{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,8]],"date-time":"2025-07-08T05:10:03Z","timestamp":1751951403020,"version":"3.41.2"},"reference-count":84,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,5,5]],"date-time":"2025-05-05T00:00:00Z","timestamp":1746403200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,5,5]],"date-time":"2025-05-05T00:00:00Z","timestamp":1746403200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100003662","name":"Korea Planning & Evaluation Institute of Industrial Technology","doi-asserted-by":"publisher","award":["RS-2024-00406121"],"award-info":[{"award-number":["RS-2024-00406121"]}],"id":[{"id":"10.13039\/501100003662","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"U.S. National Science Foundation","doi-asserted-by":"publisher","award":["1955172,1955228"],"award-info":[{"award-number":["1955172,1955228"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,5,5]]},"DOI":"10.1109\/host64725.2025.11050066","type":"proceedings-article","created":{"date-parts":[[2025,7,7]],"date-time":"2025-07-07T17:47:34Z","timestamp":1751910454000},"page":"415-426","source":"Crossref","is-referenced-by-count":0,"title":["Termite Attacks: Gnawing on Logs to Extract Secret Information"],"prefix":"10.1109","author":[{"given":"Hyun","family":"Bin Lee","sequence":"first","affiliation":[{"name":"Korea Automotive Technology Institute"}]},{"given":"Tushar M.","family":"Jois","sequence":"additional","affiliation":[{"name":"City College of New York"}]},{"given":"Christopher W.","family":"Fletcher","sequence":"additional","affiliation":[{"name":"University of California,Berkeley"}]},{"given":"Carl A.","family":"Gunter","sequence":"additional","affiliation":[{"name":"University of Illinois Urbana-Champaign"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2012.2221958"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2010.26"},{"key":"ref3","article-title":"The error and warning log"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24065"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39945-3_3"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44702-4_10"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.5210\/fm.v16i5.3493"},{"key":"ref8","article-title":"Privacy games: Optimal user-centric data obfuscation","author":"Shokri","year":"2014","journal-title":"arXiv preprint arXiv:1402.3426"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3374664.3375743"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2808769.2808773"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2017.8167792"},{"journal-title":"(USENIX Security\u201917)","article-title":"MPI: Multiple perspective attack investigation with semantic aware execution partitioning","author":"Ma","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23306"},{"key":"ref15","first-page":"241","article-title":"Kernel-Supported Cost-Effective audit logging for causality tracking","volume-title":"2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Ma"},{"journal-title":"USENIX Security\u2019 16","article-title":"Trusted browsers for uncertain times","author":"Kohlbrenner","key":"ref16"},{"journal-title":"USENIX Security\u201920","article-title":"Timeless timing attacks: Exploiting concurrency to leak secrets over remote connections","author":"Van Goethem","key":"ref17"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-29959-0_14"},{"journal-title":"NDSS\u201922","article-title":"Remote memorydeduplication attacks","author":"Schwarzl","key":"ref19"},{"key":"ref20","article-title":"Spring: Spectre Returning in the Browser with Speculative Load Queuing and Deep Stacks","author":"Wikner","year":"2022","journal-title":"WOOT\u201922"},{"volume-title":"Apache Software Foundation","key":"ref21","article-title":"Log files - Apache HTTP server version 2.4"},{"volume-title":"The PostgreSQL Global Development Group","key":"ref22","article-title":"Error Reporting and Logging"},{"volume-title":"Red Hat, Inc.","key":"ref23","article-title":"Auditing the system Red Hat Enterprise Linux 8"},{"volume-title":"FreeBSD","key":"ref24","article-title":"DTrace"},{"volume-title":"Microsoft","key":"ref25","article-title":"About Event Tracing"},{"key":"ref26","first-page":"2987","article-title":"\\{SEAL\\}: Storageefficient causality analysis on enterprise logs with query-friendly compression","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Fei","year":"2021"},{"article-title":"Microsoft Sysmon","volume-title":"Microsoft","year":"2022","key":"ref27"},{"journal-title":"auditctl(8) Linux manual page","year":"2021","author":"Grubb","key":"ref28"},{"journal-title":"audit.rules(7) Linux manual page","year":"2019","author":"Grubb","key":"ref29"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"article-title":"Controlled Access Protection Profile, Version 1.d","volume-title":"National Security Agency","year":"2022","key":"ref31"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417862"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24549"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23057"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3098977"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.visinf.2018.04.009"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484551"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref41","article-title":"Android provenance: diagnosing device disorders","volume-title":"5th USENIX Workshop on the Theory and Practice of Provenance (TaPP 13)","author":"Husted","year":"2013"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833745"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-68697-5_9"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/11605805_1"},{"key":"ref45","first-page":"719","article-title":"\\{FLUSH+ RELOAD\\}: A high resolution, low noise, 13 cache \\{Side-Channel\\} attack","volume-title":"23rd USENIX security symposium (USENIX security 14)","author":"Yarom","year":"2014"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-017-0152-y"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00004"},{"key":"ref48","article-title":"Port contention for fun and profit","volume-title":"Cryptology ePrint Archive, Report 2018\/1060","author":"Aldaya","year":"2018"},{"key":"ref49","first-page":"973","article-title":"Meltdown: Reading kernel memory from user space","volume-title":"27th \\{USENIX\\} Security Symposium (\\{USENIX\\} Security 18)","author":"Lipp","year":"2018"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70972-7_13"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315282"},{"key":"ref53","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2019.23061","article-title":"Data oblivious isa extensions for side channel-resistant and high performance computing","volume-title":"NDSS\u201919","author":"Yu"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/SECCMW.2005.1588299"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/863955.863994"},{"key":"ref56","first-page":"645","article-title":"Lord of the ring (s): Side channel attacks on the \\{CPU\\}\\{On-Chip\\} ring interconnect are practical","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Paccagnella","year":"2021"},{"key":"ref57","article-title":"Timing analysis of keystrokes and timing attacks on \\{SSH\\}","volume-title":"10th USENIX Security Symposium (USENIX Security 01)","author":"Song","year":"2001"},{"journal-title":"Cache-timing attacks on aes","year":"2005","author":"Bernstein","key":"ref58"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2012.6212064"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1016\/j.jpdc.2014.06.013"},{"volume-title":"Bigger, longer, fewer: what do cluster jobs look like outside google","year":"2017","author":"Amvrosiadis","key":"ref61"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/100216.100273"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1080\/1369118X.2015.1061577"},{"key":"ref64","article-title":"Online cheating site ashleymadison hacked","author":"Krebs","year":"2015","journal-title":"Krebs on security"},{"volume-title":"The PHP Group","key":"ref65","article-title":"password_hash"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00082"},{"key":"ref67","first-page":"23","article-title":"Peeping tom in the neighborhood: Keystroke eavesdropping on multi-user systems","volume-title":"USENIX Security Symposium","volume":"20","author":"Zhang","year":"2009"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_11"},{"volume-title":"The trouble with the Nagle algorithm","year":"2022","author":"John","key":"ref69"},{"journal-title":"NDSS\u201921","article-title":"DOVE: A DataOblivious Virtual Environment","author":"Lee","key":"ref70"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23239"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1007\/11734727_14"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.19"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_3"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2482484"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053034"},{"key":"ref77","article-title":"Privacy vs. intrusion detection analysis","author":"Lundin","year":"1999","journal-title":"Recent Advances in Intrusion Detection"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2016.1"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/505202.505234"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2002.1181415"},{"key":"ref81","article-title":"More Google Cluster Data","volume-title":"accessed:","author":"Wilkes","year":"2022"},{"key":"ref82","article-title":"Google cluster-usage traces: format + schema","volume-title":"Google Inc., Mountain View, CA, USA, Technical Report","author":"Reiss","year":"2014"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1137\/14095772X"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2020.2986113"}],"event":{"name":"2025 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","start":{"date-parts":[[2025,5,5]]},"location":"San Jose, CA, USA","end":{"date-parts":[[2025,5,8]]}},"container-title":["2025 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11050019\/11050011\/11050066.pdf?arnumber=11050066","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,8]],"date-time":"2025-07-08T04:46:27Z","timestamp":1751949987000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11050066\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,5]]},"references-count":84,"URL":"https:\/\/doi.org\/10.1109\/host64725.2025.11050066","relation":{},"subject":[],"published":{"date-parts":[[2025,5,5]]}}}