{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:39:01Z","timestamp":1772041141251,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":74,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,24]],"date-time":"2017-10-24T00:00:00Z","timestamp":1508803200000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1540217"],"award-info":[{"award-number":["CNS-1540217"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1540218"],"award-info":[{"award-number":["CNS-1540218"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1563883"],"award-info":[{"award-number":["CNS-1563883"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Florida Center for Cybersecurity","award":["Seed grant program"],"award-info":[{"award-number":["Seed grant program"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978398","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T08:46:35Z","timestamp":1477385195000},"page":"242-253","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["ProvUSB"],"prefix":"10.1145","author":[{"given":"Dave (Jing)","family":"Tian","sequence":"first","affiliation":[{"name":"University of Florida, Gainesville, USA"}]},{"given":"Adam","family":"Bates","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana-Champaign, USA"}]},{"given":"Kevin R.B.","family":"Butler","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, USA"}]},{"given":"Raju","family":"Rangaswami","sequence":"additional","affiliation":[{"name":"Florida International University, Miami, USA"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"The Reality of Risks from Consented Use of USB Devices","author":"Al-Zarouni M.","year":"2006","unstructured":"M. Al-Zarouni. The Reality of Risks from Consented Use of USB Devices. Edith Cowan University, Perth, W. Aus., 2006."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/11890850_14"},{"key":"e_1_3_2_1_3_1","volume-title":"USENIX Security Symposium","author":"Angel S.","year":"2016","unstructured":"S. Angel, R. S. Wahby, M. Howald, J. B. Leners, M. Spilo, et al. Defending against Malicious Peripherals with Cinch. In USENIX Security Symposium, Aug. 2016."},{"key":"e_1_3_2_1_4_1","unstructured":"Basemark Inc. Basemark browsermark. http:\/\/web.basemark.com\/."},{"key":"e_1_3_2_1_5_1","volume-title":"Let SDN Be Your Eyes: Secure Forensics in Data Center Networks. SENT'14","author":"Bates A.","year":"2014","unstructured":"A. Bates, K. Butler, A. Haeberlen, M. Sherr, and W. Zhou. Let SDN Be Your Eyes: Secure Forensics in Data Center Networks. SENT'14, Feb. 2014."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23238"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435389"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831164"},{"key":"e_1_3_2_1_9_1","unstructured":"Belkasoft Inc. SSD Forensics 2014. https:\/\/belkasoft.com\/en\/ssd-2014 2014."},{"key":"e_1_3_2_1_10_1","unstructured":"D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations and Model. Technical Report M74-244 MITRE Corporation Bedford MA 1973."},{"key":"e_1_3_2_1_11_1","unstructured":"K. Biba. Integrity Considerations for Secure Computer Systems. Technical Report MTR-2574 MITRE Corporation 1975."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920296"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455821"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1067170.1067179"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1142473.1142574"},{"key":"e_1_3_2_1_16_1","volume-title":"Revision 2.0","author":"Phillips NEC","year":"2000","unstructured":"Compaq, Hewlett-Packard, Intel, Microsoft, NEC, and Phillips. Universal Serial Bus Speci cation, Revision 2.0, April 2000."},{"key":"e_1_3_2_1_17_1","volume-title":"Prov-overview: an overview of the prov family of documents","author":"W. W. W. Consortium et al.","year":"2013","unstructured":"W. W. W. Consortium et al. Prov-overview: an overview of the prov family of documents. 2013."},{"key":"e_1_3_2_1_18_1","volume-title":"W32. Stuxnet Dossier","author":"Falliere N.","year":"2011","unstructured":"N. Falliere, L. O. Murchu, and E. Chien. W32. Stuxnet Dossier. 2011."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/882494.884406"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/647054.715751"},{"key":"e_1_3_2_1_21_1","volume-title":"Fine-grained Tracking of Grid Infections. In IEEE\/ACM GRID","author":"Gehani A.","year":"2010","unstructured":"A. Gehani, B. Baig, S. Mahmood, D. Tariq, and F. Za ar. Fine-grained Tracking of Grid Infections. In IEEE\/ACM GRID, Oct 2010."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/2442626.2442634"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/291069.291029"},{"key":"e_1_3_2_1_24_1","unstructured":"Google Inc. ProjectVault. https:\/\/github.com\/ProjectVault."},{"key":"e_1_3_2_1_25_1","unstructured":"Gumstix Inc. COMS. https:\/\/store.gumstix.com\/coms.html."},{"key":"e_1_3_2_1_26_1","unstructured":"Gumstix Inc. Thumbo. https:\/\/store.gumstix.com\/thumbo.html."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/1525908.1525909"},{"key":"e_1_3_2_1_28_1","unstructured":"In neon Inc. Embedded TPM. http:\/\/www.in neon.com\/cms\/en\/product\/channel.html?channel=db3a30434422e00e01442555a5f713f5."},{"key":"e_1_3_2_1_29_1","unstructured":"Intel Inc. Intel Edison. http:\/\/www.intel.com\/content\/www\/us\/en\/do-it-yourself\/edison.html."},{"key":"e_1_3_2_1_30_1","unstructured":"Inverse Path Inc. USB Armory. https:\/\/inversepath.com\/usbarmory."},{"key":"e_1_3_2_1_31_1","unstructured":"IronKey Inc. Access Enterprise. http:\/\/www.ironkey.com\/en-US\/access-enterprise\/."},{"key":"e_1_3_2_1_32_1","unstructured":"IronKey Inc. IronKey Enterprise S1000 Encrypted Flash Drive. http:\/\/www.ironkey.com\/en-US\/ encrypted-storage-drives\/s1000-enterprise.html."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133058.1133063"},{"key":"e_1_3_2_1_34_1","volume-title":"Infected USB drive blamed for '08 military cyber breach","author":"Vijayan Jaikumar","unstructured":"Jaikumar Vijayan. Infected USB drive blamed for '08 military cyber breach. http:\/\/www.computerworld.com\/article\/2514879\/security0\/infected-usb-drive-blamed-for--08-military-cyber-breach.html, 2008."},{"key":"e_1_3_2_1_35_1","volume-title":"3rd Workshop on the Theory and Practice of Provenance, TAPP'11","author":"Jones S. N.","year":"2011","unstructured":"S. N. Jones, C. R. Strong, D. D. E. Long, and E. L. Miller. Tracking Emigrant Data via Transient Provenance. In 3rd Workshop on the Theory and Practice of Provenance, TAPP'11, June 2011."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/1362903.1362919"},{"key":"e_1_3_2_1_37_1","unstructured":"Kevin Poulsen and Kim Zetter. U.S. Intelligence Analyst Arrested in Wikileaks Video Probe. http:\/\/www.wired.com\/2010\/06\/leak\/."},{"key":"e_1_3_2_1_38_1","unstructured":"Kingston Inc. DataTraveler USB Drives. http:\/\/www.kingston.com\/us\/usb."},{"key":"e_1_3_2_1_39_1","unstructured":"T. Kojm. Clamav. http:\/\/www.clamav.net\/."},{"key":"e_1_3_2_1_40_1","volume-title":"NDSS","author":"Lee K. H.","year":"2013","unstructured":"K. H. Lee, X. Zhang, and D. Xu. High Accuracy Attack Provenance via Binary-based Execution Partition. NDSS, 2013."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SADFE.2011.9"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1413901.1413903"},{"key":"e_1_3_2_1_45_1","volume-title":"USENIX LISA","author":"Daly Michael K.","year":"2009","unstructured":"Michael K. Daly. The Advanced Persistent Threat. In USENIX LISA, 2009."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855807.1855817"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267359.1267363"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/2342875.2342879"},{"key":"e_1_3_2_1_49_1","unstructured":"OLEA Kiosks Inc. Malware Scrubbing Cyber Security Kiosk. http:\/\/www.olea.com\/product\/cyber-security-kiosk\/."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2012.6297930"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.5555\/1496671.1496680"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.32"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251353.1251363"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"e_1_3_2_1_55_1","volume-title":"Industrial Control System Security (ICSS) Workshop","author":"Rrushi J.","year":"2015","unstructured":"J. Rrushi, H. Farhangi, C. Howey, K. Carmichael, and J. Dabell. A quantitative evaluation of the target selection of havex ics malware plugin. Industrial Control System Security (ICSS) Workshop, 2015."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251375.1251391"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920285"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1103780.1103784"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251028.1251046"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.5555\/1973355.1973361"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251229.1251241"},{"key":"e_1_3_2_1_62_1","unstructured":"Sun Microsystems Inc. and FSL at Stony Brook University. Filebench. http:\/\/lebench.sourceforge.net."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/MPRV.2007.84"},{"key":"e_1_3_2_1_64_1","unstructured":"Symantec Inc. Trojan.Zbot. http:\/\/www.symantec.com\/security response\/writeup.jsp?docid=2010-011016-3514-99."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/1982185.1982236"},{"key":"e_1_3_2_1_66_1","unstructured":"The USB Device Working Group. USB Class Codes. http:\/\/www.usb.org\/developers\/definedclass 2015."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818040"},{"key":"e_1_3_2_1_68_1","volume-title":"Making USB Great Again with USBFILTER. In USENIX Security Symposium","author":"Tian D. J.","year":"2016","unstructured":"D. J. Tian, N. Scaife, A. Bates, K. Butler, and P. Traynor. Making USB Great Again with USBFILTER. In USENIX Security Symposium, 2016."},{"key":"e_1_3_2_1_69_1","unstructured":"TrouSerS. The open-source TCG Software Stack. http:\/\/trousers.sourceforge.net\/."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSST.2005.39"},{"key":"e_1_3_2_1_71_1","unstructured":"USB Implementers Forum Inc. USB On-The-Go and Embedded Host. http:\/\/www.usb.org\/developers\/onthego\/."},{"key":"e_1_3_2_1_72_1","unstructured":"USB Implementers Forum Inc. USB Mass Storage Class CBI Transport. http:\/\/www.usb.org\/developers\/docs\/devclassdocs\/usbmsccbi1.1.pdf 2003."},{"key":"e_1_3_2_1_73_1","volume-title":"McAfee Labs Report","author":"Walter J.","year":"2012","unstructured":"J. Walter. \"Flame Attacks\": Brie ng and Indicators of Compromise. McAfee Labs Report, May 2012."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043584"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978398","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978398","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978398","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:24:43Z","timestamp":1763457883000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978398"}},"subtitle":["Block-level Provenance-Based Data Protection for USB Storage Devices"],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":74,"alternative-id":["10.1145\/2976749.2978398","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978398","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}