{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T23:53:54Z","timestamp":1770594834060,"version":"3.49.0"},"reference-count":71,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2017,8,18]],"date-time":"2017-08-18T00:00:00Z","timestamp":1503014400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2017,11,30]]},"abstract":"\n Information produced by Internet applications is inherently a result of processes that are executed locally. Think of a web server that makes use of a CGI script, or a content management system where a post was first edited using a word processor. Given the impact of these processes to the content published online, a consumer of that information may want to understand what those impacts were. For example, understanding from where text was copied and pasted to make a post, or if the CGI script was updated with the latest security patches, may all influence the confidence on the published content. Capturing and exposing this information provenance is thus important to ascertaining trust to online content. Furthermore, providers of internet applications may wish to have access to the same information for debugging or audit purposes. For processes following a rigid structure (such as databases or workflows), disclosed provenance systems have been developed that efficiently and accurately capture the provenance of the produced data. However,\n accurately<\/jats:italic>\n capturing provenance from\n unstructured<\/jats:italic>\n processes, for example, user-interactive computing used to produce web content, remains a problem to be tackled.\n <\/jats:p>\n \n In this article, we address the problem of capturing and exposing provenance from unstructured processes. Our approach, called\n PROV<\/jats:italic>\n 2R<\/jats:sub>\n (\n PROV<\/jats:italic>\n enance\n R<\/jats:italic>\n ecord and\n R<\/jats:italic>\n eplay) is composed of two parts: (a) the decoupling of provenance analysis from its capture; and (b) the capture of high-fidelity provenance from unmodified programs. We use techniques originating in the security and reverse engineering communities, namely,\n record and replay<\/jats:italic>\n and\n taint tracking<\/jats:italic>\n . Taint tracking fundamentally addresses the data provenance problem but is impractical to apply at runtime due to extremely high overhead. With a number of case studies, we demonstrate that\n PROV<\/jats:italic>\n 2R<\/jats:sub>\n enables the use of taint analysis for high-fidelity provenance capture, while keeping the runtime overhead at manageable levels. In addition, we show how captured information can be represented using the W3C PROV provenance model for exposure on the Web.\n <\/jats:p>","DOI":"10.1145\/3062176","type":"journal-article","created":{"date-parts":[[2017,8,24]],"date-time":"2017-08-24T11:49:04Z","timestamp":1503575344000},"page":"1-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["PROV<\/i>\n 2R<\/sub>"],"prefix":"10.1145","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5527-8726","authenticated-orcid":false,"given":"Manolis","family":"Stamatogiannakis","sequence":"first","affiliation":[{"name":"Vrije Universiteit Amsterdam, The Netherlands"}]},{"given":"Elias","family":"Athanasopoulos","sequence":"additional","affiliation":[{"name":"University of Cyprus, Nicosia, Cyprus"}]},{"given":"Herbert","family":"Bos","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, The Netherlands"}]},{"given":"Paul","family":"Groth","sequence":"additional","affiliation":[{"name":"Elsevier Labs, The Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2017,8,18]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37300-8_9"},{"key":"e_1_2_1_2_1","volume-title":"Butler","author":"Bates Adam","year":"2016","unstructured":"Adam Bates , Devin J. Pohly , and Kevin R. B . Butler . 2016 . Secure and Trustworthy Provenance Collection for Digital Forensics. Springer , New York, NY, 141--176. Adam Bates, Devin J. Pohly, and Kevin R. B. Butler. 2016. Secure and Trustworthy Provenance Collection for Digital Forensics. Springer, New York, NY, 141--176."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of USENIX SEC\u201915","author":"Bates Adam","year":"2015","unstructured":"Adam Bates , Dave Tian , Kevin R. B. Butler , and Thomas Moyer . 2015 . Trustworthy whole-system provenance for the linux kernel . In Proceedings of USENIX SEC\u201915 . Adam Bates, Dave Tian, Kevin R. B. Butler, and Thomas Moyer. 2015. Trustworthy whole-system provenance for the linux kernel. In Proceedings of USENIX SEC\u201915."},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of USENIX ATC\u201905","author":"Bellard Fabrice","year":"2005","unstructured":"Fabrice Bellard . 2005 . QEMU, a fast and portable dynamic translator . In Proceedings of USENIX ATC\u201905 . Fabrice Bellard. 2005. QEMU, a fast and portable dynamic translator. In Proceedings of USENIX ATC\u201905."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_1"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2596628"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25560-1_11"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2442516.2442537"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1561\/1900000006"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2882903.2899401"},{"key":"e_1_2_1_11_1","volume-title":"Proceedings of USENIX ATC\u201908","author":"Chow Jim","unstructured":"Jim Chow , Tal Garfinkel , and Peter M. Chen . 2008. Decoupling dynamic program analysis from execution in virtual environments . In Proceedings of USENIX ATC\u201908 . Jim Chow, Tal Garfinkel, and Peter M. Chen. 2008. Decoupling dynamic program analysis from execution in virtual environments. In Proceedings of USENIX ATC\u201908."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1837854.1736002"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273490"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455258.1455259"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2004.26"},{"key":"e_1_2_1_16_1","volume-title":"Retrieved","author":"Details CVE","year":"2016","unstructured":"CVE Details . 2016 . Linux Kernel Vulnerability Statistics. (November 2016) . Retrieved November 17, 2016 from http:\/\/www.cvedetails.com\/product\/47\/Linux-Linux-Kernel.html. CVE Details. 2016. Linux Kernel Vulnerability Statistics. (November 2016). Retrieved November 17, 2016 from http:\/\/www.cvedetails.com\/product\/47\/Linux-Linux-Kernel.html."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1773912.1773933"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of USENIX OSDI\u201914","author":"Devecsery David","unstructured":"David Devecsery , Michael Chow , Xianzheng Dou , Jason Flinn , and Peter M. Chen . 2014. Eidetic systems . In Proceedings of USENIX OSDI\u201914 . David Devecsery, Michael Chow, Xianzheng Dou, Jason Flinn, and Peter M. Chen. 2014. Eidetic systems. In Proceedings of USENIX OSDI\u201914."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2843859.2843867"},{"key":"e_1_2_1_22_1","volume-title":"LAVA: Large-scale automated vulnerability addition (May","author":"Dolan-Gavitt Brendan","year":"2016","unstructured":"Brendan Dolan-Gavitt , Patrick Hulin , Engin Kirda , Tim Leek , Andrea Mambretti , Wil Robertson , Frederick Ulrich , and Ryan Whelan . 2016 . LAVA: Large-scale automated vulnerability addition (May 2016). Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, Wil Robertson, Frederick Ulrich, and Ryan Whelan. 2016. LAVA: Large-scale automated vulnerability addition (May 2016)."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516697"},{"key":"e_1_2_1_24_1","volume-title":"Chen","author":"Dunlap George W.","year":"2002","unstructured":"George W. Dunlap , Samuel T. King , Sukru Cinar , Murtaza A. Basrai , and Peter M . Chen . 2002 . ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proceedings of USENIX OSDI\u2019 02. George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza A. Basrai, and Peter M. Chen. 2002. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proceedings of USENIX OSDI\u201902."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352621"},{"key":"e_1_2_1_26_1","first-page":"5","article-title":"Automatic capture and reconstruction of computational provenance","volume":"20","author":"Frew James","year":"2008","unstructured":"James Frew , Dominic Metzger , and Peter Slaughter . 2008 . Automatic capture and reconstruction of computational provenance . Concurr. Comput.: Pract. 8 Exper. 20 , 5 (April 2008), 485--596. James Frew, Dominic Metzger, and Peter Slaughter. 2008. Automatic capture and reconstruction of computational provenance. Concurr. Comput.: Pract. 8 Exper. 20, 5 (April 2008), 485--596.","journal-title":"Concurr. Comput.: Pract. 8 Exper."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/2442626.2442634"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30436-1_9"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1462159.1462162"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2008.215"},{"key":"e_1_2_1_32_1","unstructured":"Paul Groth and Luc Moreau (eds.). 2013. PROV-Overview: An Overview of the PROV Family of Documents. W3C Working Group Note NOTE-prov-overview-20130430. World Wide Web Consortium. Retrieved from http:\/\/www.w3.org\/TR\/2013\/NOTE-prov-overview-20130430\/ Paul Groth and Luc Moreau (eds.). 2013. PROV-Overview: An Overview of the PROV Family of Documents. W3C Working Group Note NOTE-prov-overview-20130430. World Wide Web Consortium. Retrieved from http:\/\/www.w3.org\/TR\/2013\/NOTE-prov-overview-20130430\/"},{"key":"e_1_2_1_33_1","first-page":"5","article-title":"PASSing the provenance challenge","volume":"20","author":"Holland David A.","year":"2008","unstructured":"David A. Holland , Margo I. Seltzer , Uri Braun , and Kiran-Kumar Muniswamy-Reddy . 2008 . PASSing the provenance challenge . Concurr. Comput.: Pract. 8 Exper. 20 , 5 (April 2008), 531--540. David A. Holland, Margo I. Seltzer, Uri Braun, and Kiran-Kumar Muniswamy-Reddy. 2008. PASSing the provenance challenge. Concurr. Comput.: Pract. 8 Exper. 20, 5 (April 2008), 531--540.","journal-title":"Concurr. Comput.: Pract. 8 Exper."},{"key":"e_1_2_1_34_1","unstructured":"Trung Dong Huynh Paul Groth and Stephan Zednik (eds.). 2013. PROV Implementation Report. W3C Working Group Note NOTE-prov-implementations-20130430. World Wide Web Consortium. Trung Dong Huynh Paul Groth and Stephan Zednik (eds.). 2013. PROV Implementation Report. W3C Working Group Note NOTE-prov-implementations-20130430. World Wide Web Consortium."},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516704"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40593-3_1"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of NDSS\u201911","author":"Kang Min Gyung","year":"2011","unstructured":"Min Gyung Kang , Stephen McCamant , Pongsin Poosankam , and Dawn Song . 2011 . DTA++: Dynamic taint analysis with targeted control-flow propagation . In Proceedings of NDSS\u201911 . Min Gyung Kang, Stephen McCamant, Pongsin Poosankam, and Dawn Song. 2011. DTA++: Dynamic taint analysis with targeted control-flow propagation. In Proceedings of NDSS\u201911."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neuroimage.2013.05.094"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2151024.2151042"},{"key":"e_1_2_1_41_1","volume-title":"Olaf Hartig, Yogesh Simmhan, James Myers, Timothy Lebo, Khalid Belhajjame, and Simon Miles.","author":"Klyne Graham","year":"2013","unstructured":"Graham Klyne , Paul Groth (eds.), Luc Moreau , Olaf Hartig, Yogesh Simmhan, James Myers, Timothy Lebo, Khalid Belhajjame, and Simon Miles. 2013 . PROV-AQ: Provenance Access and Query. W3C Working Group Note NOTE-prov-aq-20130430. World Wide Web Consortium . Retrieved from http:\/\/www.w3.org\/TR\/2013\/NOTE-prov-aq-20130430\/. Graham Klyne, Paul Groth (eds.), Luc Moreau, Olaf Hartig, Yogesh Simmhan, James Myers, Timothy Lebo, Khalid Belhajjame, and Simon Miles. 2013. PROV-AQ: Provenance Access and Query. W3C Working Group Note NOTE-prov-aq-20130430. World Wide Web Consortium. Retrieved from http:\/\/www.w3.org\/TR\/2013\/NOTE-prov-aq-20130430\/."},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40593-3_6"},{"key":"e_1_2_1_43_1","volume-title":"Black Hat Conference.","author":"Kortchinsky Kostya","year":"2009","unstructured":"Kostya Kortchinsky . 2009 . Cloudburst: A vmware guest to host escape . In Black Hat Conference. Kostya Kortchinsky. 2009. Cloudburst: A vmware guest to host escape. In Black Hat Conference."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/977395.977673"},{"key":"e_1_2_1_45_1","volume-title":"James Cheney, David Corsar, Daniel Garijo, Stian Soiland-Reyes, Stephan Zednik, and Jun Zhao.","author":"Lebo Timothy","year":"2013","unstructured":"Timothy Lebo , Satya Sahoo , Deborah McGuinness (eds.), Khalid Behajjame , James Cheney, David Corsar, Daniel Garijo, Stian Soiland-Reyes, Stephan Zednik, and Jun Zhao. 2013 . PROV-O: The PROV Ontology. W3C Recommendation REC-prov-o-20130430. World Wide Web Consortium . Retrieved from http:\/\/www.w3.org\/TR\/2013\/REC-prov-o-20130430 Timothy Lebo, Satya Sahoo, Deborah McGuinness (eds.), Khalid Behajjame, James Cheney, David Corsar, Daniel Garijo, Stian Soiland-Reyes, Stephan Zednik, and Jun Zhao. 2013. PROV-O: The PROV Ontology. W3C Recommendation REC-prov-o-20130430. World Wide Web Consortium. Retrieved from http:\/\/www.w3.org\/TR\/2013\/REC-prov-o-20130430"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755688.1755723"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"e_1_2_1_48_1","volume-title":"Capturing provenance of global change information. Nature Clim. Change 4, 6 (06","author":"Ma Xiaogang","year":"2014","unstructured":"Xiaogang Ma , Peter Fox , Curt Tilmes , Katharine Jacobs , and Anne Waple . 2014. Capturing provenance of global change information. Nature Clim. Change 4, 6 (06 2014 ), 409--413. Xiaogang Ma, Peter Fox, Curt Tilmes, Katharine Jacobs, and Anne Waple. 2014. Capturing provenance of global change information. Nature Clim. Change 4, 6 (06 2014), 409--413."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2004.17"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1561\/1800000010"},{"key":"e_1_2_1_52_1","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-031-79450-6","volume-title":"Provenance: An introduction to PROV. Synthesis Lectures on the Semantic Web: Theory and Technology 3, 4","author":"Moreau Luc","year":"2013","unstructured":"Luc Moreau and Paul Groth . 2013 . Provenance: An introduction to PROV. Synthesis Lectures on the Semantic Web: Theory and Technology 3, 4 (2013). Luc Moreau and Paul Groth. 2013. Provenance: An introduction to PROV. Synthesis Lectures on the Semantic Web: Theory and Technology 3, 4 (2013)."},{"key":"e_1_2_1_53_1","unstructured":"Luc Moreau and Paolo Missier. 2013. PROV-DM: The PROV Data Model. Recommendation REC-prov-dm-20130430. W3C. Retrieved from http:\/\/www.w3.org\/TR\/2013\/REC-prov-dm-20130430\/ Luc Moreau and Paolo Missier. 2013. PROV-DM: The PROV Data Model. Recommendation REC-prov-dm-20130430. W3C. Retrieved from http:\/\/www.w3.org\/TR\/2013\/REC-prov-dm-20130430\/"},{"key":"e_1_2_1_54_1","volume-title":"Taverna: Lessons in creating a workflow environment for the life sciences. Concurr. Comput.: Pract. 8 Exper. 18, 10","author":"Oinn Tom","year":"2006","unstructured":"Tom Oinn , Mark Greenwood , and 2006 . Taverna: Lessons in creating a workflow environment for the life sciences. Concurr. Comput.: Pract. 8 Exper. 18, 10 (2006). Tom Oinn, Mark Greenwood, and et al. 2006. Taverna: Lessons in creating a workflow environment for the life sciences. Concurr. Comput.: Pract. 8 Exper. 18, 10 (2006)."},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772954.1772958"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920313"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1217935.1217938"},{"key":"e_1_2_1_59_1","volume-title":"Proceedings of USENIX ATC\u201916","author":"Ren Shiru","year":"2016","unstructured":"Shiru Ren , Le Tan , Chunqi Li , Zhen Xiao , and Weijia Song . 2016 . Samsara: Efficient deterministic replay in multiprocessor environments with hardware virtualization extensions . In Proceedings of USENIX ATC\u201916 . Shiru Ren, Le Tan, Chunqi Li, Zhen Xiao, and Weijia Song. 2016. Samsara: Efficient deterministic replay in multiprocessor environments with hardware virtualization extensions. In Proceedings of USENIX ATC\u201916."},{"key":"e_1_2_1_60_1","volume-title":"Proceedings of IPAW\u201916","author":"Darren","unstructured":"Darren P. Richardson and Luc Moreau. 2016. Towards the domain agnostic generation of natural language explanations from provenance graphs for casual users . In Proceedings of IPAW\u201916 . Darren P. Richardson and Luc Moreau. 2016. Towards the domain agnostic generation of natural language explanations from provenance graphs for casual users. In Proceedings of IPAW\u201916."},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/1356058.1356069"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/1084805.1084812"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.4018\/jwsr.2008040101"},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519073"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-16462-5_12"},{"key":"e_1_2_1_66_1","volume-title":"Proceedings of USENIX TaPP\u201915","author":"Stamatogiannakis Manolis","year":"2015","unstructured":"Manolis Stamatogiannakis , Paul Groth , and Herbert Bos . 2015 . Decoupling provenance capture and analysis from execution . In Proceedings of USENIX TaPP\u201915 . http:\/\/dare.ubvu.vu.nl\/handle\/1871\/53077 Manolis Stamatogiannakis, Paul Groth, and Herbert Bos. 2015. Decoupling provenance capture and analysis from execution. In Proceedings of USENIX TaPP\u201915. http:\/\/dare.ubvu.vu.nl\/handle\/1871\/53077"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40593-3_3"},{"key":"e_1_2_1_68_1","volume-title":"ReSeer: Efficient search-based replay for multiprocessor virtual machines. J. Syst. Software","author":"Wang Tao","year":"2016","unstructured":"Tao Wang , Jiwei Xu , Wenbo Zhang , Jianhua Zhang , Jun Wei , and Hua Zhong . 2016. ReSeer: Efficient search-based replay for multiprocessor virtual machines. J. Syst. Software ( 2016 ). Tao Wang, Jiwei Xu, Wenbo Zhang, Jianhua Zhang, Jun Wei, and Hua Zhong. 2016. ReSeer: Efficient search-based replay for multiprocessor virtual machines. J. Syst. Software (2016)."},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37051-9_8"},{"key":"e_1_2_1_70_1","volume-title":"Retrieved","year":"2016","unstructured":"Wikipedia. 2016 . Virtual machine escape. (November 2016) . Retrieved November 17, 2016 from https:\/\/en.wikipedia.org\/wiki\/Virtual_machine_escape Wikipedia. 2016. Virtual machine escape. (November 2016). Retrieved November 17, 2016 from https:\/\/en.wikipedia.org\/wiki\/Virtual_machine_escape"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/859618.859633"},{"key":"e_1_2_1_72_1","volume-title":"Proceedings of MoBS\u201907","author":"Xu Min","year":"2007","unstructured":"Min Xu , Vyacheslav Malyugin , Jeffrey Sheldon , Ganesh Venkitachalam , and Boris Weissman . 2007 . ReTrace: Collecting execution trace with virtual machine deterministic replay . In Proceedings of MoBS\u201907 . Min Xu, Vyacheslav Malyugin, Jeffrey Sheldon, Ganesh Venkitachalam, and Boris Weissman. 2007. ReTrace: Collecting execution trace with virtual machine deterministic replay. In Proceedings of MoBS\u201907."},{"key":"e_1_2_1_73_1","volume-title":"Proceedings USENIX SEC\u201912","author":"Yan Lok Kwong","year":"2012","unstructured":"Lok Kwong Yan and Heng Yin . 2012 . DroidScope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis . In Proceedings USENIX SEC\u201912 . Lok Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In Proceedings USENIX SEC\u201912."},{"key":"e_1_2_1_74_1","volume-title":"TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution. Technical Report UCB\/EECS-2010-3. EECS Department","author":"Yin Heng","year":"2010","unstructured":"Heng Yin and Dawn Song . 2010 . TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution. Technical Report UCB\/EECS-2010-3. EECS Department , University of California , Berkeley. Retrieved November 17, 2016 from http:\/\/www.eecs.berkeley.edu\/Pubs\/TechRpts\/2010\/EECS-2010-3.html. Heng Yin and Dawn Song. 2010. TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution. Technical Report UCB\/EECS-2010-3. EECS Department, University of California, Berkeley. Retrieved November 17, 2016 from http:\/\/www.eecs.berkeley.edu\/Pubs\/TechRpts\/2010\/EECS-2010-3.html."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3062176","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3062176","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:36:31Z","timestamp":1750217791000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3062176"}},"subtitle":["Practical Provenance Analysis of Unstructured Processes"],"short-title":[],"issued":{"date-parts":[[2017,8,18]]},"references-count":71,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,11,30]]}},"alternative-id":["10.1145\/3062176"],"URL":"https:\/\/doi.org\/10.1145\/3062176","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"value":"1533-5399","type":"print"},{"value":"1557-6051","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,8,18]]},"assertion":[{"value":"2016-08-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-03-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-08-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}