{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:01:06Z","timestamp":1773511266609,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":95,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,13]],"date-time":"2022-11-13T00:00:00Z","timestamp":1668297600000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1750024,CNS-2055127"],"award-info":[{"award-number":["CNS-1750024,CNS-2055127"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484551","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"3337-3351","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks"],"prefix":"10.1145","author":[{"given":"Carter","family":"Yagemann","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Mohammad A.","family":"Noureddine","sequence":"additional","affiliation":[{"name":"Rose-Hulman Institute of Technology, Terre Haute, IN, USA"}]},{"given":"Wajih Ul","family":"Hassan","sequence":"additional","affiliation":[{"name":"University of Illinois Urbana-Champaign, Urbana, IL, USA"}]},{"given":"Simon","family":"Chung","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Adam","family":"Bates","sequence":"additional","affiliation":[{"name":"University of Illinois Urbana-Champaign, Urbana, IL, USA"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Control-flow Integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security.","author":"Abadi Mart'in","year":"2005","unstructured":"Mart'in Abadi, Mihai Budiu, \u00dalfar Erlingsson, and Jay Ligatti. 2005. Control-flow Integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_2_1","volume-title":"Let SDN Be Your Eyes: Secure Forensics in Data Center Networks. In NDSS Workshop on Security of Emerging Networking Technologies (SENT'14 ).","author":"Bates Adam","year":"2014","unstructured":"Adam Bates, Kevin Butler, Andreas Haeberlen, Micah Sherr, and Wenchao Zhou. 2014. Let SDN Be Your Eyes: Secure Forensics in Data Center Networks. In NDSS Workshop on Security of Emerging Networking Technologies (SENT'14 )."},{"key":"e_1_3_2_1_3_1","volume-title":"7th Workshop on the Theory and Practice of Provenance","author":"Bates Adam","year":"2015","unstructured":"Adam Bates, Kevin R. B. Butler, and Thomas Moyer. 2015a. Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs. In 7th Workshop on the Theory and Practice of Provenance (Edinburgh, Scotland) (TaPP'15)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052640"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831164"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062180"},{"key":"e_1_3_2_1_7_1","unstructured":"Mihir Bellare and Bennet Yee. 1997. Forward integrity for secure audit logs. Technical Report. Computer Science and Engineering Department University of California at San Diego."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/PADSW.2018.8645035"},{"key":"e_1_3_2_1_9_1","volume-title":"Hacking Blind. In Proceedings of the 35th IEEE Symposium on Security and Privacy.","author":"Bittau Andrea","year":"2014","unstructured":"Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazi\u00e8res, and Dan Boneh. 2014. Hacking Blind. In Proceedings of the 35th IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVCG.2013.234"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVCG.2013.155"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.23"},{"key":"e_1_3_2_1_14_1","volume-title":"ACCESSPROV: Tracking the Provenance of Access Control Decisions. In 9th USENIX Workshop on the Theory and Practice of Provenance (TaPP","author":"Capobianco Frank","year":"2017","unstructured":"Frank Capobianco, Christian Skalka, and Trent Jaeger. 2017. ACCESSPROV: Tracking the Provenance of Access Control Decisions. In 9th USENIX Workshop on the Theory and Practice of Provenance (TaPP 2017)."},{"key":"e_1_3_2_1_15_1","unstructured":"Carbon Black. 2018. Global Incident Response Threat Report. https:\/\/www.carbonblack.com\/global-incident-response-threat-report\/november-2018\/. Last accessed 04--20--2019."},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the 24th USENIX Security Symposium.","author":"Carlini Nicholas","unstructured":"Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross. 2015. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity. In Proceedings of the 24th USENIX Security Symposium."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1376616.1376715"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064212"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2834050.2834111"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2934872.2934910"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3035918.3035926"},{"key":"e_1_3_2_1_23_1","unstructured":"Catalin Cimpanu. [n.d.]. Hackers are increasingly destroying logs to hide attacks. https:\/\/www.zdnet.com\/article\/hackers-are-increasingly-destroying-logs-to-hide-attacks\/. Last accessed 04--20--2019."},{"key":"e_1_3_2_1_24_1","volume-title":"In Proceedings of the 18th USENIX Security Symposium.","author":"Scott","unstructured":"Scott A. Crosby and Dan S. Wallach. 2009. Efficient data structures for tamper-evident logging. In In Proceedings of the 18th USENIX Security Symposium."},{"key":"e_1_3_2_1_25_1","volume-title":"11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14)","author":"Devecsery David","year":"2014","unstructured":"David Devecsery, Michael Chow, Xianzheng Dou, Jason Flinn, and Peter M Chen. 2014. Eidetic systems. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). 525--540."},{"key":"e_1_3_2_1_26_1","unstructured":"Apache Software Foundation. [n.d.]. Apache HTTP server benchmarking tool. https:\/\/httpd.apache.org\/docs\/2.4\/programs\/ab.html."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3037697.3037716"},{"key":"e_1_3_2_1_28_1","volume-title":"Steps Toward Managing Lineage Metadata in Grid Clusters. In 1st Workshop on the Theory and Practice of Provenance","author":"Gehani Ashish","year":"2009","unstructured":"Ashish Gehani, Minyoung Kim, and Jian Zhang. 2009. Steps Toward Managing Lineage Metadata in Grid Clusters. In 1st Workshop on the Theory and Practice of Provenance (San Francisco, CA) (TaPP'09)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23271"},{"key":"e_1_3_2_1_31_1","unstructured":"Steve Hales. [n.d.]. Last Door Log Wiper. https:\/\/packetstormsecurity.com\/files\/118922\/LastDoor.tar. Last accessed 04--20--2019."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68637-0_6"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"e_1_3_2_1_34_1","volume-title":"Tactical Provenance Analysis for Endpoint Detection and Response Systems. In 41st IEEE Symposium on Security and Privacy (SP) (Oakland'20)","author":"Hassan Wajih Ul","year":"2020","unstructured":"Wajih Ul Hassan, Adam Bates, and Daniel Marino. 2020 a. Tactical Provenance Analysis for Endpoint Detection and Response Systems. In 41st IEEE Symposium on Security and Privacy (SP) (Oakland'20)."},{"key":"e_1_3_2_1_35_1","volume-title":"NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage. In 26th ISOC Network and Distributed System Security Symposium (NDSS'19)","author":"Hassan Wajih Ul","year":"2019","unstructured":"Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, and Adam Bates. 2019. NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage. In 26th ISOC Network and Distributed System Security Symposium (NDSS'19)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"e_1_3_2_1_37_1","volume-title":"Proc. of the Australasian Information Security Workshop (AISW-NetSec).","author":"Holt Jason E.","year":"2006","unstructured":"Jason E. Holt. 2006. Logcrypt: Forward Security and Public Verification for Secure Audit Logs. In Proc. of the Australasian Information Security Workshop (AISW-NetSec)."},{"key":"e_1_3_2_1_38_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Hossain Md Nahid","unstructured":"Md Nahid Hossain, Sadegh M. Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott Stoller, and V.N. Venkatakrishnan. 2017. SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 487--504. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/hossain"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243797"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.62"},{"key":"e_1_3_2_1_41_1","unstructured":"IBM Knowledge Center. [n.d.]. Storage and analysis of audit logs. https:\/\/www.ibm.com\/support\/knowledgecenter\/en\/SSEPGG_11.1.0\/com.ibm.db2.luw.admin.sec.doc\/doc\/c0052328.html. Last accessed 04--20--2019."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134045"},{"key":"e_1_3_2_1_43_1","unstructured":"JustLinux Forums. [n.d.]. server hacked!! \/var\/log deleted. how can i trace hacker!?! http:\/\/forums.justlinux.com\/showthread.php?123851-server-hacked-var-log-deleted-how-can-i-trace-hacker. Last accessed 04--20--2019."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053034"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Kent Karen and Souppaya Murugiah. 2006. NIST Special Publication 800--92 Guide to Computer Security Log Management.","DOI":"10.6028\/NIST.SP.800-92"},{"key":"e_1_3_2_1_46_1","volume-title":"Intrusion Recovery Using Selective Re-execution","author":"Kim Taesoo","year":"1924","unstructured":"Taesoo Kim, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. 2010. Intrusion Recovery Using Selective Re-execution. In OSDI. USENIX Association. http:\/\/dl.acm.org\/citation.cfm?id=1924943.1924950"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2872362.2872395"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23306"},{"key":"e_1_3_2_1_50_1","volume-title":"Proceedings of NDSS '13","author":"Lee Kyu Hyung","year":"2013","unstructured":"Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2013a. High Accuracy Attack Provenance via Binary-based Execution Partition. In Proceedings of NDSS '13 (San Diego, CA)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23254"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23173"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813694"},{"key":"e_1_3_2_1_55_1","article-title":"A new approach to secure logging","volume":"5","author":"Ma Di","year":"2009","unstructured":"Di Ma and Gene Tsudik. 2009. A new approach to secure logging. ACM Transactions on Storage (TOS), Vol. 5, 1 (2009).","journal-title":"ACM Transactions on Storage (TOS)"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818039"},{"key":"e_1_3_2_1_57_1","volume-title":"Kernel-Supported Cost-Effective Audit Logging for Causality Tracking. In 2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Ma Shiqing","year":"2018","unstructured":"Shiqing Ma, Juan Zhai, Yonghwi Kwon, Kyu Hyung Lee, Xiangyu Zhang, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Dongyan Xu, and Somesh Jha. 2018. Kernel-Supported Cost-Effective Audit Logging for Causality Tracking. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, 241--254. https:\/\/www.usenix.org\/conference\/atc18\/presentation\/ma-shiqing"},{"key":"e_1_3_2_1_58_1","volume-title":"MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning. In 26th USENIX Security Symposium.","author":"Ma Shiqing","year":"2017","unstructured":"Shiqing Ma, Juan Zhai, Fei Wang, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2017. MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning. In 26th USENIX Security Symposium."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542504"},{"key":"e_1_3_2_1_62_1","unstructured":"National Institute of Standards and Technology. 2013. NIST Special Publication 800--53 (Rev. 4) Security Controls and Assessment Procedures for Federal Information Systems and Organizations."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594295"},{"key":"e_1_3_2_1_64_1","volume-title":"2017 USENIX Annual Technical Conference (USENIX ATC 17)","author":"O'Callahan Robert","year":"2017","unstructured":"Robert O'Callahan, Chris Jones, Nathan Froyd, Kyle Huey, Albert Noll, and Nimrod Partush. 2017. Engineering record and replay for deployability. In 2017 USENIX Annual Technical Conference (USENIX ATC 17). 377--389."},{"key":"e_1_3_2_1_65_1","unstructured":"OccupytheWeb. 2013. How to Cover Your Tracks & Leave No Trace Behind on the Target System. https:\/\/tinyurl.com\/yygqte9p. Last accessed 04--20--2019."},{"key":"e_1_3_2_1_66_1","volume-title":"Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution. In 27th ISOC Network and Distributed System Security Symposium (NDSS'20)","author":"Paccagnella Riccardo","year":"2020","unstructured":"Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher W. Fletcher, Andrew Miller, and Dave Tian. 2020 a. Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution. In 27th ISOC Network and Distributed System Security Symposium (NDSS'20)."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417862"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2012.6297930"},{"key":"e_1_3_2_1_69_1","unstructured":"PaX Team. 2003. PaX Address Space Layout Randomization (ASLR). http:\/\/pax.grsecurity.net\/docs\/aslr.txt."},{"key":"e_1_3_2_1_70_1","volume-title":"Proceedings of the 2012 Annual Computer Security Applications Conference (ACSAC '12)","author":"Pohly D.J.","unstructured":"D.J. Pohly, S. McLaughlin, P. McDaniel, and K. Butler. 2012. Hi-Fi: Collecting High-Fidelity Whole-System Provenance. In Proceedings of the 2012 Annual Computer Security Applications Conference (ACSAC '12). Orlando, FL, USA."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24177-7_31"},{"key":"e_1_3_2_1_72_1","unstructured":"Rapid7. [n.d.]. Metasploit the world's most used penetration testing framework. https:\/\/www.metasploit.com\/. Last accessed 04--20--2019."},{"key":"e_1_3_2_1_73_1","volume-title":"Proc. of the USENIX Security Symposium (USENIX).","author":"Schneier Bruce","year":"1998","unstructured":"Bruce Schneier and John Kelsey. 1998. Cryptographic Support for Secure Logs on Untrusted Machines.. In Proc. of the USENIX Security Symposium (USENIX)."},{"key":"e_1_3_2_1_74_1","volume-title":"Secure audit logs to support computer forensics. ACM Transactions on Information and System Security (TISSEC)","author":"Schneier Bruce","year":"1999","unstructured":"Bruce Schneier and John Kelsey. 1999. Secure audit logs to support computer forensics. ACM Transactions on Information and System Security (TISSEC) (1999)."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_1_76_1","unstructured":"Yan Shoshitaishvili Ruoyu (Fish) Wang Andrew Dutcher Christophe Hauser John Grosen Chris Salls Nick Stephens Nilo Redini Christopher Kruegel and Giovanni Vigna. 2017. angr a binary analysis framework. http:\/\/angr.io\/."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"},{"key":"e_1_3_2_1_79_1","volume-title":"Towards Automated Collection of Application-Level Data Provenance. In 4th USENIX Workshop on the Theory and Practice of Provenance. USENIX","author":"Tariq Dawood","year":"2012","unstructured":"Dawood Tariq, Maisem Ali, and Ashish Gehani. 2012. Towards Automated Collection of Application-Level Data Provenance. In 4th USENIX Workshop on the Theory and Practice of Provenance. USENIX, Boston, MA. https:\/\/www.usenix.org\/conference\/tapp12\/workshop-program\/presentation\/Tariq"},{"key":"e_1_3_2_1_80_1","unstructured":"The MITRE Corporation. 2017. CAPEC-81: Web Logs Tampering. https:\/\/capec.mitre.org\/data\/definitions\/81.html. Last accessed 04--20--2019."},{"key":"e_1_3_2_1_81_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium.","author":"Tice Caroline","year":"2014","unstructured":"Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, \u00dalfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing Forward-edge Control-flow Integrity in GCC & LLVM. In Proceedings of the 23rd USENIX Security Symposium."},{"key":"e_1_3_2_1_82_1","unstructured":"Valgrind Developers. 2017. Valgrind. http:\/\/www.valgrind.org\/."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.60"},{"key":"e_1_3_2_1_84_1","volume-title":"Proceedings of the 25th ISOC Network and Distributed System Security Symposium (NDSS'18)","author":"Wang Qi","year":"2017","unstructured":"Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. 2017. Fear and Logging in the Internet of Things. In Proceedings of the 25th ISOC Network and Distributed System Security Symposium (NDSS'18)."},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"e_1_3_2_1_86_1","volume-title":"Proceedings of the 21st ACM International Conference on Information and Knowledge Management","author":"Xie Yulai","unstructured":"Yulai Xie, Dan Feng, Zhipeng Tan, Lei Chen, Kiran-Kumar Muniswamy-Reddy, Yan Li, and Darrell D.E. Long. 2012. A Hybrid Approach for Efficient Provenance Storage. In Proceedings of the 21st ACM International Conference on Information and Knowledge Management (Maui, Hawaii, USA) (CIKM '12)."},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501986"},{"key":"e_1_3_2_1_88_1","volume-title":"CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Xu Xiaoyang","year":"2019","unstructured":"Xiaoyang Xu, Masoud Ghaffarinia, Wenhao Wang, Kevin W. Hamlen, and Zhiqiang Lin. 2019. CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1805--1821. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/xu-xiaoyang"},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-30215-3_17"},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.28"},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32946-3_12"},{"key":"e_1_3_2_1_93_1","volume-title":"Proceedings of the 34th IEEE Symposium on Security and Privacy.","author":"Zhang Chao","year":"2013","unstructured":"Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical Control Flow Integrity and Randomization for Binary Executables. In Proceedings of the 34th IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_94_1","volume-title":"Proceedings of the 22nd USENIX Security Symposium.","author":"Zhang Mingwei","unstructured":"Mingwei Zhang and R. Sekar. 2013. Control Flow Integrity for COTS Binaries. In Proceedings of the 22nd USENIX Security Symposium."},{"key":"e_1_3_2_1_95_1","volume-title":"Secure Network Provenance. In ACM Symposium on Operating Systems Principles (SOSP).","author":"Zhou Wenchao","year":"2011","unstructured":"Wenchao Zhou, Qiong Fei, Arjun Narayan, Andreas Haeberlen, Boon Thau Loo, and Micah Sherr. 2011. Secure Network Provenance. In ACM Symposium on Operating Systems Principles (SOSP)."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484551","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484551","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484551","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:53:30Z","timestamp":1763499210000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484551"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":95,"alternative-id":["10.1145\/3460120.3484551","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484551","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}