{"id":"https://openalex.org/W2294464288","doi":"https://doi.org/10.1145/2818000.2818011","title":"Provenance-based Integrity Protection for Windows","display_name":"Provenance-based Integrity Protection for Windows","publication_year":2015,"publication_date":"2015-12-07","ids":{"openalex":"https://openalex.org/W2294464288","doi":"https://doi.org/10.1145/2818000.2818011","mag":"2294464288"},"language":"en","primary_location":{"id":"doi:10.1145/2818000.2818011","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2818000.2818011","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2818000.2818011","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/2818000.2818011","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5110123099","display_name":"Wai Kit Sze","orcid":null},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wai Kit Sze","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY, USA","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102886132","display_name":"R. Sekar","orcid":"https://orcid.org/0009-0008-9135-3296"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"R. Sekar","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY, USA","institution_ids":["https://openalex.org/I59553526"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.3197,"has_fulltext":true,"cited_by_count":14,"citation_normalized_percentile":{"value":0.89665881,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"211","last_page":"220"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.6452069878578186},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4963605999946594},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32229724526405334},{"id":"https://openalex.org/keywords/geology","display_name":"Geology","score":0.15931624174118042}],"concepts":[{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.6452069878578186},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4963605999946594},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32229724526405334},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.15931624174118042},{"id":"https://openalex.org/C5900021","wikidata":"https://www.wikidata.org/wiki/Q163082","display_name":"Petrology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2818000.2818011","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2818000.2818011","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2818000.2818011","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/2818000.2818011","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2818000.2818011","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2818000.2818011","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.44999998807907104,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G4859090984","display_name":"CT-T:   Proactive Techniques for Preserving System Integrity:   A Basis for Robust Defense Against Malware","funder_award_id":"0831298","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5909444678","display_name":null,"funder_award_id":"CNS-0831298","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6443289547","display_name":null,"funder_award_id":"CNS-0831298,CNS-1319137","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7268679954","display_name":null,"funder_award_id":"CNS-1319137","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7852973988","display_name":null,"funder_award_id":"CNS-0831298 and CNS-1319137","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8798836806","display_name":"TWC: Small: A platform for enhancing security of binary code","funder_award_id":"1319137","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2294464288.pdf","grobid_xml":"https://content.openalex.org/works/W2294464288.grobid-xml"},"referenced_works_count":32,"referenced_works":["https://openalex.org/W6385438","https://openalex.org/W24839522","https://openalex.org/W157928049","https://openalex.org/W1444906800","https://openalex.org/W1516211918","https://openalex.org/W1552694902","https://openalex.org/W1676940139","https://openalex.org/W1809664600","https://openalex.org/W1969519208","https://openalex.org/W2023824732","https://openalex.org/W2031965919","https://openalex.org/W2040431736","https://openalex.org/W2062340141","https://openalex.org/W2064533298","https://openalex.org/W2086234010","https://openalex.org/W2089217152","https://openalex.org/W2098316927","https://openalex.org/W2117703831","https://openalex.org/W2132185316","https://openalex.org/W2134296086","https://openalex.org/W2138691690","https://openalex.org/W2152050029","https://openalex.org/W2152172333","https://openalex.org/W2154022444","https://openalex.org/W2154220454","https://openalex.org/W2155851497","https://openalex.org/W2162283517","https://openalex.org/W2164055093","https://openalex.org/W2169768162","https://openalex.org/W4234087688","https://openalex.org/W4238764625","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2354627941","https://openalex.org/W2347483153","https://openalex.org/W2353379336","https://openalex.org/W2379683085","https://openalex.org/W2363868702","https://openalex.org/W2374448931","https://openalex.org/W2376723740","https://openalex.org/W2370535391","https://openalex.org/W2370679613"],"abstract_inverted_index":{"Existing":[0],"malware":[1,13,31,40,63,161],"defenses":[2,9,34,43],"are":[3,21,35],"primarily":[4],"reactive":[5],"in":[6],"nature,":[7],"with":[8,95,119],"effective":[10],"only":[11],"on":[12],"that":[14,32,44,60,72,75],"has":[15],"previously":[16],"been":[17],"observed.":[18],"Unfortunately,":[19],"we":[20,55],"witnessing":[22],"a":[23,131,158],"generation":[24],"of":[25,134,160,174],"stealthy,":[26],"highly":[27],"targeted":[28,113],"exploits":[29],"and":[30,67,70,93,109,129,145,165],"these":[33],"unprepared":[36],"for.":[37],"Thwarting":[38],"such":[39],"requires":[41],"new":[42],"are,":[45],"by":[46,64,78,114],"design,":[47],"secure":[48],"against":[49,62],"unknown":[50],"malware.":[51,115,170],"In":[52],"this":[53],"paper,":[54],"present":[56],"Spif,":[57],"an":[58],"approach":[59],"defends":[61],"tracking":[65],"code":[66,79],"data":[68,81],"origin,":[69],"ensuring":[71],"any":[73],"process":[74],"is":[76,99,117,177],"influenced":[77],"or":[80],"from":[82,88],"untrusted":[83],"sources":[84],"will":[85],"be":[86],"prevented":[87],"modifying":[89],"important":[90],"system":[91,176],"resources,":[92],"interacting":[94],"benign":[96],"processes.":[97],"Spif":[98,116,148],"designed":[100],"for":[101],"Windows,":[102],"the":[103,110,166],"most":[104],"widely":[105],"deployed":[106],"desktop":[107],"OS,":[108],"primary":[111],"platform":[112],"compatible":[118],"all":[120,140],"recent":[121],"Windows":[122,127],"versions":[123],"(Windows":[124],"XP":[125],"to":[126,156],"10),":[128],"supports":[130],"wide":[132],"range":[133],"feature":[135],"rich,":[136],"unmodified":[137],"applications,":[138],"including":[139,163],"popular":[141],"browsers,":[142],"office":[143],"software":[144],"media":[146],"players.":[147],"imposes":[149],"minimal":[150],"performance":[151],"overheads":[152],"while":[153],"being":[154],"able":[155],"stop":[157],"variety":[159],"attacks,":[162],"Stuxnet":[164],"recently":[167],"reported":[168],"Sandworm":[169],"An":[171],"open-source":[172],"implementation":[173],"our":[175],"available.":[178]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}