{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T00:35:57Z","timestamp":1774830957681,"version":"3.50.1"},"reference-count":55,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["1700544"],"award-info":[{"award-number":["1700544"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["2148374"],"award-info":[{"award-number":["2148374"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["2226339"],"award-info":[{"award-number":["2226339"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["2129164"],"award-info":[{"award-number":["2129164"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"ONR","doi-asserted-by":"publisher","award":["N00014-20-1-2734"],"award-info":[{"award-number":["N00014-20-1-2734"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2023]]},"DOI":"10.1109\/tifs.2023.3264152","type":"journal-article","created":{"date-parts":[[2023,4,3]],"date-time":"2023-04-03T17:29:41Z","timestamp":1680542981000},"page":"2794-2809","source":"Crossref","is-referenced-by-count":43,"title":["SysFlow: Toward a Programmable Zero Trust Framework for System Security"],"prefix":"10.1109","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0024-1117","authenticated-orcid":false,"given":"Sungmin","family":"Hong","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, SUCCESS Laboratory, Texas A&#x0026;M University, College Station, TX, USA"}]},{"given":"Lei","family":"Xu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, SUCCESS Laboratory, Texas A&#x0026;M University, College Station, TX, USA"}]},{"given":"Jianwei","family":"Huang","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, SUCCESS Laboratory, Texas A&#x0026;M University, College Station, TX, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5589-4759","authenticated-orcid":false,"given":"Hongda","family":"Li","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University at Buffalo, Buffalo, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8710-247X","authenticated-orcid":false,"given":"Hongxin","family":"Hu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University at Buffalo, Buffalo, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0630-741X","authenticated-orcid":false,"given":"Guofei","family":"Gu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, SUCCESS Laboratory, Texas A&#x0026;M University, College Station, TX, USA"}]}],"member":"263","reference":[{"key":"ref13","year":"2023","journal-title":"Micro-Service Benchmark Framework"},{"key":"ref12","year":"2023","journal-title":"Medjack to Launch Stepping-Stone Data Ex-Filstration"},{"key":"ref15","year":"0","journal-title":"Palo Alto Zero Trust"},{"key":"ref14","year":"2023","journal-title":"OpenFlow Specification"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref52","first-page":"6","article-title":"Linux security module framework","author":"wright","year":"2002","journal-title":"Proc Ottawa Linux Symp (OLS)"},{"key":"ref11","year":"2023","journal-title":"LogRhythm"},{"key":"ref55","first-page":"263","article-title":"Making information flow explicit in HiStar","author":"zeldovich","year":"2006","journal-title":"Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation (OSDI)"},{"key":"ref10","year":"2023","journal-title":"Lmbench"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523670"},{"key":"ref17","year":"2023","journal-title":"SysBench"},{"key":"ref16","year":"2023","journal-title":"Selinux"},{"key":"ref19","year":"0","journal-title":"SysFlow"},{"key":"ref18","year":"2023","journal-title":"Sysdig"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2465351.2465358"},{"key":"ref50","first-page":"973","article-title":"JIGSAW: Protecting resource access by inferring programmer expectations","author":"vijayakumar","year":"2014","journal-title":"Proc USENIX Conf Secur Symp (SEC)"},{"key":"ref46","first-page":"123","article-title":"The flask security architecture: System support for diverse security policies","author":"spencer","year":"1999","journal-title":"Proc USENIX Conf Secur Symp (SEC)"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243829"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/775152.775242"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/316188.316216"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev51306.2021.00022"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2866498"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-207"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.21"},{"key":"ref8","year":"2023","journal-title":"IBM QRadar SIEM"},{"key":"ref7","year":"2023","journal-title":"Google Beyondcorp"},{"key":"ref9","year":"2023","journal-title":"Production-Grade Container Orchestration"},{"key":"ref4","year":"2023","journal-title":"Docker Swarm Orchestration Tool"},{"key":"ref3","year":"2023","journal-title":"Cisco Zero Trust"},{"key":"ref6","year":"2023","journal-title":"Gitpwnd"},{"key":"ref5","year":"2023","journal-title":"Estimating Log Generation for Security Information Event and Log Management"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36084-0_6"},{"key":"ref35","first-page":"29","article-title":"Integrating flexible support for security policies into the Linux operating system","author":"loscocco","year":"2001","journal-title":"Proc USENIX Annu Tech Conf (ATC)"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294293"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2018.00169"},{"key":"ref31","first-page":"1705","article-title":"Enabling refinable cross-host attack investigation with efficient data flow tagging and tracking","author":"ji","year":"2018","journal-title":"Proc USENIX Conf Secur Symp (SEC)"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134045"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342452"},{"key":"ref32","first-page":"179","article-title":"Copilot&#x2014;A coprocessor-based kernel runtime integrity monitor","author":"petroni","year":"2004","journal-title":"Proc ACM Conf Comput Commun Secur (CCS)"},{"key":"ref2","year":"2023","journal-title":"AppArmor application security for linux"},{"key":"ref1","year":"2023","journal-title":"Apache"},{"key":"ref39","first-page":"1119","article-title":"Practical DIFC enforcement on Android","author":"nadkarni","year":"2016","journal-title":"Proc USENIX Conf Secur Symp (SEC)"},{"key":"ref38","first-page":"94","article-title":"Enhancing security of Docker using Linux hardening techniques","author":"raj","year":"2016","journal-title":"Proc 2nd Int Conf Appl Theor Comput Commun Technol (iCATccT)"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3340502"},{"key":"ref23","first-page":"319","article-title":"Trustworthy whole-system provenance for the Linux kernel","author":"bates","year":"2015","journal-title":"Proc USENIX Conf Secur Symp (SEC)"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095813"},{"key":"ref25","first-page":"1","article-title":"Intel SGX explained","volume":"2016","author":"costan","year":"2016","journal-title":"IACR Cryptol ePrint Arch"},{"key":"ref20","year":"2023","journal-title":"Virtual patching best practices"},{"key":"ref22","year":"2023","journal-title":"Zero Trust Extended (ZTX)"},{"key":"ref21","year":"2023","journal-title":"WGET BENCH"},{"key":"ref28","first-page":"639","article-title":"SAQL: A stream-based query system for real-time abnormal system behavior detection","author":"gao","year":"2018","journal-title":"Proc USENIX Conf Secur Symp (SEC)"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/2034574.2034812"},{"key":"ref29","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","author":"hossain","year":"2017","journal-title":"Proc USENIX Conf Secur Symp (SEC)"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/10206\/9970396\/10091151-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/9970396\/10091151.pdf?arnumber=10091151","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,29]],"date-time":"2023-05-29T17:32:23Z","timestamp":1685381543000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10091151\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"references-count":55,"URL":"https:\/\/doi.org\/10.1109\/tifs.2023.3264152","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]}}}