{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:14:18Z","timestamp":1750306458458,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,12,7]],"date-time":"2015-12-07T00:00:00Z","timestamp":1449446400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-0831298,CNS-1319137"],"award-info":[{"award-number":["CNS-0831298,CNS-1319137"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,12,7]]},"DOI":"10.1145\/2818000.2818011","type":"proceedings-article","created":{"date-parts":[[2015,12,11]],"date-time":"2015-12-11T17:06:08Z","timestamp":1449853568000},"page":"211-220","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Provenance-based Integrity Protection for Windows"],"prefix":"10.1145","author":[{"given":"Wai Kit","family":"Sze","sequence":"first","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"R.","family":"Sekar","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2015,12,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"USENIX Security","author":"Bates A.","year":"2015","unstructured":"Bates , A. , Tian , D. J. , Butler , K. R. , and Moyer , T . Trustworthy Whole-System Provenance for the Linux Kernel . In USENIX Security ( 2015 ). Bates, A., Tian, D. J., Butler, K. R., and Moyer, T. Trustworthy Whole-System Provenance for the Linux Kernel. In USENIX Security (2015)."},{"key":"e_1_3_2_1_3_1","volume-title":"BlackHat","author":"Brian Gorenc J. S.","year":"2014","unstructured":"Brian Gorenc , J. S. Thinking outside the sandbox - Violating trust boundaries in uncommon ways . In BlackHat ( 2014 ). Brian Gorenc, J. S. Thinking outside the sandbox - Violating trust boundaries in uncommon ways. In BlackHat (2014)."},{"key":"e_1_3_2_1_4_1","volume-title":"USENIX Security","author":"Brumley D.","year":"2004","unstructured":"Brumley , D. , and Song , D . Privtrans: Automatically Partitioning Programs for Privilege Separation . In USENIX Security ( 2004 ). Brumley, D., and Song, D. Privtrans: Automatically Partitioning Programs for Privilege Separation. In USENIX Security (2004)."},{"unstructured":"BufferZone Security Ltd. BufferZone http:\/\/bufferzonesecurity.com\/.  BufferZone Security Ltd. BufferZone http:\/\/bufferzonesecurity.com\/.","key":"e_1_3_2_1_5_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.5555\/645504.656274"},{"unstructured":"Constantin L. Researchers hack Internet Explorer 11 and Chrome at Mobile Pwn2Own. http:\/\/www.pcworld.com\/article\/2063560\/researchers-hack-internet-explorer-11-and-chrome-at-mobile-pwn2own.html\/.  Constantin L. Researchers hack Internet Explorer 11 and Chrome at Mobile Pwn2Own. http:\/\/www.pcworld.com\/article\/2063560\/researchers-hack-internet-explorer-11-and-chrome-at-mobile-pwn2own.html\/.","key":"e_1_3_2_1_7_1"},{"unstructured":"Dell. Dell Data Protection | Protected Workspace. http:\/\/www.dell.com\/learn\/us\/en\/04\/videos~en\/documents~data-protection-workspace.aspx.  Dell. Dell Data Protection | Protected Workspace. http:\/\/www.dell.com\/learn\/us\/en\/04\/videos~en\/documents~data-protection-workspace.aspx.","key":"e_1_3_2_1_8_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_9_1","DOI":"10.1145\/1095810.1095813"},{"key":"e_1_3_2_1_10_1","volume-title":"W32. Stuxnet Dossier. White paper","author":"Falliere N.","year":"2011","unstructured":"Falliere , N. , Murchu , L. , and Chien , E . W32. Stuxnet Dossier. White paper , Symantec Corp., Security Response ( 2011 ). Falliere, N., Murchu, L., and Chien, E. W32. Stuxnet Dossier. White paper, Symantec Corp., Security Response (2011)."},{"unstructured":"Fisher D. Sandbox Escape Bug in Adobe Reader Disclosed. http:\/\/threatpost.com\/sandbox-escape-bug-in-adobe-reader-disclosed\/109637.  Fisher D. Sandbox Escape Bug in Adobe Reader Disclosed. http:\/\/threatpost.com\/sandbox-escape-bug-in-adobe-reader-disclosed\/109637.","key":"e_1_3_2_1_11_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_12_1","DOI":"10.5555\/882494.884406"},{"key":"e_1_3_2_1_13_1","volume-title":"USENIX Security","author":"Goldberg I.","year":"1996","unstructured":"Goldberg , I. , Wagner , D. , Thomas , R. , and Brewer , E. A . A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker) . In USENIX Security ( 1996 ). Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A. A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker). In USENIX Security (1996)."},{"unstructured":"Google Security Research. Windows Acrobat Reader 11 Sandbox Escape in MoveFileEx IPC Hook. https:\/\/code.google.com\/p\/google-security-research\/issues\/detail?id=103.  Google Security Research. Windows Acrobat Reader 11 Sandbox Escape in MoveFileEx IPC Hook. https:\/\/code.google.com\/p\/google-security-research\/issues\/detail?id=103.","key":"e_1_3_2_1_14_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_15_1","DOI":"10.1145\/2259016.2259034"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.1145\/1314313.1314318"},{"unstructured":"jduck. CVE-2010-3338 Windows Escalate Task Scheduler XML Privilege Escalation | Rapid7. http:\/\/www.rapid7.com\/db\/modules\/exploit\/windows\/local\/ms10_092_schelevator.  jduck. CVE-2010-3338 Windows Escalate Task Scheduler XML Privilege Escalation | Rapid7. http:\/\/www.rapid7.com\/db\/modules\/exploit\/windows\/local\/ms10_092_schelevator.","key":"e_1_3_2_1_17_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_19_1","DOI":"10.1145\/1294261.1294293"},{"unstructured":"Li H. CVE-2015-0016: Escaping the Internet Explorer Sandbox. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/cve-2015-0016-escaping-the-internet-explorer-sandbox.  Li H. CVE-2015-0016: Escaping the Internet Explorer Sandbox. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/cve-2015-0016-escaping-the-internet-explorer-sandbox.","key":"e_1_3_2_1_20_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_21_1","DOI":"10.1109\/SP.2007.37"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_22_1","DOI":"10.1145\/1455526.1455527"},{"key":"e_1_3_2_1_23_1","volume-title":"ACSAC","author":"Liang Z.","year":"2003","unstructured":"Liang , Z. , Venkatakrishnan , V. , and Sekar , R . Isolated program execution: An application transparent approach for executing untrusted programs . In ACSAC ( 2003 ). Liang, Z., Venkatakrishnan, V., and Sekar, R. Isolated program execution: An application transparent approach for executing untrusted programs. In ACSAC (2003)."},{"key":"e_1_3_2_1_24_1","volume-title":"Meeting Critical Security Objectives with Security-Enhanced Linux. In Ottawa Linux Symposium","author":"Loscocco P.","year":"2001","unstructured":"Loscocco , P. , and Smalley , S . Meeting Critical Security Objectives with Security-Enhanced Linux. In Ottawa Linux Symposium ( 2001 ). Loscocco, P., and Smalley, S. Meeting Critical Security Objectives with Security-Enhanced Linux. In Ottawa Linux Symposium (2001)."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_25_1","DOI":"10.1145\/2043621.2043624"},{"unstructured":"Microsoft. URL Security Zones (Windows) - MSDN - Microsoft. https:\/\/msdn.microsoft.com\/en-us\/library\/ie\/ms537021%28v=vs.85%29.aspx.  Microsoft. URL Security Zones (Windows) - MSDN - Microsoft. https:\/\/msdn.microsoft.com\/en-us\/library\/ie\/ms537021%28v=vs.85%29.aspx.","key":"e_1_3_2_1_26_1"},{"unstructured":"Microsoft. What is Protected View? - Office Support. https:\/\/support.office.com\/en-au\/article\/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653.  Microsoft. What is Protected View? - Office Support. https:\/\/support.office.com\/en-au\/article\/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653.","key":"e_1_3_2_1_27_1"},{"unstructured":"Microsoft. What is the Windows Integrity Mechanism? https:\/\/msdn.microsoft.com\/en-us\/library\/bb625957.aspx.  Microsoft. What is the Windows Integrity Mechanism? https:\/\/msdn.microsoft.com\/en-us\/library\/bb625957.aspx.","key":"e_1_3_2_1_28_1"},{"unstructured":"Microsoft. Working with the AppInit_DLLs registry value. http:\/\/support.microsoft.com\/kb\/197571.  Microsoft. Working with the AppInit_DLLs registry value. http:\/\/support.microsoft.com\/kb\/197571.","key":"e_1_3_2_1_29_1"},{"unstructured":"Microsoft Research. Detours. http:\/\/research.microsoft.com\/en-us\/projects\/detours\/.  Microsoft Research. Detours. http:\/\/research.microsoft.com\/en-us\/projects\/detours\/.","key":"e_1_3_2_1_30_1"},{"unstructured":"Mozilla. Buildbot\/Talos\/Tests. https:\/\/wiki.mozilla.org\/Buildbot\/Talos\/Tests.  Mozilla. Buildbot\/Talos\/Tests. https:\/\/wiki.mozilla.org\/Buildbot\/Talos\/Tests.","key":"e_1_3_2_1_31_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_32_1","DOI":"10.1145\/2076732.2076791"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_33_1","DOI":"10.1145\/1542476.1542504"},{"unstructured":"Offensive Security. Exploits Database http:\/\/www.exploit-db.com\/.  Offensive Security. Exploits Database http:\/\/www.exploit-db.com\/.","key":"e_1_3_2_1_34_1"},{"key":"e_1_3_2_1_35_1","volume-title":"USENIX Security","author":"Provos N.","year":"2003","unstructured":"Provos , N. Improving Host Security with System Call Policies . In USENIX Security ( 2003 ). Provos, N. Improving Host Security with System Call Policies. In USENIX Security (2003)."},{"key":"e_1_3_2_1_36_1","volume-title":"USENIX Security","author":"Provos N.","year":"2003","unstructured":"Provos , N. , Markus , F. , and Peter , H . Preventing Privilege Escalation . In USENIX Security ( 2003 ). Provos, N., Markus, F., and Peter, H. Preventing Privilege Escalation. In USENIX Security (2003)."},{"unstructured":"Rahul Kashyap R. W. Application Sandboxes: A Pen-Tester's Perspective. http:\/\/labs.bromium.com\/2013\/07\/23\/application-sandboxes-a-pen-testers-perspective\/.  Rahul Kashyap R. W. Application Sandboxes: A Pen-Tester's Perspective. http:\/\/labs.bromium.com\/2013\/07\/23\/application-sandboxes-a-pen-testers-perspective\/.","key":"e_1_3_2_1_37_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_38_1","DOI":"10.1145\/1519065.1519090"},{"unstructured":"Sandboxie Holdings LLC. Sandboxie http:\/\/www.sandboxie.com\/.  Sandboxie Holdings LLC. Sandboxie http:\/\/www.sandboxie.com\/.","key":"e_1_3_2_1_39_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_40_1","DOI":"10.1145\/945445.945448"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_41_1","DOI":"10.1007\/978-3-540-70542-0_9"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_42_1","DOI":"10.1109\/SP.2008.35"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_43_1","DOI":"10.1145\/2613087.2613110"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_44_1","DOI":"10.1145\/2523649.2523655"},{"unstructured":"Ubuntu. AppArmor. https:\/\/wiki.ubuntu.com\/AppArmor\/.  Ubuntu. AppArmor. https:\/\/wiki.ubuntu.com\/AppArmor\/.","key":"e_1_3_2_1_45_1"},{"unstructured":"Ward S. iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign. http:\/\/www.isightpartners.com\/2014\/10\/cve-2014-4114\/.  Ward S. iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign. http:\/\/www.isightpartners.com\/2014\/10\/cve-2014-4114\/.","key":"e_1_3_2_1_46_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_47_1","DOI":"10.1109\/TDSC.2011.50"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_48_1","DOI":"10.1145\/1029894.1029913"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_49_1","DOI":"10.1109\/SP.2009.25"},{"key":"e_1_3_2_1_50_1","volume-title":"OSDI","author":"Zeldovich N.","year":"2006","unstructured":"Zeldovich , N. , Boyd-Wickizer , S. , Kohler , E. , and Mazi\u00e8res , D . Making Information Flow Explicit in HiStar . In OSDI ( 2006 ). Zeldovich, N., Boyd-Wickizer, S., Kohler, E., and Mazi\u00e8res, D. Making Information Flow Explicit in HiStar. In OSDI (2006)."}],"event":{"sponsor":["ACSA Applied Computing Security Assoc"],"acronym":"ACSAC 2015","name":"ACSAC 2015: 2015 Annual Computer Security Applications Conference","location":"Los Angeles CA USA"},"container-title":["Proceedings of the 31st Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2818000.2818011","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2818000.2818011","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:43:26Z","timestamp":1750225406000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2818000.2818011"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,12,7]]},"references-count":48,"alternative-id":["10.1145\/2818000.2818011","10.1145\/2818000"],"URL":"https:\/\/doi.org\/10.1145\/2818000.2818011","relation":{},"subject":[],"published":{"date-parts":[[2015,12,7]]},"assertion":[{"value":"2015-12-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}