS Operating Systems Review (2002)","DOI":"10.1145\/844128.844148"},{"key":"27_CR3","doi-asserted-by":"crossref","unstructured":"Goel, A., Farhadi, K., Po, K., Feng, W.-C.: Reconstructing system state for intrusion analysis. ACM SIGOPS Operating Systems Review (2008)","DOI":"10.1145\/1368506.1368511"},{"key":"27_CR4","doi-asserted-by":"crossref","unstructured":"Goel, A., Feng, W.-C., Maier, D., Walpole, J.: Forensix: A robust, high-performance reconstruction system. In: 25th IEEE International Conference on Distributed Computing Systems Workshops (2005)","DOI":"10.1109\/ICDCSW.2005.62"},{"key":"27_CR5","doi-asserted-by":"crossref","unstructured":"Goel, A., Po, K., Farhadi, K., Li, Z., de Lara, E.: The taser intrusion recovery system. In: SOSP 2005: Proceedings of the 20th ACM Symposium on Operating Systems Principles (2005)","DOI":"10.1145\/1095810.1095826"},{"key":"27_CR6","doi-asserted-by":"crossref","unstructured":"Hsu, F., Chen, H., Ristenpart, T., Li, J., Su, Z.: Back to the future: A framework for automatic malware removal and system repair. In: ACSAC 2006: Proceedings of 22nd Annual Computer Security Applications Conference (2006)","DOI":"10.1109\/ACSAC.2006.16"},{"key":"27_CR7","doi-asserted-by":"crossref","unstructured":"Jain, S., Shafique, F., Djeric, V., Goel, A.: Application-level isolation and recovery with solitude. In: Eurosys 2008: Proceedings of the 3rd ACM SIGOPS European Conference on Computer Systems (2008)","DOI":"10.1145\/1352592.1352603"},{"key":"27_CR8","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (2003)","DOI":"10.1145\/945445.945467"},{"key":"27_CR9","unstructured":"Krishnakumar, R.: Kernel korner: kprobes a kernel debugger. Linux Journal (2005)"},{"key":"27_CR10","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1023\/A:1008731200105","volume":"8","author":"P. Liu","year":"2000","unstructured":"Liu, P., Ammann, P., Jajodia, S.: Rewriting histories: Recovering from malicious transactions. Distributed Parallel Databases\u00a08, 7\u201340 (2000)","journal-title":"Distributed Parallel Databases"},{"key":"27_CR11","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1145\/1063786.1063789","volume":"1","author":"Z. Peterson","year":"2005","unstructured":"Peterson, Z., Burns, R.: Ext3cow: a time-shifting file system for regulatory compliance. Transactions on Storage\u00a01, 190\u2013212 (2005)","journal-title":"Transactions on Storage"},{"key":"27_CR12","unstructured":"Potter, S., Nieh, J.: Apiary: Easy-to-use desktop application fault containment on commodity operating systems. In: ATC 2010: USENIX 2010 Annual Technical Conference (2010)"},{"key":"27_CR13","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1145\/319344.319159","volume":"33","author":"D.S. Santry","year":"1999","unstructured":"Santry, D.S., Feeley, M.J., Hutchinson, N.C., Veitch, A.C., Carton, R.W., Ofir, J.: Deciding when to forget in the elephant file system. ACM SIGOPS Operating Systems Review\u00a033, 110\u2013123 (1999)","journal-title":"ACM SIGOPS Operating Systems Review"},{"key":"27_CR14","unstructured":"Seltzer, M., Muniswamy-Reddy, K.-K., Holland, D.A., Braun, U., Ledlie, J.: Provenance-aware storage systems. In: USENIX ATC 2006: Proceedings of the USENIX Annual Technical Conference (2006)"},{"key":"27_CR15","doi-asserted-by":"crossref","unstructured":"Sharif, M., Lee, W., Cui, W., Lanzi, A.: Secure in-vm monitoring using hardware virtualization. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security (2009)","DOI":"10.1145\/1653662.1653720"},{"key":"27_CR16","doi-asserted-by":"crossref","unstructured":"Simmhan, Y.L., Plale, B., Gannon, D.: A survey of data provenance techniques. Technical report, Computer Science Department, Indiana University, Bloomington IN 47405 (2005)","DOI":"10.1145\/1084805.1084812"},{"key":"27_CR17","unstructured":"Sriranjani, S., Venkatesan, S.: Forensic analysis of file system intrusions using improved backtracking. In: IWIA 2005: Proceedings of the Third IEEE International Workshop on Information Assurance (2005)"},{"key":"27_CR18","doi-asserted-by":"crossref","unstructured":"Soules, C.A.N., Goodson, G.R., Strunk, J.D., Ganger, G.R.: Metadata efficiency in versioning file systems. In: FAST 2003: Proceedings of the 2nd USENIX Conference on File and Storage Technologies (2003)","DOI":"10.21236\/ADA461077"},{"key":"27_CR19","doi-asserted-by":"crossref","unstructured":"Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: ASPLOS 2004: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (2004)","DOI":"10.1145\/1024393.1024404"},{"key":"27_CR20","unstructured":"Taesoo Kim, N.Z., Wang, X., Kaashoek, M.F.: Intrusion recovery using selective re-execution. In: OSDI 2010: Proceedings of the 9th Symposium on Operating Systems Design and Implementation (2010)"},{"key":"27_CR21","unstructured":"Unionfs, http:\/\/www.am-utils.org\/project-unionfs.html"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-31909-9_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,25]],"date-time":"2023-06-25T18:32:47Z","timestamp":1687717967000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-31909-9_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642319082","9783642319099"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-31909-9_27","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2012]]}}}