{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T13:59:35Z","timestamp":1773842375634,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2007,10,28]],"date-time":"2007-10-28T00:00:00Z","timestamp":1193529600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2007,10,28]]},"DOI":"10.1145\/1315245.1315261","type":"proceedings-article","created":{"date-parts":[[2007,11,15]],"date-time":"2007-11-15T14:30:20Z","timestamp":1195137020000},"page":"116-127","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":374,"title":["Panorama"],"prefix":"10.1145","author":[{"given":"Heng","family":"Yin","sequence":"first","affiliation":[{"name":"Canegie Mellon University, Pittsburgh, PA"}]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[{"name":"University of California at Berkeley, Berkeley, CA"}]},{"given":"Manuel","family":"Egele","sequence":"additional","affiliation":[{"name":"Technical University Vienna, Vienna, Austria"}]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"Technical University Vienna, Vienna, Austria"}]},{"given":"Engin","family":"Kirda","sequence":"additional","affiliation":[{"name":"Technical University Vienna, Vienna, Austria"}]}],"member":"320","published-online":{"date-parts":[[2007,10,28]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AutoHotkey. http:\/\/www.autohotkey.com\/.  AutoHotkey. http:\/\/www.autohotkey.com\/."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2005.39"},{"key":"e_1_3_2_1_3_1","volume-title":"USENIX Annual Technical Conference, FREENIX Track","author":"Bellard F.","year":"2005","unstructured":"F. Bellard . Qemu , a fast and portable dynamic translator . In USENIX Annual Technical Conference, FREENIX Track , April 2005 . F. Bellard. Qemu, a fast and portable dynamic translator. In USENIX Annual Technical Conference, FREENIX Track, April 2005."},{"key":"e_1_3_2_1_4_1","unstructured":"Blacklight. http:\/\/www.europe.f-secure.com\/exclude\/blacklight\/.  Blacklight. http:\/\/www.europe.f-secure.com\/exclude\/blacklight\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Bochs: The open source IA-32 emulation project. http:\/\/bochs.sourceforge.net\/.  Bochs: The open source IA-32 emulation project. http:\/\/bochs.sourceforge.net\/."},{"key":"e_1_3_2_1_7_1","volume-title":"Botnet Analysis","author":"Brumley D.","year":"2007","unstructured":"D. Brumley , C. Hartwig , Z. Liang , J. Newsome , D. Song , and H. Yin . Botnet Analysis , chapter Automatically Identifying Trigger-based Behavior in Malware. 2007 . D. Brumley, C. Hartwig, Z. Liang, J. Newsome, D. Song, and H. Yin. Botnet Analysis, chapter Automatically Identifying Trigger-based Behavior in Malware. 2007."},{"key":"e_1_3_2_1_8_1","volume-title":"July","author":"Butler J.","year":"2004","unstructured":"J. Butler and G. Hoglund . VICE - catch the hookers! In Black Hat USA , July 2004 . http:\/\/www.blackhat.com\/presentations\/bh-usa-04\/bh-us-04-butler\/bh-us-04-butler.pdf. J. Butler and G. Hoglund. VICE - catch the hookers! In Black Hat USA, July 2004. http:\/\/www.blackhat.com\/presentations\/bh-usa-04\/bh-us-04-butler\/bh-us-04-butler.pdf."},{"key":"e_1_3_2_1_9_1","volume-title":"Phrack","author":"Butler J.","year":"2005","unstructured":"J. Butler and S. Sparks . Shadow walker: Raising the bar for windows rootkit detection . In Phrack 63, July 2005 . J. Butler and S. Sparks. Shadow walker: Raising the bar for windows rootkit detection. In Phrack 63, July 2005."},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the 13th USENIX Security Symposium (Security '03)","author":"Chow J.","year":"2004","unstructured":"J. Chow , B. Pfaff , T. Garfinkel , K. Christopher , and M. Rosenblum . Understanding data lifetime via whole system simulation . In Proceedings of the 13th USENIX Security Symposium (Security '03) , August 2004 . J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In Proceedings of the 13th USENIX Security Symposium (Security '03), August 2004."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.20"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095824"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2004.26"},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the 2007 Usenix Annual Conference (Usenix '07)","author":"Egele M.","year":"2007","unstructured":"M. Egele , C. Kruegel , E. Kirda , H. Yin , and D. Song . Dynamic Spyware Analysis . In Proceedings of the 2007 Usenix Annual Conference (Usenix '07) , June 2007 . M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic Spyware Analysis. In Proceedings of the 2007 Usenix Annual Conference (Usenix '07), June 2007."},{"key":"e_1_3_2_1_15_1","volume-title":"Symantec Security Response","author":"Ferrie P.","year":"2006","unstructured":"P. Ferrie . Attacks on virtual machine emulators . Symantec Security Response , December 2006 . P. Ferrie. Attacks on virtual machine emulators. Symantec Security Response, December 2006."},{"key":"e_1_3_2_1_16_1","unstructured":"GINA spy. http:\/\/www.codeproject.com\/useritems\/GINA_SPY.Asp.  GINA spy. http:\/\/www.codeproject.com\/useritems\/GINA_SPY.Asp."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"e_1_3_2_1_18_1","unstructured":"Google's desktop search red flag. http:\/\/www.internetnews.com\/xSP\/article.php\/3584131.  Google's desktop search red flag. http:\/\/www.internetnews.com\/xSP\/article.php\/3584131."},{"key":"e_1_3_2_1_19_1","unstructured":"Google Desktop - Privacy Policy. http:\/\/desktop.google.com\/en\/privacypolicy.html.  Google Desktop - Privacy Policy. http:\/\/desktop.google.com\/en\/privacypolicy.html."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1217935.1217939"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.16"},{"key":"e_1_3_2_1_22_1","unstructured":"The IDA Pro Disassembler and Debugger. http:\/\/www.datarescue.com\/idabase\/.  The IDA Pro Disassembler and Debugger. http:\/\/www.datarescue.com\/idabase\/."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceeding of the 13th Network and Distributed System Security (NDSS '06)","author":"Moshchuk A.","year":"2006","unstructured":"A. Moshchuk , T. Bragin , S. D. Gribble , and H. M. Levy . A crawler-based study of spyware in the web . In Proceeding of the 13th Network and Distributed System Security (NDSS '06) , February 2006 . A. Moshchuk, T. Bragin, S. D. Gribble, and H. M. Levy. A crawler-based study of spyware in the web. In Proceeding of the 13th Network and Distributed System Security (NDSS '06), February 2006."},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS '05)","author":"Newsome J.","year":"2005","unstructured":"J. Newsome and D. Song . Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software . In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS '05) , February 2005 . J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS '05), February 2005."},{"key":"e_1_3_2_1_27_1","unstructured":"T. Ormandy. An Empirical Study into the Security Exposure to Host of Hostile Virtualized Environments. http:\/\/taviso.decsystem.org\/virtsec.pdf.  T. Ormandy. An Empirical Study into the Security Exposure to Host of Hostile Virtualized Environments. http:\/\/taviso.decsystem.org\/virtsec.pdf."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1217935.1217938"},{"key":"e_1_3_2_1_29_1","unstructured":"Qemu. http:\/\/fabrice.bellard.free.fr\/qemu\/.  Qemu. http:\/\/fabrice.bellard.free.fr\/qemu\/."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2005.29"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2006.29"},{"key":"e_1_3_2_1_32_1","unstructured":"Rootkit revealer. http:\/\/www.sysinternals.com\/Files\/RootkitRevealer.zip.  Rootkit revealer. http:\/\/www.sysinternals.com\/Files\/RootkitRevealer.zip."},{"key":"e_1_3_2_1_33_1","volume-title":"Hack In The Box Security Conference","author":"Rutkowska J.","year":"2005","unstructured":"J. Rutkowska . System virginity verifier: Defining the roadmap for malware detection on windows systems . In Hack In The Box Security Conference , September 2005 . http:\/\/www.invisiblethings.org\/papers\/hitb05_virginity_verifier.ppt. J. Rutkowska. System virginity verifier: Defining the roadmap for malware detection on windows systems. In Hack In The Box Security Conference, September 2005. http:\/\/www.invisiblethings.org\/papers\/hitb05_virginity_verifier.ppt."},{"key":"e_1_3_2_1_34_1","unstructured":"Sony's DRM Rootkit: The Real Story. http:\/\/www.schneier.com\/blog\/archives\/2005\/11\/sonys_drm_rootk.html.  Sony's DRM Rootkit: The Real Story. http:\/\/www.schneier.com\/blog\/archives\/2005\/11\/sonys_drm_rootk.html."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1024393.1024404"},{"key":"e_1_3_2_1_36_1","unstructured":"The Sleuth Kit (TSK). http:\/\/www.sleuthkit.org\/sleuthkit\/.  The Sleuth Kit (TSK). http:\/\/www.sleuthkit.org\/sleuthkit\/."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.9"},{"key":"e_1_3_2_1_38_1","volume-title":"Proceeding of the Network and Distributed System Security Symposium (NDSS '07)","author":"Vogt P.","year":"2007","unstructured":"P. Vogt , F. Nentwich , N. Jovanovic , E. Kirda , C. Kruegel , and G. Vigna . Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis . In Proceeding of the Network and Distributed System Security Symposium (NDSS '07) , February 2007 . P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In Proceeding of the Network and Distributed System Security Symposium (NDSS '07), February 2007."},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the Large Installation System Administration Conference (LISA '04)","author":"Wang Y.-M.","year":"2004","unstructured":"Y.-M. Wang , R. Roussev , C. Verbowski , A. Johnson , M.-W. Wu , Y. Huang , and S.-Y. Kuo . Gatekeeper : Monitoring Auto-Start Extensibility Points (ASEPs) for spyware management . In Proceedings of the Large Installation System Administration Conference (LISA '04) , November 2004 . Y.-M. Wang, R. Roussev, C. Verbowski, A. Johnson, M.-W. Wu, Y. Huang, and S.-Y. Kuo. Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for spyware management. In Proceedings of the Large Installation System Administration Conference (LISA '04), November 2004."}],"event":{"name":"CCS07: 14th ACM Conference on Computer and Communications Security 2007","location":"Alexandria Virginia USA","acronym":"CCS07","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 14th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1315245.1315261","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1315245.1315261","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:56:12Z","timestamp":1750254972000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1315245.1315261"}},"subtitle":["capturing system-wide information flow for malware detection and analysis"],"short-title":[],"issued":{"date-parts":[[2007,10,28]]},"references-count":38,"alternative-id":["10.1145\/1315245.1315261","10.1145\/1315245"],"URL":"https:\/\/doi.org\/10.1145\/1315245.1315261","relation":{},"subject":[],"published":{"date-parts":[[2007,10,28]]},"assertion":[{"value":"2007-10-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}