{"id":"https://openalex.org/W2290240292","doi":"https://doi.org/10.1145/2854038.2854062","title":"BlackBox: lightweight security monitoring for COTS binaries","display_name":"BlackBox: lightweight security monitoring for COTS binaries","publication_year":2016,"publication_date":"2016-02-29","ids":{"openalex":"https://openalex.org/W2290240292","doi":"https://doi.org/10.1145/2854038.2854062","mag":"2290240292"},"language":"en","primary_location":{"id":"doi:10.1145/2854038.2854062","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2854038.2854062","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2854038.2854062","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 International Symposium on Code Generation and Optimization","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/2854038.2854062","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5088858705","display_name":"Byron Hawkins","orcid":null},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Byron Hawkins","raw_affiliation_strings":["University of California at Irvine, USA"],"affiliations":[{"raw_affiliation_string":"University of California at Irvine, USA","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016315666","display_name":"Brian Demsky","orcid":"https://orcid.org/0000-0003-1210-3130"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brian Demsky","raw_affiliation_strings":["University of California at Irvine, USA"],"affiliations":[{"raw_affiliation_string":"University of California at Irvine, USA","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036770962","display_name":"Michael Taylor","orcid":"https://orcid.org/0000-0002-4074-6347"},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California, San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael B. Taylor","raw_affiliation_strings":["University of California at San Diego, USA"],"affiliations":[{"raw_affiliation_string":"University of California at San Diego, USA","institution_ids":["https://openalex.org/I36258959"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5088858705"],"corresponding_institution_ids":["https://openalex.org/I204250578"],"apc_list":null,"apc_paid":null,"fwci":1.3252,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.86596123,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"261","last_page":"272"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9926000237464905,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8707770109176636},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.6590546369552612},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6451855897903442},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5385194420814514},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4897139370441437},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.4840223491191864},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.47938182950019836},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.46087318658828735},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.44562777876853943},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.4213446378707886},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.40974336862564087},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3030640482902527},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11912974715232849}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8707770109176636},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.6590546369552612},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6451855897903442},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5385194420814514},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4897139370441437},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.4840223491191864},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47938182950019836},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.46087318658828735},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.44562777876853943},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.4213446378707886},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.40974336862564087},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3030640482902527},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11912974715232849},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2854038.2854062","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2854038.2854062","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2854038.2854062","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 International Symposium on Code Generation and Optimization","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/2854038.2854062","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2854038.2854062","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2854038.2854062","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 International Symposium on Code Generation and Optimization","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5199999809265137}],"awards":[{"id":"https://openalex.org/G1330807294","display_name":null,"funder_award_id":"1228995","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2511970079","display_name":null,"funder_award_id":"CCF-0846195, CCF-1217854, CNS-1228995, and CCF-1319786","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2974361155","display_name":"SHF: Small: Tool Support for Verifiably-Robust Software","funder_award_id":"1217854","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3810896856","display_name":null,"funder_award_id":"1228992, CCF- 0846195, CCF-1217854, CNS-1228995, CCF-1319786","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3994755693","display_name":"CAREER:  Language Features for Robust Software","funder_award_id":"0846195","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4887462507","display_name":null,"funder_award_id":"C-FAR","funder_id":"https://openalex.org/F4320306087","funder_display_name":"Semiconductor Research Corporation"},{"id":"https://openalex.org/G5238704004","display_name":"TWC: Medium: Collaborative Proposal: Safety in Numbers: Crowdsourcing for Global Software Integrity","funder_award_id":"1228992","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6538958692","display_name":null,"funder_award_id":"CCF-1217854, CNS-1228995, and CCF-1319786","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6811296919","display_name":null,"funder_award_id":"C-FAR","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G7626417671","display_name":null,"funder_award_id":"CCF-1319786","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320306087","display_name":"Semiconductor Research Corporation","ror":"https://ror.org/047z4n946"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2290240292.pdf","grobid_xml":"https://content.openalex.org/works/W2290240292.grobid-xml"},"referenced_works_count":39,"referenced_works":["https://openalex.org/W70478248","https://openalex.org/W1429241971","https://openalex.org/W1515653707","https://openalex.org/W1538332098","https://openalex.org/W1544471297","https://openalex.org/W1591211019","https://openalex.org/W1631846088","https://openalex.org/W1656529189","https://openalex.org/W1816718056","https://openalex.org/W1823377586","https://openalex.org/W1967216565","https://openalex.org/W1968002620","https://openalex.org/W1968161191","https://openalex.org/W1978174330","https://openalex.org/W1982829328","https://openalex.org/W1990465482","https://openalex.org/W1993682390","https://openalex.org/W2001978806","https://openalex.org/W2009801020","https://openalex.org/W2022292029","https://openalex.org/W2022413220","https://openalex.org/W2036853599","https://openalex.org/W2042856445","https://openalex.org/W2059969702","https://openalex.org/W2072102701","https://openalex.org/W2081105932","https://openalex.org/W2086839628","https://openalex.org/W2088856850","https://openalex.org/W2099866050","https://openalex.org/W2106965075","https://openalex.org/W2109219878","https://openalex.org/W2117115928","https://openalex.org/W2138517425","https://openalex.org/W2148686658","https://openalex.org/W2154902280","https://openalex.org/W2159216827","https://openalex.org/W2171929398","https://openalex.org/W2397986719","https://openalex.org/W4241972075"],"related_works":["https://openalex.org/W2316974788","https://openalex.org/W2381594293","https://openalex.org/W2551594732","https://openalex.org/W2367489380","https://openalex.org/W4297792550","https://openalex.org/W3154327225","https://openalex.org/W2354134599","https://openalex.org/W2344257842","https://openalex.org/W4323864011","https://openalex.org/W2951091523"],"abstract_inverted_index":{"After":[0],"a":[1,56,95,140],"software":[2],"system":[3,97],"is":[4,41],"compromised,":[5],"it":[6,31,43,50,209],"can":[7,44,146,178,210,245],"be":[8,23,45,147],"difficult":[9,46],"to":[10,32,47,54,64,86,105,127,152,185,250],"understand":[11,66],"what":[12],"vulnerabilities":[13],"attackers":[14,26],"exploited.":[15],"Any":[16],"information":[17],"residing":[18],"on":[19],"that":[20,73,145,177,208,223],"machine":[21],"cannot":[22],"trusted":[24],"as":[25],"may":[27],"have":[28,194],"tampered":[29],"with":[30,139],"cover":[33],"their":[34],"tracks.":[35],"Moreover,":[36],"even":[37],"after":[38],"an":[39,122],"exploit":[40],"known,":[42],"determine":[48],"whether":[49],"has":[51,60],"been":[52],"used":[53],"compromise":[55,87],"given":[57],"machine.":[58],"Aviation":[59],"long-used":[61],"black":[62],"boxes":[63],"better":[65],"the":[67,75,129,150,188,201,235,240],"causes":[68],"of":[69,77,121,132,143,160,165,190,204,215],"accidents,":[70],"enabling":[71],"improvements":[72],"reduce":[74],"likelihood":[76],"future":[78],"accidents.":[79],"Many":[80],"attacks":[81],"introduce":[82,172],"abnormal":[83],"control":[84,112,125,134],"flows":[85,126],"systems.":[88],"In":[89],"this":[90],"paper,":[91],"we":[92],"present":[93],"BlackBox,":[94,205],"monitoring":[96],"for":[98,174],"COTS":[99,115],"software.":[100],"Our":[101],"techniques":[102],"enable":[103],"BlackBox":[104,117,184,196,233],"efficiently":[106],"monitor":[107,212],"unexpected":[108],"and":[109,206,218,227,244],"potentially":[110],"harmful":[111],"flow":[113,135],"in":[114,197,224],"binaries.":[116],"constructs":[118],"dynamic":[119],"profiles":[120],"application's":[123],"typical":[124],"filter":[128],"vast":[130],"majority":[131,189],"expected":[133],"behavior,":[136],"leaving":[137],"us":[138],"manageable":[141],"amount":[142],"data":[144],"logged":[148],"across":[149],"network":[151],"remote":[153],"devices.":[154],"Modern":[155],"applications":[156],"make":[157],"extensive":[158],"use":[159],"dynamically":[161],"generated":[162],"code,":[163],"some":[164],"which":[166,239],"varies":[167],"greatly":[168],"between":[169],"executions.":[170],"We":[171,193,199,221],"support":[173],"code":[175],"generators":[176],"detect":[179],"security-sensitive":[180],"behaviors":[181],"while":[182],"allowing":[183],"avoid":[186],"logging":[187],"ordinary":[191],"behaviors.":[192],"implemented":[195],"DynamoRIO.":[198],"evaluate":[200],"runtime":[202],"overhead":[203],"show":[207,222],"effectively":[211],"recent":[213],"versions":[214],"Microsoft":[216],"Office":[217],"Google":[219],"Chrome.":[220],"ROP,":[225],"COOP,":[226],"state-":[228],"of-the-art":[229],"JIT":[230],"injection":[231],"attacks,":[232],"logs":[234],"pivotal":[236],"actions":[237,249],"by":[238],"attacker":[241],"takes":[242],"control,":[243],"also":[246],"blacklist":[247],"those":[248],"prevent":[251],"repeated":[252],"exploits.":[253]},"counts_by_year":[{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-10-10T00:00:00"}