{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,12]],"date-time":"2026-07-12T03:37:36Z","timestamp":1783827456702,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":92,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,10,15]],"date-time":"2018-10-15T00:00:00Z","timestamp":1539561600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Engineering and Physical Sciences Research Council","award":["EP\/K011510"],"award-info":[{"award-number":["EP\/K011510"]}]},{"name":"National Science Foundation2","award":["CNS-1750024"],"award-info":[{"award-number":["CNS-1750024"]}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["SSI-1450277"],"award-info":[{"award-number":["SSI-1450277"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Science Foundation3","award":["CNS-1657534"],"award-info":[{"award-number":["CNS-1657534"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,10,15]]},"DOI":"10.1145\/3243734.3243776","type":"proceedings-article","created":{"date-parts":[[2018,10,16]],"date-time":"2018-10-16T17:38:33Z","timestamp":1539711513000},"page":"1601-1616","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":71,"title":["Runtime Analysis of Whole-System Provenance"],"prefix":"10.1145","author":[{"given":"Thomas","family":"Pasquier","sequence":"first","affiliation":[{"name":"University of Bristol, Bristol, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xueyuan","family":"Han","sequence":"additional","affiliation":[{"name":"Harvard University, Cambridge, MA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Thomas","family":"Moyer","sequence":"additional","affiliation":[{"name":"University of North Carolina at Charlotte, Charlotte, NC, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Adam","family":"Bates","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Champaign, IL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Olivier","family":"Hermant","sequence":"additional","affiliation":[{"name":"MINES ParisTech PSL Research University, Paris, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"David","family":"Eyers","sequence":"additional","affiliation":[{"name":"University of Otago, Dunedin, New Zealand"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jean","family":"Bacon","sequence":"additional","affiliation":[{"name":"University of Cambridge, Cambridge, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Margo","family":"Seltzer","sequence":"additional","affiliation":[{"name":"University of British Columbia, Vancouver, BC, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2018,10,15]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Information Accountability supported by a Provenance-based Compliance Framework. (December","author":"Aldeco-Perez Rocio","year":"2009","unstructured":"Rocio Aldeco-Perez and Luc Moreau . 2009. Information Accountability supported by a Provenance-based Compliance Framework. (December . 2009 ). http:\/\/eprints.soton.ac.uk\/268305\/ Event Dates : Monday 7th -- Wednesday 9th December 2009. Rocio Aldeco-Perez and Luc Moreau. 2009. Information Accountability supported by a Provenance-based Compliance Framework. (December. 2009). http:\/\/eprints.soton.ac.uk\/268305\/ Event Dates: Monday 7th -- Wednesday 9th December 2009."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-17819-1_18"},{"key":"e_1_3_2_2_4_1","volume-title":"Computer Security Technology Planning Study","author":"Anderson James P","unstructured":"James P Anderson . 1972. Computer Security Technology Planning Study . Volume 2 . Technical Report. Anderson (James P) and Co Fort Washington PA. James P Anderson. 1972. Computer Security Technology Planning Study. Volume 2. Technical Report. Anderson (James P) and Co Fort Washington PA."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3124680.3124745"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/332051.332079"},{"key":"e_1_3_2_2_7_1","volume-title":"Workshop on Theory and Practice of Provenance (TaPP'15)","author":"Bates Adam","year":"2015","unstructured":"Adam Bates , KR Butler , and Thomas Moyer . 2015 a. Take only what you need: leveraging mandatory access control policy to reduce provenance storage costs . In Workshop on Theory and Practice of Provenance (TaPP'15) . USENIX, 7--7. Adam Bates, KR Butler, and Thomas Moyer. 2015 a. Take only what you need: leveraging mandatory access control policy to reduce provenance storage costs. In Workshop on Theory and Practice of Provenance (TaPP'15). USENIX, 7--7."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435389"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435389"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062180"},{"key":"e_1_3_2_2_11_1","volume-title":"Kevin RB Butler, and Thomas Moyer","author":"Bates Adam M","year":"2015","unstructured":"Adam M Bates , Dave Tian , Kevin RB Butler, and Thomas Moyer . 2015 . Trustworthy Whole-System Provenance for the Linux Kernel USENIX Security . 319--334. Adam M Bates, Dave Tian, Kevin RB Butler, and Thomas Moyer. 2015. Trustworthy Whole-System Provenance for the Linux Kernel USENIX Security. 319--334."},{"key":"e_1_3_2_2_13_1","volume-title":"Using dynamic time warping to find patterns in time series KDD workshop","author":"Berndt Donald J","unstructured":"Donald J Berndt and James Clifford . 1994. Using dynamic time warping to find patterns in time series KDD workshop , Vol. Vol. 10 . Seattle , WA , 359--370. Donald J Berndt and James Clifford. 1994. Using dynamic time warping to find patterns in time series KDD workshop, Vol. Vol. 10. Seattle, WA, 359--370."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/11890850_18"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1989.36295"},{"key":"e_1_3_2_2_16_1","volume-title":"Expressiveness Benchmarking for System-Level Provenance Workshop on the Theory and Practice of Provenance (TaPP'17)","author":"Chan Sheung Chi","year":"2017","unstructured":"Sheung Chi Chan , Ashish Gehani , James Cheney , Ripduman Sohan , and Hassaan Irshad . 2017 . Expressiveness Benchmarking for System-Level Provenance Workshop on the Theory and Practice of Provenance (TaPP'17) . USENIX. Sheung Chi Chan, Ashish Gehani, James Cheney, Ripduman Sohan, and Hassaan Irshad. 2017. Expressiveness Benchmarking for System-Level Provenance Workshop on the Theory and Practice of Provenance (TaPP'17). USENIX."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1541880.1541882"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2006.158"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2812803"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586141"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/800070.802190"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_2_23_1","volume-title":"Sadegh Momeni, R Sekar, Scott Stoller, VN Venkatakrishnan, and Junao Wang.","author":"Eshete Birhanu","year":"2016","unstructured":"Birhanu Eshete , Rigel Gjomemo , Md Nahid Hossain , Sadegh Momeni, R Sekar, Scott Stoller, VN Venkatakrishnan, and Junao Wang. 2016 . Attack Analysis Results for Adversarial Engagement 1 of the DARPA Transparent Computing Program . arXiv preprint arXiv:1610.06936 (2016). Birhanu Eshete, Rigel Gjomemo, Md Nahid Hossain, Sadegh Momeni, R Sekar, Scott Stoller, VN Venkatakrishnan, and Junao Wang. 2016. Attack Analysis Results for Adversarial Engagement 1 of the DARPA Transparent Computing Program. arXiv preprint arXiv:1610.06936 (2016)."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102164"},{"key":"e_1_3_2_2_25_1","volume-title":"SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection Proceedings of the 27th USENIX Security Symposium (Security'18)","author":"Gao Peng","year":"2018","unstructured":"Peng Gao , Xusheng Xiao , Din Li , Zhichun Li , Kangkook Jee , Zhenyu Wu , Chung Whan Kim , Sanjeev R. Kulkarni , and Prateek Mittal . 2018 . SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection Proceedings of the 27th USENIX Security Symposium (Security'18) . Baltimore, MD, USA. Peng Gao, Xusheng Xiao, Din Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Whan Kim, Sanjeev R. Kulkarni, and Prateek Mittal. 2018. SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection Proceedings of the 27th USENIX Security Symposium (Security'18). Baltimore, MD, USA."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"crossref","unstructured":"Ashish Gehani and Dawood Tariq. 2012. SPADE: support for provenance auditing in distributed environments International Middleware Conference. ACM\/IFIP\/USENIX 101--120.   Ashish Gehani and Dawood Tariq. 2012. SPADE: support for provenance auditing in distributed environments International Middleware Conference. ACM\/IFIP\/USENIX 101--120.","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"e_1_3_2_2_27_1","volume-title":"Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory. In International Conference on Software Engineering and Formal Methods. Springer, 1--16","author":"Georget Laurent","year":"2017","unstructured":"Laurent Georget , Mathieu Jaume , Guillaume Piolle , Fr\u00e9d\u00e9ric Tronel , and Val\u00e9rie Viet Triem Tong . 2017 . Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory. In International Conference on Software Engineering and Formal Methods. Springer, 1--16 . Laurent Georget, Mathieu Jaume, Guillaume Piolle, Fr\u00e9d\u00e9ric Tronel, and Val\u00e9rie Viet Triem Tong. 2017. Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory. In International Conference on Software Engineering and Formal Methods. Springer, 1--16."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/3101290.3101295"},{"issue":"5","key":"e_1_3_2_2_29_1","first-page":"5","article-title":"CVE-2016--6663","volume":"5","author":"Golunski Dawid","year":"2016","unstructured":"Dawid Golunski . 2016 . CVE-2016--6663 : MySQL \/ MariaDB \/ PerconaDB 5 . 5 .x\/ 5 .6.x\/5.7.x - 'mysql' System User Privilege Escalation \/ Race Condition. https:\/\/www.exploit-db.com\/exploits\/40678\/ Dawid Golunski. 2016. CVE-2016--6663: MySQL \/ MariaDB \/ PerconaDB 5.5.x\/5.6.x\/5.7.x - 'mysql' System User Privilege Escalation \/ Race Condition. https:\/\/www.exploit-db.com\/exploits\/40678\/","journal-title":"MySQL \/ MariaDB \/ PerconaDB"},{"issue":"5","key":"e_1_3_2_2_30_1","first-page":"5","article-title":"CVE-2016--6664","volume":"5","author":"Golunski Dawid","year":"2016","unstructured":"Dawid Golunski . 2016 . CVE-2016--6664 : MySQL \/ MariaDB \/ PerconaDB 5 . 5 .x\/ 5 .6.x\/5.7.x - 'root' System User Privilege Escalation. https:\/\/www.exploit-db.com\/exploits\/40679\/ Dawid Golunski. 2016. CVE-2016--6664: MySQL \/ MariaDB \/ PerconaDB 5.5.x\/5.6.x\/5.7.x - 'root' System User Privilege Escalation. https:\/\/www.exploit-db.com\/exploits\/40679\/","journal-title":"MySQL \/ MariaDB \/ PerconaDB"},{"key":"e_1_3_2_2_31_1","unstructured":"Dawid Golunski. 2016 c. CVE-2016--9566: Nagios < 4.2.4 - Privilege Escalation. https:\/\/www.exploit-db.com\/exploits\/40921\/  Dawid Golunski. 2016 c. CVE-2016--9566: Nagios < 4.2.4 - Privilege Escalation. https:\/\/www.exploit-db.com\/exploits\/40921\/"},{"key":"e_1_3_2_2_32_1","volume-title":"GraphX: Graph Processing in a Distributed Dataflow Framework Conference on Operating Systems Design and Implementation (OSDI'14)","author":"Gonzalez Joseph E","unstructured":"Joseph E Gonzalez , Reynold S Xin , Ankur Dave , Daniel Crankshaw , Michael J Franklin , and Ion Stoica . 2014. GraphX: Graph Processing in a Distributed Dataflow Framework Conference on Operating Systems Design and Implementation (OSDI'14) , Vol. Vol. 14 . 599--613. Joseph E Gonzalez, Reynold S Xin, Ankur Dave, Daniel Crankshaw, Michael J Franklin, and Ion Stoica. 2014. GraphX: Graph Processing in a Distributed Dataflow Framework Conference on Operating Systems Design and Implementation (OSDI'14), Vol. Vol. 14. 599--613."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368332"},{"key":"e_1_3_2_2_34_1","volume-title":"eCryptfs: An enterprise-class encrypted filesystem for Linux Proceedings of the 2005 Linux Symposium","author":"Halcrow Michael Austin","unstructured":"Michael Austin Halcrow . 2005. eCryptfs: An enterprise-class encrypted filesystem for Linux Proceedings of the 2005 Linux Symposium , Vol. Vol. 1 . 201--218. Michael Austin Halcrow. 2005. eCryptfs: An enterprise-class encrypted filesystem for Linux Proceedings of the 2005 Linux Symposium, Vol. Vol. 1. 201--218."},{"key":"e_1_3_2_2_35_1","unstructured":"Xueyuan Han Thomas Pasquier Tanvi Ranjan Mark Goldstein and Margo Seltzer. 2017. FRAPpuccino: Fault-detection through Runtime Analysis of Provenance Workshop on Hot Topics in Cloud Computing (HotCloud '17). USENIX.   Xueyuan Han Thomas Pasquier Tanvi Ranjan Mark Goldstein and Margo Seltzer. 2017. FRAPpuccino: Fault-detection through Runtime Analysis of Provenance Workshop on Hot Topics in Cloud Computing (HotCloud '17). USENIX."},{"key":"e_1_3_2_2_36_1","volume-title":"Provenance-based Intrusion Detection: Opportunities and Challenges Workshop on Theory and Practice of Provenance (TaPP'18)","author":"Han Xueyuan","year":"2018","unstructured":"Xueyuan Han , Thomas Pasquier , and Margo Seltzer . 2018 . Provenance-based Intrusion Detection: Opportunities and Challenges Workshop on Theory and Practice of Provenance (TaPP'18) . ACM. Xueyuan Han, Thomas Pasquier, and Margo Seltzer. 2018. Provenance-based Intrusion Detection: Opportunities and Challenges Workshop on Theory and Practice of Provenance (TaPP'18). ACM."},{"key":"e_1_3_2_2_37_1","volume-title":"The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance Conference on File and Storage Technologies (FAST 09)","author":"Hasan Ragib","year":"2009","unstructured":"Ragib Hasan , Radu Sion , and Marianne Winslett . 2009 . The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance Conference on File and Storage Technologies (FAST 09) . USENIX. Ragib Hasan, Radu Sion, and Marianne Winslett. 2009. The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance Conference on File and Storage Technologies (FAST 09). USENIX."},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"e_1_3_2_2_39_1","volume-title":"Outlier detection using replicator neural networks International Conference on Data Warehousing and Knowledge Discovery","author":"Hawkins Simon","unstructured":"Simon Hawkins , Hongxing He , Graham Williams , and Rohan Baxter . 2002. Outlier detection using replicator neural networks International Conference on Data Warehousing and Knowledge Discovery . Springer , 170--180. Simon Hawkins, Hongxing He, Graham Williams, and Rohan Baxter. 2002. Outlier detection using replicator neural networks International Conference on Data Warehousing and Knowledge Discovery. Springer, 170--180."},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2010.86"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2016.2526063"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.14778\/2850583.2850595"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/996943.996944"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2006.69"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1165389.945467"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSR.2011.6026885"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1323293.1294293"},{"key":"e_1_3_2_2_48_1","unstructured":"George Kurtz. 2010. Operation Aurora Hit Google Others. Available at http:\/\/securityinnovator.com\/index.php?articleID=42948\u00a7ionID=25  George Kurtz. 2010. Operation Aurora Hit Google Others. Available at http:\/\/securityinnovator.com\/index.php?articleID=42948\u00a7ionID=25"},{"key":"e_1_3_2_2_49_1","volume-title":"et almbox","author":"Kyrola Aapo","year":"2012","unstructured":"Aapo Kyrola , Guy E Blelloch , Carlos Guestrin , et almbox .. 2012 . GraphChi: Large- Scale Graph Computation on Just a PC Conference on Operating Systems Design and Implementation (OSDI '12), Vol. Vol. 12 . 31--46. Aapo Kyrola, Guy E Blelloch, Carlos Guestrin, et almbox.. 2012. GraphChi: Large-Scale Graph Computation on Just a PC Conference on Operating Systems Design and Implementation (OSDI'12), Vol. Vol. 12. 31--46."},{"key":"e_1_3_2_2_50_1","unstructured":"Michael Larabel and Matthew Tippett. {n. d.}. Phoronix test suite. http:\/\/www. phoronix-test-suite. com  Michael Larabel and Matthew Tippett. {n. d.}. Phoronix test suite. http:\/\/www. phoronix-test-suite. com"},{"key":"e_1_3_2_2_51_1","volume-title":"2013 a. High Accuracy Attack Provenance via Binary-based Execution Partition Proceedings of NDSS '13","author":"Lee Kyu Hyung","unstructured":"Kyu Hyung Lee , Xiangyu Zhang , and Dongyan Xu . 2013 a. High Accuracy Attack Provenance via Binary-based Execution Partition Proceedings of NDSS '13 . Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2013 a. High Accuracy Attack Provenance via Binary-based Execution Partition Proceedings of NDSS '13."},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"e_1_3_2_2_53_1","volume-title":"Towards a Timely Causality Analysisfor Enterprise Security Proceedings of the 25th ISOC Network and Distributed System Security Symposium (NDSS'18)","author":"Liu Yushan","unstructured":"Yushan Liu , Mu Zhang , Ding Li , Kangkook Jee , Zhichun Li , Zhenyu Wu , Junghwan Rhee , and Prateek Mittal . 2018. Towards a Timely Causality Analysisfor Enterprise Security Proceedings of the 25th ISOC Network and Distributed System Security Symposium (NDSS'18) . San Diego, CA, USA . Yushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee, and Prateek Mittal. 2018. Towards a Timely Causality Analysisfor Enterprise Security Proceedings of the 25th ISOC Network and Distributed System Security Symposium (NDSS'18). San Diego, CA, USA."},{"key":"e_1_3_2_2_54_1","volume-title":"Trusted Computing and Provenance: Better Together. In Workshop on Theory and Practice of Provenance (TaPP'10)","author":"Lyle John","year":"2010","unstructured":"John Lyle , Andrew P Martin , 2010 . Trusted Computing and Provenance: Better Together. In Workshop on Theory and Practice of Provenance (TaPP'10) . USENIX. John Lyle, Andrew P Martin, et almbox.. 2010. Trusted Computing and Provenance: Better Together. In Workshop on Theory and Practice of Provenance (TaPP'10). USENIX."},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818039"},{"key":"e_1_3_2_2_56_1","volume-title":"MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning. In USENIX Security Symposium.","author":"Ma Shiqing","year":"2017","unstructured":"Shiqing Ma , Juan Zhai , Fei Wang , Kyu Hyung Lee , Xiangyu Zhang , and Dongyan Xu . 2017 . MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning. In USENIX Security Symposium. Shiqing Ma, Juan Zhai, Fei Wang, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu. 2017. MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning. In USENIX Security Symposium."},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815400.2815415"},{"key":"e_1_3_2_2_59_1","volume-title":"USENIX Annual Technical Conference (ATC'96)","author":"McVoy Larry W","year":"1996","unstructured":"Larry W McVoy , Carl Staelin , 1996 . lmbench: Portable Tools for Performance Analysis . In USENIX Annual Technical Conference (ATC'96) . 279--294. Larry W McVoy, Carl Staelin, et almbox.. 1996. lmbench: Portable Tools for Performance Analysis. In USENIX Annual Technical Conference (ATC'96). 279--294."},{"key":"e_1_3_2_2_60_1","volume-title":"A provenance-based policy control framework for cloud services. (May","author":"Moreau Luc","year":"2014","unstructured":"Luc Moreau and Mufajjul Ali . 2014. A provenance-based policy control framework for cloud services. (May . 2014 ). http:\/\/eprints.soton.ac.uk\/364997\/ Luc Moreau and Mufajjul Ali. 2014. A provenance-based policy control framework for cloud services. (May. 2014). http:\/\/eprints.soton.ac.uk\/364997\/"},{"key":"e_1_3_2_2_61_1","unstructured":"James Morris Stephen Smalley and Greg Kroah-Hartman. 2002. Linux security modules: General security support for the Linux kernel USENIX Security Symposium.  James Morris Stephen Smalley and Greg Kroah-Hartman. 2002. Linux security modules: General security support for the Linux kernel USENIX Security Symposium."},{"key":"e_1_3_2_2_62_1","volume-title":"High-throughput ingest of data provenance records into Accumulo High Performance Extreme Computing Conference (HPEC'16)","author":"Moyer Thomas","unstructured":"Thomas Moyer and Vijay Gadepally . 2016. High-throughput ingest of data provenance records into Accumulo High Performance Extreme Computing Conference (HPEC'16) . IEEE , 1--6. Thomas Moyer and Vijay Gadepally. 2016. High-throughput ingest of data provenance records into Accumulo High Performance Extreme Computing Conference (HPEC'16). IEEE, 1--6."},{"key":"e_1_3_2_2_63_1","volume-title":"Layering in Provenance Systems. In USENIX Annual Technical Conference (ATC'09)","author":"Muniswamy-Reddy Kiran-Kumar","year":"2009","unstructured":"Kiran-Kumar Muniswamy-Reddy , Uri Braun , David A Holland , Peter Macko , Diana L MacLean , Daniel W Margo , Margo I Seltzer , and Robin Smogor . 2009 . Layering in Provenance Systems. In USENIX Annual Technical Conference (ATC'09) . Kiran-Kumar Muniswamy-Reddy, Uri Braun, David A Holland, Peter Macko, Diana L MacLean, Daniel W Margo, Margo I Seltzer, and Robin Smogor. 2009. Layering in Provenance Systems. In USENIX Annual Technical Conference (ATC'09)."},{"key":"e_1_3_2_2_64_1","volume-title":"USENIX Annual Technical Conference (ATC'06)","author":"Muniswamy-Reddy Kiran-Kumar","year":"2006","unstructured":"Kiran-Kumar Muniswamy-Reddy , David A Holland , Uri Braun , and Margo I Seltzer . 2006 . Provenance-aware storage systems . In USENIX Annual Technical Conference (ATC'06) . 43--56. Kiran-Kumar Muniswamy-Reddy, David A Holland, Uri Braun, and Margo I Seltzer. 2006. Provenance-aware storage systems. In USENIX Annual Technical Conference (ATC'06). 43--56."},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813639"},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"e_1_3_2_2_67_1","volume-title":"USENIX Security Symposium. 1119--1136","author":"Nadkarni Adwait","year":"2016","unstructured":"Adwait Nadkarni , Benjamin Andow , William Enck , and Somesh Jha . 2016 . Practical DIFC enforcement on Android . In USENIX Security Symposium. 1119--1136 . Adwait Nadkarni, Benjamin Andow, William Enck, and Somesh Jha. 2016. Practical DIFC enforcement on Android. In USENIX Security Symposium. 1119--1136."},{"key":"e_1_3_2_2_68_1","volume-title":"A provenance-based access control model for dynamic separation of duties International Conference on Privacy, Security and Trust (PST'13)","author":"Nguyen Dang","unstructured":"Dang Nguyen , Jaehong Park , and Ravi Sandhu . 2013. A provenance-based access control model for dynamic separation of duties International Conference on Privacy, Security and Trust (PST'13) . IEEE , 247--256. Dang Nguyen, Jaehong Park, and Ravi Sandhu. 2013. A provenance-based access control model for dynamic separation of duties International Conference on Privacy, Security and Trust (PST'13). IEEE, 247--256."},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2012.6297930"},{"key":"e_1_3_2_2_70_1","volume-title":"Information Flow Audit for Transparency and Compliance in the Handling of Personal Data. In Workshop on Legal and Technical Issues in Cloud Computing and the Internet of Things (CLAW'16)","author":"Pasquier Thomas","year":"2016","unstructured":"Thomas Pasquier and David Eyers . 2016 . Information Flow Audit for Transparency and Compliance in the Handling of Personal Data. In Workshop on Legal and Technical Issues in Cloud Computing and the Internet of Things (CLAW'16) . IEEE. Thomas Pasquier and David Eyers. 2016. Information Flow Audit for Transparency and Compliance in the Handling of Personal Data. In Workshop on Legal and Technical Issues in Cloud Computing and the Internet of Things (CLAW'16). IEEE."},{"key":"e_1_3_2_2_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129249"},{"key":"e_1_3_2_2_72_1","volume-title":"CamFlow: Managed Data-Sharing for Cloud Services","author":"Pasquier Thomas","year":"2015","unstructured":"Thomas Pasquier , Jatinder Singh , David Eyers , and Jean Bacon . 2015. CamFlow: Managed Data-Sharing for Cloud Services . IEEE Transactions on Cloud Computing ( 2015 ). Thomas Pasquier, Jatinder Singh, David Eyers, and Jean Bacon. 2015. CamFlow: Managed Data-Sharing for Cloud Services. IEEE Transactions on Cloud Computing (2015)."},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00779-017-1067-4"},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420989"},{"key":"e_1_3_2_2_75_1","volume-title":"A Mission-Impact-Based Approach to INFOSEC Alarm Correlation International Symposium on Recent Advances in Intrusion Detection","author":"Porras Phillip A.","unstructured":"Phillip A. Porras , Martin W. Fong , and Alfonso Valdes . 2002. A Mission-Impact-Based Approach to INFOSEC Alarm Correlation International Symposium on Recent Advances in Intrusion Detection . Springer , 95--114. Phillip A. Porras, Martin W. Fong, and Alfonso Valdes. 2002. A Mission-Impact-Based Approach to INFOSEC Alarm Correlation International Symposium on Recent Advances in Intrusion Detection. Springer, 95--114."},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098061"},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542484"},{"key":"e_1_3_2_2_78_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-05302-8_10"},{"key":"e_1_3_2_2_79_1","volume-title":"Design and Implementation of a TCG-based Integrity Measurement Architecture USENIX Security Symposium","author":"Sailer Reiner","unstructured":"Reiner Sailer , Xiaolan Zhang , Trent Jaeger , and Leendert Van Doorn . 2004. Design and Implementation of a TCG-based Integrity Measurement Architecture USENIX Security Symposium , Vol. Vol. 13 . 223--238. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert Van Doorn. 2004. Design and Implementation of a TCG-based Integrity Measurement Architecture USENIX Security Symposium, Vol. Vol. 13. 223--238."},{"key":"e_1_3_2_2_80_1","first-page":"139","article-title":"Implementing SELinux as a Linux security module","volume":"1","author":"Smalley Stephen","year":"2001","unstructured":"Stephen Smalley , Chris Vance , and Wayne Salamon . 2001 . Implementing SELinux as a Linux security module . NAI Labs Report Vol. 1 , 43 (2001), 139 . Stephen Smalley, Chris Vance, and Wayne Salamon. 2001. Implementing SELinux as a Linux security module. NAI Labs Report Vol. 1, 43 (2001), 139.","journal-title":"NAI Labs Report"},{"key":"e_1_3_2_2_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818011"},{"key":"e_1_3_2_2_82_1","volume-title":"Towards Automated Collection of Application-Level Data Provenance. Workshop on Theory and Practice of Provenance (TaPP'12)","author":"Tariq Dawood","year":"2012","unstructured":"Dawood Tariq , Maisem Ali , and Ashish Gehani . 2012 . Towards Automated Collection of Application-Level Data Provenance. Workshop on Theory and Practice of Provenance (TaPP'12) . Dawood Tariq, Maisem Ali, and Ashish Gehani. 2012. Towards Automated Collection of Application-Level Data Provenance. Workshop on Theory and Practice of Provenance (TaPP'12)."},{"key":"e_1_3_2_2_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.21"},{"key":"e_1_3_2_2_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/3152701.3152705"},{"key":"e_1_3_2_2_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501986"},{"key":"e_1_3_2_2_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629587"},{"key":"e_1_3_2_2_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523670"},{"key":"e_1_3_2_2_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/2110356.2110360"},{"key":"e_1_3_2_2_89_1","volume-title":"Resilient Distributed Datasets: A Fault-tolerant Abstraction for In-memory Cluster Computing. In Conference on Networked Systems Design and Implementation (NSDI'12)","author":"Zaharia Matei","year":"2012","unstructured":"Matei Zaharia , Mosharaf Chowdhury , Tathagata Das , Ankur Dave , Justin Ma , Murphy McCauley , Michael J. Franklin , Scott Shenker , and Ion Stoica . 2012 . Resilient Distributed Datasets: A Fault-tolerant Abstraction for In-memory Cluster Computing. In Conference on Networked Systems Design and Implementation (NSDI'12) . USENIX. Matei Zaharia, Mosharaf Chowdhury, Tathagata Das, Ankur Dave, Justin Ma, Murphy McCauley, Michael J. Franklin, Scott Shenker, and Ion Stoica. 2012. Resilient Distributed Datasets: A Fault-tolerant Abstraction for In-memory Cluster Computing. In Conference on Networked Systems Design and Implementation (NSDI'12). USENIX."},{"key":"e_1_3_2_2_90_1","doi-asserted-by":"publisher","DOI":"10.5555\/1298455.1298481"},{"key":"e_1_3_2_2_91_1","volume-title":"Using CQUAL for Static Analysis of Authorization Hook Placement Proceedings of the 11th USENIX Security Symposium.","author":"Zhang Xiaolan","year":"2002","unstructured":"Xiaolan Zhang , Antony Edwards , and Trent Jaeger . 2002 . Using CQUAL for Static Analysis of Authorization Hook Placement Proceedings of the 11th USENIX Security Symposium. Xiaolan Zhang, Antony Edwards, and Trent Jaeger. 2002. Using CQUAL for Static Analysis of Authorization Hook Placement Proceedings of the 11th USENIX Security Symposium."},{"key":"e_1_3_2_2_92_1","volume-title":"Non-Intrusive Performance Profiling for Entire Software Stacks Based on the Flow Reconstruction Principle. In Symposium on Operating Systems Design and Implementation (OSDI'16)","author":"Zhao Xu","year":"2016","unstructured":"Xu Zhao , Kirk Rodrigues , Yu Luo , Ding Yuan , and Michael Stumm . 2016 . Non-Intrusive Performance Profiling for Entire Software Stacks Based on the Flow Reconstruction Principle. In Symposium on Operating Systems Design and Implementation (OSDI'16) . USENIX, 603--618. Xu Zhao, Kirk Rodrigues, Yu Luo, Ding Yuan, and Michael Stumm. 2016. Non-Intrusive Performance Profiling for Entire Software Stacks Based on the Flow Reconstruction Principle. In Symposium on Operating Systems Design and Implementation (OSDI'16). USENIX, 603--618."},{"key":"e_1_3_2_2_93_1","volume-title":"Lprof: A Non-intrusive Request Flow Profiler for Distributed Systems Conference on Operating Systems Design and Implementation (OSDI'14)","author":"Zhao Xu","year":"2014","unstructured":"Xu Zhao , Yongle Zhang , David Lion , Muhammad Faizan Ullah , Yu Luo , Ding Yuan , and Michael Stumm . 2014 . Lprof: A Non-intrusive Request Flow Profiler for Distributed Systems Conference on Operating Systems Design and Implementation (OSDI'14) . USENIX, Berkeley, CA, USA, 629--644. Xu Zhao, Yongle Zhang, David Lion, Muhammad Faizan Ullah, Yu Luo, Ding Yuan, and Michael Stumm. 2014. Lprof: A Non-intrusive Request Flow Profiler for Distributed Systems Conference on Operating Systems Design and Implementation (OSDI'14). USENIX, Berkeley, CA, USA, 629--644."},{"key":"e_1_3_2_2_94_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043584"}],"event":{"name":"CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security","location":"Toronto Canada","acronym":"CCS '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243776","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243776","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243776","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:08:18Z","timestamp":1750212498000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243776"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,10,15]]},"references-count":92,"alternative-id":["10.1145\/3243734.3243776","10.1145\/3243734"],"URL":"https:\/\/doi.org\/10.1145\/3243734.3243776","relation":{},"subject":[],"published":{"date-parts":[[2018,10,15]]},"assertion":[{"value":"2018-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}