{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,2]],"date-time":"2026-07-02T16:11:28Z","timestamp":1783008688423,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":124,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,30]],"date-time":"2020-10-30T00:00:00Z","timestamp":1604016000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation","award":["1750024"],"award-info":[{"award-number":["1750024"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,30]]},"DOI":"10.1145\/3372297.3417862","type":"proceedings-article","created":{"date-parts":[[2021,3,4]],"date-time":"2021-03-04T16:21:21Z","timestamp":1614874881000},"page":"1551-1574","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":43,"title":["Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks"],"prefix":"10.1145","author":[{"given":"Riccardo","family":"Paccagnella","sequence":"first","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kevin","family":"Liao","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dave","family":"Tian","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Adam","family":"Bates","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2020,11,2]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2014. CVE-2014-6271. Vulnerability reference:https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-6271. Accessed on 08.17.2020.  2014. CVE-2014-6271. Vulnerability reference:https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-6271. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_2_1","unstructured":"2017. CVE-2017-16995. Vulnerability reference:https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-16995. Accessed on 08.17.2020.  2017. CVE-2017-16995. Vulnerability reference:https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-16995. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_3_1","unstructured":"Airbus Commercial Aircraft. 2020. Forward integrity and confidentiality of logs - syslog-ng\/syslog-ng. https:\/\/github.com\/syslog-ng\/syslog-ng\/pull\/3121. Accessed on 08.17.2020.  Airbus Commercial Aircraft. 2020. Forward integrity and confidentiality of logs - syslog-ng\/syslog-ng. https:\/\/github.com\/syslog-ng\/syslog-ng\/pull\/3121. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_4_1","unstructured":"AT&T Cybersecurity. [n.d.]. PCI DSS log management & monitoring. https:\/\/cybersecurity.att.com\/solutions\/pci-dss-log-management-monitoring. Accessed on 08.17.2020.  AT&T Cybersecurity. [n.d.]. PCI DSS log management & monitoring. https:\/\/cybersecurity.att.com\/solutions\/pci-dss-log-management-monitoring. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_5_1","volume-title":"Proc. of the International Conference on Cryptology in India (INDOCRYPT).","author":"Aumasson Jean-Philippe","unstructured":"Jean-Philippe Aumasson and Daniel J. Bernstein . 2012. SipHash: a fast short-input PRF . In Proc. of the International Conference on Cryptology in India (INDOCRYPT). Jean-Philippe Aumasson and Daniel J. Bernstein. 2012. SipHash: a fast short-input PRF. In Proc. of the International Conference on Cryptology in India (INDOCRYPT)."},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38980-1_8"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052640"},{"key":"e_1_3_2_2_8_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Bates Adam","year":"2015","unstructured":"Adam Bates , Dave Tian , Kevin R.B. Butler , and Thomas Moyer . 2015 . Trustworthy Whole-System Provenance for the Linux Kernel . In Proc. of the USENIX Security Symposium (USENIX). Adam Bates, Dave Tian, Kevin R.B. Butler, and Thomas Moyer. 2015. Trustworthy Whole-System Provenance for the Linux Kernel. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_9_1","unstructured":"Greg Belding. [n.d.]. Ethical Hacking: Log Tampering 101. https:\/\/resources.infosecinstitute.com\/category\/certifications-training\/ethical-hacking\/covering-tracks\/log-tampering-101\/. Accessed on 08.17.2020.  Greg Belding. [n.d.]. Ethical Hacking: Log Tampering 101. https:\/\/resources.infosecinstitute.com\/category\/certifications-training\/ethical-hacking\/covering-tracks\/log-tampering-101\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36563-X_1"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808769.2808773"},{"key":"e_1_3_2_2_13_1","unstructured":"Tara Siegel Bernard Tiffany Hsu Nicole Perlroth and Ron Lieber. 2017. Equifax Says Cyberattack May Have Affected 143 Million in the U.S. https:\/\/www.nytimes.com\/2017\/09\/07\/business\/equifax-cyberattack.html  Tara Siegel Bernard Tiffany Hsu Nicole Perlroth and Ron Lieber. 2017. Equifax Says Cyberattack May Have Affected 143 Million in the U.S. https:\/\/www.nytimes.com\/2017\/09\/07\/business\/equifax-cyberattack.html"},{"key":"e_1_3_2_2_14_1","unstructured":"Chris Bing. 2017. Shadow Brokers' latest leak could have come from beyond NSA staging servers. https:\/\/www.cyberscoop.com\/shadow-brokers-nsa-microsoft-windows-exploits-2017\/. Accessed on 08.17.2020.  Chris Bing. 2017. Shadow Brokers' latest leak could have come from beyond NSA staging servers. https:\/\/www.cyberscoop.com\/shadow-brokers-nsa-microsoft-windows-exploits-2017\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_15_1","volume-title":"Checking for Race Conditions in File Accesses. Computing systems","author":"Bishop Matt","year":"1996","unstructured":"Matt Bishop and Michael Dilger . 1996. Checking for Race Conditions in File Accesses. Computing systems , Vol. 9 , 2 ( 1996 ), 131--152. Matt Bishop and Michael Dilger. 1996. Checking for Race Conditions in File Accesses. Computing systems, Vol. 9, 2 (1996), 131--152."},{"key":"e_1_3_2_2_16_1","unstructured":"BLAKE2. [n.d.]. BLAKE2 -- fast secure hashing. https:\/\/blake2.net\/. Accessed on 08.17.2020.  BLAKE2. [n.d.]. BLAKE2 -- fast secure hashing. https:\/\/blake2.net\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_17_1","unstructured":"BLAKE3. [n.d.]. BLAKE3: official implementations of the BLAKE3 cryptographic hash function. https:\/\/github.com\/BLAKE3-team\/BLAKE3\/. Accessed on 08.17.2020.  BLAKE3. [n.d.]. BLAKE3: official implementations of the BLAKE3 cryptographic hash function. https:\/\/github.com\/BLAKE3-team\/BLAKE3\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_3"},{"key":"e_1_3_2_2_19_1","first-page":"422","article-title":"Method and system of generating immutable audit logs","volume":"8","author":"Cornet Armando Ortiz","year":"2013","unstructured":"Armando Ortiz Cornet and Joan Miquel Bardera Bosch . 2013 . Method and system of generating immutable audit logs . US Patent 8 , 422 ,682. Armando Ortiz Cornet and Joan Miquel Bardera Bosch. 2013. Method and system of generating immutable audit logs. US Patent 8,422,682.","journal-title":"US Patent"},{"key":"e_1_3_2_2_20_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Scott","unstructured":"Scott A. Crosby and Dan S. Wallach. 2009. Efficient Data Structures For Tamper-Evident Logging . In Proc. of the USENIX Security Symposium (USENIX). Scott A. Crosby and Dan S. Wallach. 2009. Efficient Data Structures For Tamper-Evident Logging. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_21_1","unstructured":"dark laboratorys. [n.d.]. A better generation of logcleaners. https:\/\/web.archive.org\/web\/20070218231819\/http:\/\/darklab.org\/ jot\/logclean-ng\/logcleaner-ng_1.0_lib.html. Accessed on 08.17.2020.  dark laboratorys. [n.d.]. A better generation of logcleaners. https:\/\/web.archive.org\/web\/20070218231819\/http:\/\/darklab.org\/ jot\/logclean-ng\/logcleaner-ng_1.0_lib.html. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-13051-4_10"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2017.8167792"},{"key":"e_1_3_2_2_25_1","unstructured":"Jake Edge. [n.d.]. Forward secure sealing. https:\/\/lwn.net\/Articles\/512895\/. Accessed on 08.17.2020.  Jake Edge. [n.d.]. Forward secure sealing. https:\/\/lwn.net\/Articles\/512895\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_26_1","volume-title":"Official Journal of the European Union","author":"European Parliament and of the Council","year":"2016","unstructured":"European Parliament and of the Council . 2016. Regulation (EU) 2016\/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC ( General Data Protection Regulation). Official Journal of the European Union , Vol. L 119 ( 2016 ). European Parliament and of the Council. 2016. Regulation (EU) 2016\/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation). Official Journal of the European Union, Vol. L119 (2016)."},{"key":"e_1_3_2_2_27_1","unstructured":"Fiehn Lab. [n.d.]. blast 2.7.1. http:\/\/fiehnlab.ucdavis.edu\/staff\/kind\/collector\/benchmark\/blast-benchmark. Accessed on 08.17.2020.  Fiehn Lab. [n.d.]. blast 2.7.1. http:\/\/fiehnlab.ucdavis.edu\/staff\/kind\/collector\/benchmark\/blast-benchmark. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_28_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Gao Peng","year":"2018","unstructured":"Peng Gao , Xusheng Xiao , Ding Li , Zhichun Li , Kangkook Jee , Zhenyu Wu , Chung Hwan Kim , Sanjeev R. Kulkarni , and Prateek Mittal . 2018 a. SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection . In Proc. of the USENIX Security Symposium (USENIX). Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, and Prateek Mittal. 2018a. SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_29_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Gao Peng","year":"2018","unstructured":"Peng Gao , Xusheng Xiao , Zhichun Li , Fengyuan Xu , Sanjeev R Kulkarni , and Prateek Mittal . 2018 b. AIQL: Enabling Efficient Attack Investigation from System Monitoring Data . In Proc. of the USENIX Security Symposium (USENIX). Peng Gao, Xusheng Xiao, Zhichun Li, Fengyuan Xu, Sanjeev R Kulkarni, and Prateek Mittal. 2018b. AIQL: Enabling Efficient Attack Investigation from System Monitoring Data. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_30_1","volume-title":"Proc. of the Symposium on Network and Distributed System Security (NDSS).","author":"Garfinkel Tal","year":"2003","unstructured":"Tal Garfinkel . 2003 . Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools . In Proc. of the Symposium on Network and Distributed System Security (NDSS). Tal Garfinkel. 2003. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proc. of the Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_2_31_1","volume-title":"Proc. of the Symposium on Network and Distributed System Security (NDSS).","author":"Garfinkel Tal","year":"2004","unstructured":"Tal Garfinkel , Ben Pfaff , and Mendel Rosenblum . 2004 . Ostia: A Delegating Architecture for Secure System Call Interposition . In Proc. of the Symposium on Network and Distributed System Security (NDSS). Tal Garfinkel, Ben Pfaff, and Mendel Rosenblum. 2004. Ostia: A Delegating Architecture for Secure System Call Interposition. In Proc. of the Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"e_1_3_2_2_33_1","volume-title":"CISSP Guide to Security Essentials","author":"Gregory Peter H.","unstructured":"Peter H. Gregory . 2015. CISSP Guide to Security Essentials 2 nd ed.). Course Technology Press . Peter H. Gregory. 2015. CISSP Guide to Security Essentials 2nd ed.). Course Technology Press.","edition":"2"},{"key":"e_1_3_2_2_34_1","unstructured":"Roger A. Grimes. 2016. Why it's so hard to prosecute cyber criminals. https:\/\/www.csoonline.com\/article\/3147398\/why-its-so-hard-to-prosecute-cyber-criminals.html. Accessed on 08.17.2020.  Roger A. Grimes. 2016. Why it's so hard to prosecute cyber criminals. https:\/\/www.csoonline.com\/article\/3147398\/why-its-so-hard-to-prosecute-cyber-criminals.html. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.34"},{"key":"e_1_3_2_2_36_1","unstructured":"Steve Hales. [n.d.]. Last Door Log Wiper. https:\/\/packetstormsecurity.com\/files\/118922\/LastDoor.tar. Accessed on 08.17.2020.  Steve Hales. [n.d.]. Last Door Log Wiper. https:\/\/packetstormsecurity.com\/files\/118922\/LastDoor.tar. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"e_1_3_2_2_38_1","unstructured":"Kabot Haniradi. [n.d.]. mig-logcleaner-resurrected. https:\/\/github.com\/Kabot\/mig-logcleaner-resurrected. Accessed on 08.17.2020.  Kabot Haniradi. [n.d.]. mig-logcleaner-resurrected. https:\/\/github.com\/Kabot\/mig-logcleaner-resurrected. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70972-7_14"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68637-0_6"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"e_1_3_2_2_44_1","volume-title":"Proc. of the Australasian Information Security Workshop (AISW-NetSec).","author":"Holt Jason E.","year":"2006","unstructured":"Jason E. Holt . 2006 . Logcrypt: Forward Security and Public Verification for Secure Audit Logs . In Proc. of the Australasian Information Security Workshop (AISW-NetSec). Jason E. Holt. 2006. Logcrypt: Forward Security and Public Verification for Secure Audit Logs. In Proc. of the Australasian Information Security Workshop (AISW-NetSec)."},{"key":"e_1_3_2_2_45_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Hossain Md Nahid","unstructured":"Md Nahid Hossain , Sadegh M. Milajerdi , Junao Wang , Birhanu Eshete , Rigel Gjomemo , R. Sekar , Scott Stoller , and V.N. Venkatakrishnan . 2017. SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data . In Proc. of the USENIX Security Symposium (USENIX). Md Nahid Hossain, Sadegh M. Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott Stoller, and V.N. Venkatakrishnan. 2017. SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_46_1","unstructured":"Ryan Huber. 2016. Syscall Auditing at Scale--The Slack Engineering Blog. https:\/\/slack.engineering\/syscall-auditing-at-scale-e6a3ca8ac1b8. Accessed on 08.17.2020.  Ryan Huber. 2016. Syscall Auditing at Scale--The Slack Engineering Blog. https:\/\/slack.engineering\/syscall-auditing-at-scale-e6a3ca8ac1b8. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_47_1","unstructured":"IBM Knowledge Center. [n.d.]. Storage and analysis of audit logs. https:\/\/www.ibm.com\/support\/knowledgecenter\/en\/SSEPGG_11.1.0\/com.ibm.db2.luw.admin.sec.doc\/doc\/c0052328.html. Accessed on 08.17.2020.  IBM Knowledge Center. [n.d.]. Storage and analysis of audit logs. https:\/\/www.ibm.com\/support\/knowledgecenter\/en\/SSEPGG_11.1.0\/com.ibm.db2.luw.admin.sec.doc\/doc\/c0052328.html. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_48_1","volume-title":"Worldwide IT Operations Management Software Forecast","author":"IDC.","year":"2019","unstructured":"IDC. 2019. Worldwide IT Operations Management Software Forecast , 2019 --2023. https:\/\/www.idc.com\/getdoc.jsp?containerId=US44896118. Accessed on 08.17.2020. IDC. 2019. Worldwide IT Operations Management Software Forecast, 2019--2023. https:\/\/www.idc.com\/getdoc.jsp?containerId=US44896118. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_49_1","unstructured":"(ISC)2. [n.d.]. Cybersecurity Certification - CISSP Certified Information Systems Security Professional. https:\/\/www.isc2.org\/Certifications\/CISSP. Accessed on 08.17.2020.  (ISC)2. [n.d.]. Cybersecurity Certification - CISSP Certified Information Systems Security Professional. https:\/\/www.isc2.org\/Certifications\/CISSP. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_50_1","volume-title":"Prosecuting Computer Crimes. United States. Department of Justice. Office of Legal Education","author":"Jarrett Marshall","year":"2010","unstructured":"Marshall Jarrett , M Bailie , E Hagen , and E Etringham . 2010. Prosecuting Computer Crimes. United States. Department of Justice. Office of Legal Education ( 2010 ). Marshall Jarrett, M Bailie, E Hagen, and E Etringham. 2010. Prosecuting Computer Crimes. United States. Department of Justice. Office of Legal Education (2010)."},{"key":"e_1_3_2_2_51_1","volume-title":"Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations. United States. Department of Justice. Office of Legal Education","author":"Jarrett Marshall","year":"2009","unstructured":"Marshall Jarrett , M Bailie , E Hagen , and N Judish . 2009. Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations. United States. Department of Justice. Office of Legal Education ( 2009 ). Marshall Jarrett, M Bailie, E Hagen, and N Judish. 2009. Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations. United States. Department of Justice. Office of Legal Education (2009)."},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134045"},{"key":"e_1_3_2_2_53_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Ji Yang","year":"2018","unstructured":"Yang Ji , Sangho Lee , Mattia Fazzini , Joey Allen , Evan Downing , Taesoo Kim , Alessandro Orso , and Wenke Lee . 2018 . Enabling refinable cross-host attack investigation with efficient data flow tagging and tracking . In Proc. of the USENIX Security Symposium (USENIX). Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, and Wenke Lee. 2018. Enabling refinable cross-host attack investigation with efficient data flow tagging and tracking. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"crossref","unstructured":"Vishal Karande Erick Bauman Zhiqiang Lin and Latifur Khan. 2017. SGX-Log: Securing System Logs With SGX.  Vishal Karande Erick Bauman Zhiqiang Lin and Latifur Khan. 2017. SGX-Log: Securing System Logs With SGX.","DOI":"10.1145\/3052973.3053034"},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"crossref","unstructured":"Kent Karen and Souppaya Murugiah. 2006. NIST Special Publication 800--92 Guide to Computer Security Log Management.  Kent Karen and Souppaya Murugiah. 2006. NIST Special Publication 800--92 Guide to Computer Security Log Management.","DOI":"10.6028\/NIST.SP.800-92"},{"key":"e_1_3_2_2_56_1","volume-title":"Postmark: A new file system benchmark. Technical Report.","author":"Katcher Jeffrey","year":"1997","unstructured":"Jeffrey Katcher . 1997 . Postmark: A new file system benchmark. Technical Report. Jeffrey Katcher. 1997. Postmark: A new file system benchmark. Technical Report."},{"key":"e_1_3_2_2_57_1","volume-title":"Backtracking Intrusions. In Proc. of the ACM Symposium on Operating Systems Principles (SOSP).","author":"Samuel","unstructured":"Samuel T. King and Peter M. Chen. 2003 . Backtracking Intrusions. In Proc. of the ACM Symposium on Operating Systems Principles (SOSP). Samuel T. King and Peter M. Chen. 2003. Backtracking Intrusions. In Proc. of the ACM Symposium on Operating Systems Principles (SOSP)."},{"key":"e_1_3_2_2_58_1","unstructured":"Brendan I. Koerner. 2016. Inside the Cyberattack That Shocked the US Government. https:\/\/www.wired.com\/2016\/10\/inside-cyberattack-shocked-us-government\/. Accessed on 08.17.2020.  Brendan I. Koerner. 2016. Inside the Cyberattack That Shocked the US Government. https:\/\/www.wired.com\/2016\/10\/inside-cyberattack-shocked-us-government\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23306"},{"key":"e_1_3_2_2_60_1","unstructured":"Kyu Hyung Lee. [n.d.]. Ubsi. https:\/\/github.com\/kyuhlee\/UBSI. Accessed on 08.17.2020.  Kyu Hyung Lee. [n.d.]. Ubsi. https:\/\/github.com\/kyuhlee\/UBSI. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_61_1","volume-title":"Proc. of the Symposium on Network and Distributed System Security (NDSS).","author":"Lee Kyu Hyung","year":"2013","unstructured":"Kyu Hyung Lee , Xiangyu Zhang , and Dongyan Xu . 2013 . High Accuracy Attack Provenance via Binary-based Execution Partition . In Proc. of the Symposium on Network and Distributed System Security (NDSS). Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2013. High Accuracy Attack Provenance via Binary-based Execution Partition. In Proc. of the Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_2_62_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp , Michael Schwarz , Daniel Gruss , Thomas Prescher , Werner Haas , Anders Fogh , Jann Horn , Stefan Mangard , Paul Kocher , Daniel Genkin , Yuval Yarom , and Mike Hamburg . 2018 . Meltdown: Reading Kernel Memory from User Space . In Proc. of the USENIX Security Symposium (USENIX). Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363224"},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23254"},{"key":"e_1_3_2_2_65_1","article-title":"A New Approach to Secure Logging","volume":"5","author":"Ma Di","year":"2009","unstructured":"Di Ma and Gene Tsudik . 2009 . A New Approach to Secure Logging . ACM Transactions on Storage (TOS) , Vol. 5 , 1 (2009). Di Ma and Gene Tsudik. 2009. A New Approach to Secure Logging. ACM Transactions on Storage (TOS), Vol. 5, 1 (2009).","journal-title":"ACM Transactions on Storage (TOS)"},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818039"},{"key":"e_1_3_2_2_67_1","volume-title":"Proc. of the USENIX Annual Technical Conference (ATC).","author":"Ma Shiqing","year":"2018","unstructured":"Shiqing Ma , Juan Zhai , Yonghwi Kwon , Kyu Hyung Lee , Xiangyu Zhang , Gabriela Ciocarlie , Ashish Gehani , Vinod Yegneswaran , Dongyan Xu , and Somesh Jha . 2018 . Kernel-Supported Cost-Effective Audit Logging for Causality Tracking . In Proc. of the USENIX Annual Technical Conference (ATC). Shiqing Ma, Juan Zhai, Yonghwi Kwon, Kyu Hyung Lee, Xiangyu Zhang, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Dongyan Xu, and Somesh Jha. 2018. Kernel-Supported Cost-Effective Audit Logging for Causality Tracking. In Proc. of the USENIX Annual Technical Conference (ATC)."},{"key":"e_1_3_2_2_68_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Ma Shiqing","year":"2017","unstructured":"Shiqing Ma , Juan Zhai , Fei Wang , Kyu Hyung Lee , Xiangyu Zhang , and Dongyan Xu . 2017 . MPI: Multiple Perspective Attack Investigation with Semantics Aware Execution Partitioning . In Proc. of the USENIX Security Symposium (USENIX). Shiqing Ma, Juan Zhai, Fei Wang, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2017. MPI: Multiple Perspective Attack Investigation with Semantics Aware Execution Partitioning. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"e_1_3_2_2_70_1","unstructured":"Gregory Machler. [n.d.]. Protecting data with WORM drives. https:\/\/www.csoonline.com\/article\/2131925\/protecting-data-with-worm-drives.html. Accessed on 08.17.2020.  Gregory Machler. [n.d.]. Protecting data with WORM drives. https:\/\/www.csoonline.com\/article\/2131925\/protecting-data-with-worm-drives.html. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_71_1","unstructured":"maldevel. [n.d.]. ClearLogs. https:\/\/sourceforge.net\/projects\/clearlogs\/. Accessed on 08.17.2020.  maldevel. [n.d.]. ClearLogs. https:\/\/sourceforge.net\/projects\/clearlogs\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_72_1","unstructured":"Stephan Marwedel. 2020 a. Protecting log records at 35 000 feet - APNIC Blog. https:\/\/blog.apnic.net\/2020\/03\/27\/protecting-log-records-at-35000-feet\/. Accessed on 08.17.2020.  Stephan Marwedel. 2020 a. Protecting log records at 35 000 feet - APNIC Blog. https:\/\/blog.apnic.net\/2020\/03\/27\/protecting-log-records-at-35000-feet\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_73_1","unstructured":"Stephan Marwedel. 2020 b. Secure logging with syslog-ng. https:\/\/fosdem.org\/2020\/schedule\/event\/security_secure_logging_with_syslog_ng\/. Accessed on 08.17.2020.  Stephan Marwedel. 2020 b. Secure logging with syslog-ng. https:\/\/fosdem.org\/2020\/schedule\/event\/security_secure_logging_with_syslog_ng\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_74_1","unstructured":"Kayle Matthews. 2019. Incident Of The Week: Historic Capital One Hack Reaches 100 Million Customers Affected By Breach. https:\/\/www.cshub.com\/attacks\/articles\/incident-of-the-week-historic-capital-one-hack-reaches-100-million-customers-affected-by-breach  Kayle Matthews. 2019. Incident Of The Week: Historic Capital One Hack Reaches 100 Million Customers Affected By Breach. https:\/\/www.cshub.com\/attacks\/articles\/incident-of-the-week-historic-capital-one-hack-reaches-100-million-customers-affected-by-breach"},{"key":"e_1_3_2_2_75_1","unstructured":"Microsoft. [n.d.] a. ETW Framework Conceptual Tutorial. https:\/\/docs.microsoft.com\/en-us\/message-analyzer\/etw-framework-conceptual-tutorial. Accessed on 08.17.2020.  Microsoft. [n.d.] a. ETW Framework Conceptual Tutorial. https:\/\/docs.microsoft.com\/en-us\/message-analyzer\/etw-framework-conceptual-tutorial. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_76_1","unstructured":"Microsoft. [n.d.] b. Process Monitor v3.50. https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/procmon. Accessed on 08.17.2020.  Microsoft. [n.d.] b. Process Monitor v3.50. https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/procmon. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_77_1","volume-title":"Proc. of the IEEE Symposium on Security and Privacy (S&P).","author":"Milajerdi Sadegh","unstructured":"Sadegh Milajerdi , Rigel Gjomemo , Birhanu Eshete , Ramachandran Sekar , and V. N. Venkatakrishnan . 2019 b. HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows . In Proc. of the IEEE Symposium on Security and Privacy (S&P). Sadegh Milajerdi, Rigel Gjomemo, Birhanu Eshete, Ramachandran Sekar, and V. N. Venkatakrishnan. 2019 b. HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows. In Proc. of the IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_2_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"e_1_3_2_2_79_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Morris James","year":"2002","unstructured":"James Morris , Stephen Smalley , and Greg Kroah-Hartman . 2002 . Linux Security Modules: General Security Support for the Linux Kernel . In Proc. of the USENIX Security Symposium (USENIX). James Morris, Stephen Smalley, and Greg Kroah-Hartman. 2002. Linux Security Modules: General Security Support for the Linux Kernel. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_80_1","volume-title":"Proc. of the USENIX Annual Technical Conference (ATC).","author":"Muniswamy-Reddy Kiran-Kumar","year":"2006","unstructured":"Kiran-Kumar Muniswamy-Reddy , David A. Holland , Uri Braun , and Margo Seltzer . 2006 . Provenance-Aware Storage Systems . In Proc. of the USENIX Annual Technical Conference (ATC). Kiran-Kumar Muniswamy-Reddy, David A. Holland, Uri Braun, and Margo Seltzer. 2006. Provenance-Aware Storage Systems. In Proc. of the USENIX Annual Technical Conference (ATC)."},{"key":"e_1_3_2_2_81_1","unstructured":"National Institute of Standards and Technology. 2013. NIST Special Publication 800--53 (Rev. 4) Security Controls and Assessment Procedures for Federal Information Systems and Organizations.  National Institute of Standards and Technology. 2013. NIST Special Publication 800--53 (Rev. 4) Security Controls and Assessment Procedures for Federal Information Systems and Organizations."},{"key":"e_1_3_2_2_82_1","unstructured":"National Security Agency. 1999. Controlled Access Protection Profile Version 1.d. https:\/\/www.niap-ccevs.org\/Profile\/Info.cfm?PPID=14&id=14.  National Security Agency. 1999. Controlled Access Protection Profile Version 1.d. https:\/\/www.niap-ccevs.org\/Profile\/Info.cfm?PPID=14&id=14."},{"key":"e_1_3_2_2_83_1","unstructured":"NetApp. [n.d.]. SnapLock: WORM Compliance -- Data Compliance. https:\/\/www.netapp.com\/us\/products\/backup-recovery\/snaplock-compliance.aspx. Accessed on 08.17.2020.  NetApp. [n.d.]. SnapLock: WORM Compliance -- Data Compliance. https:\/\/www.netapp.com\/us\/products\/backup-recovery\/snaplock-compliance.aspx. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_84_1","unstructured":"NGINX Inc. [n.d.]. NGINX 1.10.3. https:\/\/www.nginx.com\/. Accessed on 08.17.2020.  NGINX Inc. [n.d.]. NGINX 1.10.3. https:\/\/www.nginx.com\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/CHASE.2016.48"},{"key":"e_1_3_2_2_86_1","unstructured":"OccupytheWeb. 2013. How to Cover Your Tracks & Leave No Trace Behind on the Target System. https:\/\/null-byte.wonderhowto.com\/how-to\/hack-like-pro-cover-your-tracks-leave-no-trace-behind-target-system-0148123\/. Accessed on 08.17.2020.  OccupytheWeb. 2013. How to Cover Your Tracks & Leave No Trace Behind on the Target System. https:\/\/null-byte.wonderhowto.com\/how-to\/hack-like-pro-cover-your-tracks-leave-no-trace-behind-target-system-0148123\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_87_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.14"},{"key":"e_1_3_2_2_88_1","doi-asserted-by":"crossref","unstructured":"p7zip. [n.d.]. p7zip 16.02. https:\/\/sourceforge.net\/projects\/p7zip\/. Accessed on 08.17.2020.  p7zip. [n.d.]. p7zip 16.02. https:\/\/sourceforge.net\/projects\/p7zip\/. Accessed on 08.17.2020.","DOI":"10.15520\/jbme.v8i02.2814"},{"key":"e_1_3_2_2_89_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24065"},{"key":"e_1_3_2_2_90_1","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"e_1_3_2_2_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243776"},{"key":"e_1_3_2_2_92_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991122"},{"key":"e_1_3_2_2_93_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"e_1_3_2_2_94_1","unstructured":"Red Hat Customer Portal. [n.d.]. System Auditing. https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/6\/html\/security_guide\/chap-system_auditing. Accessed on 08.17.2020.  Red Hat Customer Portal. [n.d.]. System Auditing. https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/6\/html\/security_guide\/chap-system_auditing. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_95_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24177-7_31"},{"key":"e_1_3_2_2_96_1","unstructured":"Rapid7. [n.d.]. Metasploit the world's most used penetration testing framework. https:\/\/www.metasploit.com\/. Accessed on 08.17.2020.  Rapid7. [n.d.]. Metasploit the world's most used penetration testing framework. https:\/\/www.metasploit.com\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_97_1","unstructured":"Redis Labs. [n.d.]. Redis 3.0.6. https:\/\/redis.io\/. Accessed on 08.17.2020.  Redis Labs. [n.d.]. Redis 3.0.6. https:\/\/redis.io\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_98_1","unstructured":"Michael Riley Ben Elgin Dune Lawrence and Carol Matlack. 2014. Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. https:\/\/www.bloomberg.com\/news\/articles\/2014-03--13\/target-missed-warnings-in-epic-hack-of-credit-card-data. Accessed on 08.17.2020.  Michael Riley Ben Elgin Dune Lawrence and Carol Matlack. 2014. Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. https:\/\/www.bloomberg.com\/news\/articles\/2014-03--13\/target-missed-warnings-in-epic-hack-of-credit-card-data. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_99_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Schneier Bruce","year":"1998","unstructured":"Bruce Schneier and John Kelsey . 1998 . Cryptographic Support for Secure Logs on Untrusted Machines . In Proc. of the USENIX Security Symposium (USENIX). Bruce Schneier and John Kelsey. 1998. Cryptographic Support for Secure Logs on Untrusted Machines. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/317087.317089"},{"key":"e_1_3_2_2_101_1","volume-title":"Proc. of the ACM Conference on Computer and Communications Security (CCS).","author":"Shen Yun","year":"2018","unstructured":"Yun Shen , Enrico Mariconti , Pierre Antoine Vervier , and Gianluca Stringhini . 2018 . Tiresias: Predicting Security Events Through Deep Learning: Template Based Efficient Data Reduction For Big-Data Causality Analysis . In Proc. of the ACM Conference on Computer and Communications Security (CCS). Yun Shen, Enrico Mariconti, Pierre Antoine Vervier, and Gianluca Stringhini. 2018. Tiresias: Predicting Security Events Through Deep Learning: Template Based Efficient Data Reduction For Big-Data Causality Analysis. In Proc. of the ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_2_102_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Shen Yun","year":"2019","unstructured":"Yun Shen and Gianluca Stringhini . 2019 . Attack2vec: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks . In Proc. of the USENIX Security Symposium (USENIX). Yun Shen and Gianluca Stringhini. 2019. Attack2vec: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_103_1","volume-title":"Proc. of the International Conference on Information Security Theory and Practice (WISTP).","author":"Shepherd Carlton","year":"2017","unstructured":"Carlton Shepherd , Raja Naeem Akram , and Konstantinos Markantonakis . 2017 . EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs . In Proc. of the International Conference on Information Security Theory and Practice (WISTP). Carlton Shepherd, Raja Naeem Akram, and Konstantinos Markantonakis. 2017. EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs. In Proc. of the International Conference on Information Security Theory and Practice (WISTP)."},{"key":"e_1_3_2_2_104_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08593-7_2"},{"key":"e_1_3_2_2_105_1","unstructured":"Splunk Inc. [n.d.]. Splunk. https:\/\/www.splunk.com. Accessed on 08.17.2020.  Splunk Inc. [n.d.]. Splunk. https:\/\/www.splunk.com. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_106_1","volume-title":"Splunk Ranked No. 1 in IDC Worldwide SIEM Market Share","author":"Splunk Inc. 2018.","year":"2018","unstructured":"Splunk Inc. 2018. Splunk Ranked No. 1 in IDC Worldwide SIEM Market Share 2018 . https:\/\/www.splunk.com\/en_us\/form\/splunk-ranked-no1-in-idc-worldwide-siem-market-share-2018.html. Accessed on 08.17.2020. Splunk Inc. 2018. Splunk Ranked No. 1 in IDC Worldwide SIEM Market Share 2018. https:\/\/www.splunk.com\/en_us\/form\/splunk-ranked-no1-in-idc-worldwide-siem-market-share-2018.html. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_107_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Sundararaman Swaminathan","year":"2008","unstructured":"Swaminathan Sundararaman , Gopalan Sivathanu , and Erez Zadok . 2008 . Selective Versioning in a Secure Disk System . In Proc. of the USENIX Security Symposium (USENIX). Swaminathan Sundararaman, Gopalan Sivathanu, and Erez Zadok. 2008. Selective Versioning in a Secure Disk System. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_108_1","unstructured":"SUSE Linux AG. 2004. Linux Audit-Subsystem Design Documentation for Linux Kernel 2.6 v0.1. http:\/\/uniforum.chi.il.us\/slides\/HardeningLinux\/LAuS-Design.pdf.  SUSE Linux AG. 2004. Linux Audit-Subsystem Design Documentation for Linux Kernel 2.6 v0.1. http:\/\/uniforum.chi.il.us\/slides\/HardeningLinux\/LAuS-Design.pdf."},{"key":"e_1_3_2_2_109_1","unstructured":"Sysdig. [n.d.]. Sysdig -- Open Source System Capturing. https:\/\/sysdig.com\/opensource\/inspect\/. Accessed on 08.17.2020.  Sysdig. [n.d.]. Sysdig -- Open Source System Capturing. https:\/\/sysdig.com\/opensource\/inspect\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_110_1","unstructured":"syslog-ng. [n.d.]. Log Management Solutions. https:\/\/www.syslog-ng.com\/. Accessed on 08.17.2020.  syslog-ng. [n.d.]. Log Management Solutions. https:\/\/www.syslog-ng.com\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_111_1","unstructured":"The Apache Software Foundation. [n.d.]. httpd 2.4.18. https:\/\/httpd.apache.org\/. Accessed on 08.17.2020.  The Apache Software Foundation. [n.d.]. httpd 2.4.18. https:\/\/httpd.apache.org\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_112_1","unstructured":"The MITRE Corporation. [n.d.]. CAPEC-268: Audit Log Manipulation. https:\/\/capec.mitre.org\/data\/definitions\/268.html. Accessed on 08.17.2020.  The MITRE Corporation. [n.d.]. CAPEC-268: Audit Log Manipulation. https:\/\/capec.mitre.org\/data\/definitions\/268.html. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_113_1","unstructured":"The OpenSSL Project. [n.d.]. OpenSSL 1.1.1. https:\/\/www.openssl.org\/. Accessed on 08.17.2020.  The OpenSSL Project. [n.d.]. OpenSSL 1.1.1. https:\/\/www.openssl.org\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_114_1","unstructured":"Tripwire. [n.d.]. Log Management. https:\/\/www.tripwire.com\/solutions\/log-management\/. Accessed on 08.17.2020.  Tripwire. [n.d.]. Log Management. https:\/\/www.tripwire.com\/solutions\/log-management\/. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_115_1","first-page":"17","article-title":"Global Incident Response Threat Report - The Ominous Rise of \u201cIsland Hopping","volume":"08","author":"Black Mware Carbon","year":"2019","unstructured":"V Mware Carbon Black . 2019 . Global Incident Response Threat Report - The Ominous Rise of \u201cIsland Hopping \u201d & Counter Incident Response Continues. Technical Report. Accessed on 08 . 17 .2020. VMware Carbon Black. 2019. Global Incident Response Threat Report - The Ominous Rise of \u201cIsland Hopping\u201d & Counter Incident Response Continues. Technical Report. Accessed on 08.17.2020.","journal-title":"& Counter Incident Response Continues. Technical Report. Accessed on"},{"key":"e_1_3_2_2_116_1","volume-title":"Janus: an Approach for Confinement of Untrusted Applications. Master's thesis","author":"Wagner David A.","unstructured":"David A. Wagner . 1999. Janus: an Approach for Confinement of Untrusted Applications. Master's thesis . University of California , Berkeley. David A. Wagner. 1999. Janus: an Approach for Confinement of Untrusted Applications. Master's thesis. University of California, Berkeley."},{"key":"e_1_3_2_2_117_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"e_1_3_2_2_118_1","unstructured":"Jan Wassenberg and Jyrki Alakuijala. [n.d.]. HighwayHash. https:\/\/github.com\/google\/highwayhash. Accessed on 08.17.2020.  Jan Wassenberg and Jyrki Alakuijala. [n.d.]. HighwayHash. https:\/\/github.com\/google\/highwayhash. Accessed on 08.17.2020."},{"key":"e_1_3_2_2_119_1","doi-asserted-by":"publisher","DOI":"10.5555\/1323276.1323278"},{"key":"e_1_3_2_2_120_1","doi-asserted-by":"crossref","unstructured":"Runqing Yang Shiqing Ma Haitao Xu Xiangyu Zhang and Yan Chen. 2020. UIScope: Accurate Instrumentation-free and Visible Attack Investigation for GUI Applications. (2020).  Runqing Yang Shiqing Ma Haitao Xu Xiangyu Zhang and Yan Chen. 2020. UIScope: Accurate Instrumentation-free and Visible Attack Investigation for GUI Applications. (2020).","DOI":"10.14722\/ndss.2020.24329"},{"key":"e_1_3_2_2_121_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Yang Zhaomo","year":"2017","unstructured":"Zhaomo Yang , Brian Johannesmeyer , Anders Trier Olesen , Sorin Lerner , and Kirill Levchenko . 2017 . Dead Store Elimination (Still) Considered Harmful . In Proc. of the USENIX Security Symposium (USENIX). Zhaomo Yang, Brian Johannesmeyer, Anders Trier Olesen, Sorin Lerner, and Kirill Levchenko. 2017. Dead Store Elimination (Still) Considered Harmful. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_2_122_1","volume-title":"Proc. of the Annual Computer Security Applications Conference (ACSAC).","author":"Attila","unstructured":"Attila A. Yavuz and Peng Ning. 2009. BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed Systems . In Proc. of the Annual Computer Security Applications Conference (ACSAC). Attila A. Yavuz and Peng Ning. 2009. BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed Systems. In Proc. of the Annual Computer Security Applications Conference (ACSAC)."},{"key":"e_1_3_2_2_123_1","volume-title":"Proc. of the International Conference on Financial Cryptography and Data Security (FC).","author":"Yavuz Attila A.","unstructured":"Attila A. Yavuz , Peng Ning , and Michael K. Reiter . 2012. Efficient, Compromise Resilient and Append-only Cryptographic Schemes for Secure Audit Logging . In Proc. of the International Conference on Financial Cryptography and Data Security (FC). Attila A. Yavuz, Peng Ning, and Michael K. Reiter. 2012. Efficient, Compromise Resilient and Append-only Cryptographic Schemes for Secure Audit Logging. In Proc. of the International Conference on Financial Cryptography and Data Security (FC)."},{"key":"e_1_3_2_2_124_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523670"},{"key":"e_1_3_2_2_125_1","unstructured":"Kim Zetter. 2015. Health Insurer Anthem Is Hacked Exposing Millions of Patients' Data. https:\/\/www.wired.com\/2015\/02\/breach-health-insurer-exposes-sensitive-data-millions-patients\/. Accessed on 08.17.2020.  Kim Zetter. 2015. Health Insurer Anthem Is Hacked Exposing Millions of Patients' Data. https:\/\/www.wired.com\/2015\/02\/breach-health-insurer-exposes-sensitive-data-millions-patients\/. Accessed on 08.17.2020."}],"event":{"name":"CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event USA","acronym":"CCS '20","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372297.3417862","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3372297.3417862","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3372297.3417862","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:31Z","timestamp":1750197691000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372297.3417862"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,30]]},"references-count":124,"alternative-id":["10.1145\/3372297.3417862","10.1145\/3372297"],"URL":"https:\/\/doi.org\/10.1145\/3372297.3417862","relation":{},"subject":[],"published":{"date-parts":[[2020,10,30]]},"assertion":[{"value":"2020-11-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}