research-article

Public Access

LDX: Causality Inference by Lightweight Dual Execution

Authors:

William Nick Sumner,

Brendan Saltaformaggio,

Dongyan XuAuthors Info & Claims

ACM SIGARCH Computer Architecture News, Volume 44, Issue 2

Pages 503 - 515

https://doi.org/10.1145/2980024.2872395

Published: 25 March 2016 Publication History

Abstract

Causality inference, such as dynamic taint anslysis, has many applications (e.g., information leak detection). It determines whether an event e is causally dependent on a preceding event c during execution. We develop a new causality inference engine LDX. Given an execution, it spawns a slave execution, in which it mutates c and observes whether any change is induced at e. To preclude non-determinism, LDX couples the executions by sharing syscall outcomes. To handle path differences induced by the perturbation, we develop a novel on-the-fly execution alignment scheme that maintains a counter to reflect the progress of execution. The scheme relies on program analysis and compiler transformation. LDX can effectively detect information leak and security attacks with an average overhead of 6.08% while running the master and the slave concurrently on separate CPUs, much lower than existing systems that require instruction level monitoring. Furthermore, it has much better accuracy in causality inference.

References

[1]

Lightweight dual-execution engine project website. https://sites.google.com/site/ldxprj.

[2]

M. Attariyan and J. Flinn. Automating configuration troubleshooting with dynamic information flow analysis. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI'10, pages 1--11, Berkeley, CA, USA, 2010. USENIX Association. URL http://dl.acm.org/citation.cfm?id=1924943.1924960.

Digital Library

[3]

T. H. Austin and C. Flanagan. Multiple facets for dynamic information flow. In POPL, 2012.

Digital Library

[4]

G. K. Baah, A. Podgurski, and M. J. Harrold. Causal inference for statistical fault localization. In Proceedings of the 19th International Symposium on Software Testing and Analysis, ISSTA '10, pages 73--84, New York, NY, USA, 2010. ACM. ISBN 978--1--60558--823-0. 10.1145/1831708.1831717. URL http://doi.acm.org/10.1145/1831708.1831717.

Digital Library

[5]

M. Backes, B. Kopf, and A. Rybalchenko. Automatic discovery and quantification of information leaks. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP '09, pages 141--153, Washington, DC, USA, 2009. IEEE Computer Society. ISBN 978-0--7695--3633-0. 10.1109/SP.2009.18. URL http://dx.doi.org/10.1109/SP.2009.18.

Digital Library

[6]

Z. Bai, G. Shu, and A. Podgurski. Numfl: Localizing faults in numerical software using a value-based causal model. In Software Testing, Verification and Validation (ICST), 2015 IEEE 8th International Conference on, pages 1--10, April 2015. 10.1109/ICST.2015.7102597.

[7]

T. Bao, Y. Zheng, Z. Lin, X. Zhang, and D. Xu. Strict control dependence and its effect on dynamic information flow analyses. In Proceedings of the 19th International Symposium on Software Testing and Analysis, ISSTA '10, pages 13--24, New York, NY, USA, 2010. ACM. ISBN 978--1--60558--823-0. 10.1145/1831708.1831711. URL http://doi.acm.org/10.1145/1831708.1831711.

Digital Library

[8]

E. D. Berger and B. G. Zorn. Diehard: Probabilistic memory safety for unsafe languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '06, pages 158--168, New York, NY, USA, 2006. ACM. ISBN 1--59593--320--4. 10.1145/1133981.1134000. URL http://doi.acm.org/10.1145/1133981.1134000.

Digital Library

[9]

K. P. Birman. Replication and fault-tolerance in the isis system. SIGOPS Oper. Syst. Rev., 19 (5): 79--86, Dec. 1985. ISSN 0163--5980. 10.1145/323627.323636. URL http://doi.acm.org/10.1145/323627.323636.

Digital Library

[10]

D. Black, C. Low, and S. K. Shrivastava. The voltan application programming environment for fail-silent processes. Distributed Systems Engineering, 5 (2): 66--77, 1998.

[11]

E. Bosman, A. Slowinska, and H. Bos. Minemu: The world's fastest taint tracker. In Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, RAID'11, pages 1--20, Berlin, Heidelberg, 2011. Springer-Verlag. ISBN 978--3--642--23643--3. 10.1007/978--3--642--23644-0_1. URL http://dx.doi.org/10.1007/978--3--642--23644-0_1.

Digital Library

[12]

D. Bruschi, L. Cavallaro, and A. Lanzi. Diversified process replicæ for defeating memory error exploits. Performance, Computing, and Communications Conference, 2002. 21st IEEE International, 0: 434--441, 2007. ISSN 1097--2641. http://doi.ieeecomputersociety.org/10.1109/PCCC.2007.358924.

[13]

R. Capizzi, A. Longo, V. N. Venkatakrishnan, and A. P. Sistla. Preventing information leaks through shadow executions. In ACSAC, 2008.

Digital Library

[14]

M. Castro, R. Rodrigues, and B. Liskov. Base: Using abstraction to improve fault tolerance. ACM Trans. Comput. Syst., 21 (3): 236--269, Aug. 2003. ISSN 0734--2071. 10.1145/859716.859718. URL http://doi.acm.org/10.1145/859716.859718.

Digital Library

[15]

R. Chandra, T. Kim, M. Shah, N. Narula, and N. Zeldovich. Intrusion recovery for database-backed web applications. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP '11, 2011.

Digital Library

[16]

H. Chen, T. Kim, X. Wang, N. Zeldovich, and M. F. Kaashoek. Identifying information disclosure in web applications with retroactive auditing. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14), pages 555--569, Broomfield, CO, Oct. 2014. USENIX Association. ISBN 978--1--931971--16--4. URL https://www.usenix.org/conference/osdi14/technical-sessions/presentation/chen_haogang.

Digital Library

[17]

L. Chen and A. Avizienis. N-version programminc: A fault-tolerance approach to rellablllty of software operatlon. In Fault-Tolerant Computing, 1995, Highlights from Twenty-Five Years., Twenty-Fifth International Symposium on, pages 113--, Jun 1995. 10.1109/FTCSH.1995.532621.

[18]

P. Cheng. From covariation to causation: A causal power theory. Psychological Review, 104, pages 367--405, 1997.

[19]

M. Chereque, D. Powell, P. Reynier, J.-L. Richier, and J. Voiron. Active replication in delta-4. In Fault-Tolerant Computing, 1992. FTCS-22. Digest of Papers., Twenty-Second International Symposium on, pages 28--37, July 1992. 10.1109/FTCS.1992.243618.

[20]

B.-G. Chun, P. Maniatis, and S. Shenker. Diverse replication for single-machine byzantine-fault tolerance. In USENIX 2008 Annual Technical Conference on Annual Technical Conference, ATC'08, pages 287--292, Berkeley, CA, USA, 2008. USENIX Association. URL http://dl.acm.org/citation.cfm?id=1404014.1404038.

Digital Library

[21]

J. Clause, W. Li, and A. Orso. Dytan: A generic dynamic taint analysis framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis, ISSTA '07, pages 196--206, New York, NY, USA, 2007. ACM. ISBN 978--1--59593--734--6. 10.1145/1273463.1273490. URL http://doi.acm.org/10.1145/1273463.1273490.

Digital Library

[22]

B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: A secretless framework for security through diversity. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, Berkeley, CA, USA, 2006. USENIX Association. URL http://dl.acm.org/citation.cfm?id=1267336.1267344.

Digital Library

[23]

L. P. Cox, P. Gilbert, G. Lawler, V. Pistol, A. Razeen, B. Wu, and S. Cheemalapati. Spandex: Secure password tracking for android. In 23rd USENIX Security Symposium (USENIX Security 14), pages 481--494, San Diego, CA, Aug. 2014. USENIX Association. ISBN 978--1--931971--15--7. URL https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/cox.

[24]

D. Devriese and F. Piessens. Noninterference through secure multi-execution. In S&P, 2010.

[25]

A. Goel, K. Po, K. Farhadi, Z. Li, and E. de Lara. The taser intrusion recovery system. In Proceedings of the twentieth ACM symposium on Operating systems principles, SOSP '05. ACM, 2005.

Digital Library

[26]

J. Heusser and P. Malacaria. Quantifying information leaks in software. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 261--269, New York, NY, USA, 2010. ACM. ISBN 978--1--4503-0133--6. 10.1145/1920261.1920300. URL http://doi.acm.org/10.1145/1920261.1920300.

Digital Library

[27]

P. Hosek and C. Cadar. Varan the unbelievable: An efficient n-version execution framework. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '15, pages 339--353, New York, NY, USA, 2015. ACM. ISBN 978--1--4503--2835--7. 10.1145/2694344.2694390. URL http://doi.acm.org/10.1145/2694344.2694390.

Digital Library

[28]

D. R. Hower and M. D. Hill. Rerun: Exploiting episodes for lightweight memory race recording. In Proceedings of the 35th Annual International Symposium on Computer Architecture, ISCA '08, pages 265--276, Washington, DC, USA, 2008. IEEE Computer Society. ISBN 978-0--7695--3174--8. 10.1109/ISCA.2008.26. URL http://dx.doi.org/10.1109/ISCA.2008.26.

Digital Library

[29]

D. Hume. An enquiry concerning human understanding. 1748.

[30]

M. G. Kang, S. McCamant, P. Poosankam, and D. Ong. DTA+: Dynamic taint analysis with targeted control-flow propagation. In A. Perrig, editor, NDSS 2011, 18th Annual Network & Distributed System Security Symposium, Washington, DC, USA, Feb. 2011. Internet Society. URL http://www.isoc.org/isoc/conferences/ndss/11/pdf/5_4.pdf.

[31]

V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis. Libdft: Practical dynamic data flow tracking for commodity systems. In Proceedings of the 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, VEE '12, pages 121--132, New York, NY, USA, 2012. ACM. ISBN 978--1--4503--1176--2. 10.1145/2151024.2151042. URL http://doi.acm.org/10.1145/2151024.2151042.

Digital Library

[32]

W. M. Khoo. wmkhoo/taintgrind - github, Nov. 2013. URL https://github.com/wmkhoo/taintgrind/.

[33]

D. Kim, Y. Kwon, W. N. Sumner, X. Zhang, and D. Xu. Dual execution for on the fly fine grained execution comparison. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '15, pages 325--338, New York, NY, USA, 2015. ACM. ISBN 978--1--4503--2835--7. 10.1145/2694344.2694394. URL http://doi.acm.org/10.1145/2694344.2694394.

Digital Library

[34]

T. Kim, X. Wang, N. Zeldovich, and M. F. Kaashoek. Intrusion recovery using selective re-execution. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10. USENIX Association, 2010.

Digital Library

[35]

A. Kushnir and A. Gopnik. Young children infer causal strength from probabilities and interventions. Psychological Science, 16 (9), pages 678--683, 2005.

[36]

D. Lewis. Counterfactuals. Oxford: Blackwell, 1973.

[37]

X. Li, M. Tiwari, J. K. Oberg, V. Kashyap, F. T. Chong, T. Sherwood, and B. Hardekopf. Caisson: A hardware description language for secure information flow. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11, pages 109--120, New York, NY, USA, 2011. ACM. ISBN 978--1--4503-0663--8. 10.1145/1993498.1993512. URL http://doi.acm.org/10.1145/1993498.1993512.

Digital Library

[38]

V. B. Lvin, G. Novark, E. D. Berger, and B. G. Zorn. Archipelago: Trading address space for reliability and security. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIII, pages 115--124, New York, NY, USA, 2008. ACM. ISBN 978--1--59593--958--6. 10.1145/1346281.1346296. URL http://doi.acm.org/10.1145/1346281.1346296.

Digital Library

[39]

P. Mardziel, M. S. Alvim, M. Hicks, and M. R. Clarkson. Quantifying information flow for dynamic secrets. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP '14, pages 540--555, Washington, DC, USA, 2014. IEEE Computer Society. ISBN 978--1--4799--4686-0. 10.1109/SP.2014.41. URL http://dx.doi.org/10.1109/SP.2014.41.

Digital Library

[40]

S. McCamant and M. D. Ernst. Quantitative information flow as network flow capacity. In Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '08, pages 193--205, New York, NY, USA, 2008. ACM. ISBN 978--1--59593--860--2. 10.1145/1375581.1375606. URL http://doi.acm.org/10.1145/1375581.1375606.

Digital Library

[41]

J. McDermott, R. Gelinas, and S. Ornstein. Doc, wyatt, and virgil: prototyping storage jamming defenses. In Computer Security Applications Conference, 1997. Proceedings., 13th Annual, pages 265--273, Dec 1997. 10.1109/CSAC.1997.646199.

Digital Library

[42]

G. Miller and P. N. Johnson-Laird. Language and perception. Cambridge: Cambridge University Press, 1976.

[43]

P. Montesinos, M. Hicks, S. T. King, and J. Torrellas. Capo: A software-hardware interface for practical deterministic multiprocessor replay. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIV, pages 73--84, New York, NY, USA, 2009. ACM. ISBN 978--1--60558--406--5. 10.1145/1508244.1508254. URL http://doi.acm.org/10.1145/1508244.1508254.

Digital Library

[44]

S. Narayanasamy, C. Pereira, and B. Calder. Recording shared memory dependencies using strata. SIGPLAN Not., 41 (11): 229--240, Oct. 2006. ISSN 0362--1340. 10.1145/1168918.1168886. URL http://doi.acm.org/10.1145/1168918.1168886.

Digital Library

[45]

S. Park, Y. Zhou, W. Xiong, Z. Yin, R. Kaushik, K. H. Lee, and S. Lu. Pres: Probabilistic replay with execution sketching on multiprocessors. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles, SOSP '09, pages 177--192, New York, NY, USA, 2009. ACM. ISBN 978--1--60558--752--3. 10.1145/1629575.1629593. URL http://doi.acm.org/10.1145/1629575.1629593.

Digital Library

[46]

F. Qin, C. Wang, Z. Li, H.-s. Kim, Y. Zhou, and Y. Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 39, pages 135--148, Washington, DC, USA, 2006. IEEE Computer Society. ISBN 0--7695--2732--9. 10.1109/MICRO.2006.29. URL http://dx.doi.org/10.1109/MICRO.2006.29.

Digital Library

[47]

B. Salamat. Multi-variant Execution: Run-time Defense Against Malicious Code Injection Attacks. PhD thesis, Irvine, CA, USA, 2009. AAI3359500.

Digital Library

[48]

G. Shu, B. Sun, A. Podgurski, and F. Cao. Mfl: Method-level fault localization with causal inference. In Software Testing, Verification and Validation (ICST), 2013 IEEE Sixth International Conference on, pages 124--133, March 2013. 10.1109/ICST.2013.31.

[49]

D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. Bitblaze: A new approach to computer security via binary analysis. In Proceedings of the 4th International Conference on Information Systems Security, ICISS '08, pages 1--25, Berlin, Heidelberg, 2008. Springer-Verlag. ISBN 978--3--540--89861-0. 10.1007/978--3--540--89862--7_1. URL http://dx.doi.org/10.1007/978--3--540--89862--7_1.

Digital Library

[50]

F. Sorrentino, A. Farzan, and P. Madhusudan. Penelope: Weaving threads to expose atomicity violations. In Proceedings of the Eighteenth ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE '10, pages 37--46, New York, NY, USA, 2010. ACM. ISBN 978--1--60558--791--2. 10.1145/1882291.1882300. URL http://doi.acm.org/10.1145/1882291.1882300.

Digital Library

[51]

Tiwari, Li, Wassel, Chong, and Sherwood]2009microM. Tiwari, X. Li, H. Wassel, F. Chong, and T. Sherwood. Execution leases: A hardware-supported mechanism for enforcing strong non-interference. In Microarchitecture, 2009. MICRO-42. 42nd Annual IEEE/ACM International Symposium on, pages 493--504, Dec 2009.

Digital Library

[52]

Tiwari, Wassel, Mazloom, Mysore, Chong, and Sherwood]2009asplosM. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIV, pages 109--120, New York, NY, USA, 2009. ACM. ISBN 978--1--60558--406--5. 10.1145/1508244.1508258. URL http://doi.acm.org/10.1145/1508244.1508258.

Digital Library

[53]

M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood. Crafting a usable microkernel, processor, and i/o system with strict and provable information flow security. In Proceedings of the 38th Annual International Symposium on Computer Architecture, ISCA '11, pages 189--200, New York, NY, USA, 2011. ACM. ISBN 978--1--4503-0472--6. 10.1145/2000064.2000087. URL http://doi.acm.org/10.1145/2000064.2000087.

Digital Library

[54]

A. Tulley and S. Shrivastava. Preventing state divergence in replicated distributed programs. In Reliable Distributed Systems, 1990. Proceedings., Ninth Symposium on, pages 104--113, Oct 1990. 10.1109/RELDIS.1990.93956.

[55]

B. Vandiver, H. Balakrishnan, B. Liskov, and S. Madden. Tolerating Byzantine Faults in Transaction Processing Systems Using Commit Barrier Scheduling. In ACM SOSP, Stevenson, WA, October 2007.

Digital Library

[56]

K. Veeraraghavan, D. Lee, B. Wester, J. Ouyang, P. M. Chen, J. Flinn, and S. Narayanasamy. Doubleplay: Parallelizing sequential logging and replay. ACM Trans. Comput. Syst., 30 (1): 3:1--3:24, Feb. 2012. ISSN 0734--2071. 10.1145/2110356.2110359. URL http://doi.acm.org/10.1145/2110356.2110359.

Digital Library

[57]

N. Viennot, S. Nair, and J. Nieh. Transparent mutable replay for multicore debugging and patch validation. In Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '13, pages 127--138, New York, NY, USA, 2013. ACM. ISBN 978--1--4503--1870--9. 10.1145/2451116.2451130. URL http://doi.acm.org/10.1145/2451116.2451130.

Digital Library

[58]

B. Xin, W. N. Sumner, and X. Zhang. Efficient program execution indexing. In Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '08, pages 238--248, New York, NY, USA, 2008. ACM. ISBN 978--1--59593--860--2. 10.1145/1375581.1375611. URL http://doi.acm.org/10.1145/1375581.1375611.

Digital Library

[59]

A. R. Yumerefendi, B. Mickle, and L. P. Cox. Tightlip: Keeping applications from spilling the beans. In Proceedings of the 4th USENIX Conference on Networked Systems Design and Implementation, NSDI'07, pages 12--12, Berkeley, CA, USA, 2007. USENIX Association. URL http://dl.acm.org/citation.cfm?id=1973430.1973442.

Cited By

Lv YQin SZhu ZYu ZLi SHan W(2022)A Review of Provenance Graph based APT Attack Detection:Applications and Developments2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)10.1109/DSC55868.2022.00075(498-505)Online publication date: Jul-2022
https://doi.org/10.1109/DSC55868.2022.00075
Yagemann CNoureddine MHassan WChung SBates ALee WKim YKim JVigna GShi E(2021)Validating the Integrity of Audit Logs Against Execution Repartitioning AttacksProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484551(3337-3351)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484551
Grayson SAguilar FMilewicz RKatz DMarinov D(2024)A benchmark suite and performance analysis of user-space provenance collectorsProceedings of the 2nd ACM Conference on Reproducibility and Replicability10.1145/3641525.3663627(85-95)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3641525.3663627
Show More Cited By

Index Terms

LDX: Causality Inference by Lightweight Dual Execution
1. Security and privacy
  1. Systems security
    1. Information flow control
2. Software and its engineering
  1. Software notations and tools
    1. Compilers
      1. Runtime environments
      2. Source code generation

Recommendations

LDX: Causality Inference by Lightweight Dual Execution
ASPLOS '16

Causality inference, such as dynamic taint anslysis, has many applications (e.g., information leak detection). It determines whether an event e is causally dependent on a preceding event c during execution. We develop a new causality inference engine ...
LDX: Causality Inference by Lightweight Dual Execution
ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems

Causality inference, such as dynamic taint anslysis, has many applications (e.g., information leak detection). It determines whether an event e is causally dependent on a preceding event c during execution. We develop a new causality inference engine ...
A catalogue of bug patterns for exception handling in aspect-oriented programs
PLoP '08: Proceedings of the 15th Conference on Pattern Languages of Programs

Aspects allow a developer to externally add new functionality to a program. This additional functionality may also throw new exceptions that will flow through the program execution until they are handled. Moreover, aspects can also be used to handle ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGARCH Computer Architecture News

ACM SIGARCH Computer Architecture News Volume 44, Issue 2

ASPLOS'16

May 2016

774 pages

ISSN:0163-5964

DOI:10.1145/2980024

Editor:
Doug DeGroot
acm dot org

Issue’s Table of Contents

ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems
March 2016
824 pages
ISBN:9781450340915
DOI:10.1145/2872362
General Chair:
Tom Conte
Georgia Tech, USA
,
Program Chair:
Yuanyuan Zhou
University of California, San Diego, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 March 2016

Published in SIGARCH Volume 44, Issue 2

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

ONR
DARPA
NSF

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
1,263
Total Downloads

Downloads (Last 12 months)290
Downloads (Last 6 weeks)28

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lv YQin SZhu ZYu ZLi SHan W(2022)A Review of Provenance Graph based APT Attack Detection:Applications and Developments2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)10.1109/DSC55868.2022.00075(498-505)Online publication date: Jul-2022
https://doi.org/10.1109/DSC55868.2022.00075
Yagemann CNoureddine MHassan WChung SBates ALee WKim YKim JVigna GShi E(2021)Validating the Integrity of Audit Logs Against Execution Repartitioning AttacksProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484551(3337-3351)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484551
Grayson SAguilar FMilewicz RKatz DMarinov D(2024)A benchmark suite and performance analysis of user-space provenance collectorsProceedings of the 2nd ACM Conference on Reproducibility and Replicability10.1145/3641525.3663627(85-95)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3641525.3663627
Zhang XLi KQi LLiu YWu PWang D(2024)An Apriori Knowledge-based Negative Sampling Method for APT Detection2024 5th International Conference on Computer Engineering and Application (ICCEA)10.1109/ICCEA62105.2024.10603935(1176-1182)Online publication date: 12-Apr-2024
https://doi.org/10.1109/ICCEA62105.2024.10603935
Liu ZChen KSullivan DArias ODutta RJin YGuo XKim T(2024)Microscope: Causality Inference Crossing the Hardware and Software Boundary from Hardware PerspectiveProceedings of the 29th Asia and South Pacific Design Automation Conference10.1109/ASP-DAC58780.2024.10473793(933-938)Online publication date: 22-Jan-2024
https://dl.acm.org/doi/10.1109/ASP-DAC58780.2024.10473793
Zhu TYu JXiong CCheng WYuan QYing JChen TZhang JLv MChen YWang TFan Y(2023)APTSHIELD: A Stable, Efficient and Real-Time APT Detection System for Linux HostsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.324366720:6(5247-5264)Online publication date: Nov-2023
https://doi.org/10.1109/TDSC.2023.3243667
Inam MChen YGoyal ALiu JMink JMichael NGaur SBates AHassan W(2023)SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179405(2620-2638)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179405
Wang JWei JPang JZhang FLi S(2022)Security Enhancement Through Compiler-Assisted Software Diversity With Deep Reinforcement LearningInternational Journal of Digital Crime and Forensics10.4018/IJDCF.30287814:2(1-18)Online publication date: 17-Jun-2022
https://dl.acm.org/doi/10.4018/IJDCF.302878
徐志(2022)A Survey of Host-Based Advanced Persistent Threat Detection TechnologyComputer Science and Application10.12677/CSA.2022.12102412:01(233-251)Online publication date: 2022
https://doi.org/10.12677/CSA.2022.121024
Vinck JAbrath BCoppens BVoulimeneas ADe Sutter BVolckaert SBromberg YKermarrec AKozyrakis C(2022)Sharing is caringProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519558(99-116)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519558
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents