{"id":"https://openalex.org/W2885157095","doi":"https://doi.org/10.1145/3243734.3243776","title":"Runtime Analysis of Whole-System Provenance","display_name":"Runtime Analysis of Whole-System Provenance","publication_year":2018,"publication_date":"2018-10-15","ids":{"openalex":"https://openalex.org/W2885157095","doi":"https://doi.org/10.1145/3243734.3243776","mag":"2885157095"},"language":"en","primary_location":{"id":"doi:10.1145/3243734.3243776","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3243734.3243776","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3243776","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3243776","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005580571","display_name":"Thomas Pasquier","orcid":"https://orcid.org/0000-0001-6876-1306"},"institutions":[{"id":"https://openalex.org/I36234482","display_name":"University of Bristol","ror":"https://ror.org/0524sp257","country_code":"GB","type":"education","lineage":["https://openalex.org/I36234482"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Thomas Pasquier","raw_affiliation_strings":["University of Bristol, Bristol, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Bristol, Bristol, United Kingdom","institution_ids":["https://openalex.org/I36234482"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043535867","display_name":"Xueyuan Han","orcid":null},"institutions":[{"id":"https://openalex.org/I2801851002","display_name":"Harvard University Press","ror":"https://ror.org/006v7bf86","country_code":"US","type":"other","lineage":["https://openalex.org/I136199984","https://openalex.org/I2801851002"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xueyuan Han","raw_affiliation_strings":["Harvard University, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Harvard University, Cambridge, MA, USA","institution_ids":["https://openalex.org/I2801851002"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108616391","display_name":"Thomas Moyer","orcid":null},"institutions":[{"id":"https://openalex.org/I102149020","display_name":"University of North Carolina at Charlotte","ror":"https://ror.org/04dawnj30","country_code":"US","type":"education","lineage":["https://openalex.org/I102149020"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Thomas Moyer","raw_affiliation_strings":["University of North Carolina at Charlotte, Charlotte, NC, USA"],"affiliations":[{"raw_affiliation_string":"University of North Carolina at Charlotte, Charlotte, NC, USA","institution_ids":["https://openalex.org/I102149020"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021649580","display_name":"Adam Bates","orcid":"https://orcid.org/0000-0003-1511-4951"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam Bates","raw_affiliation_strings":["University of Illinois at Urbana-Champaign, Champaign, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, Champaign, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020794048","display_name":"Olivier Hermant","orcid":"https://orcid.org/0000-0001-6233-1903"},"institutions":[{"id":"https://openalex.org/I2746051580","display_name":"Universit\u00e9 Paris Sciences et Lettres","ror":"https://ror.org/013cjyk83","country_code":"FR","type":"education","lineage":["https://openalex.org/I2746051580"]},{"id":"https://openalex.org/I190752583","display_name":"ParisTech","ror":"https://ror.org/05c2qg481","country_code":"FR","type":"education","lineage":["https://openalex.org/I190752583"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Olivier Hermant","raw_affiliation_strings":["MINES ParisTech PSL Research University, Paris, France"],"affiliations":[{"raw_affiliation_string":"MINES ParisTech PSL Research University, Paris, France","institution_ids":["https://openalex.org/I2746051580","https://openalex.org/I190752583"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034644722","display_name":"David Eyers","orcid":"https://orcid.org/0000-0002-7284-8006"},"institutions":[{"id":"https://openalex.org/I80281795","display_name":"University of Otago","ror":"https://ror.org/01jmxt844","country_code":"NZ","type":"education","lineage":["https://openalex.org/I80281795"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"David Eyers","raw_affiliation_strings":["University of Otago, Dunedin, New Zealand"],"affiliations":[{"raw_affiliation_string":"University of Otago, Dunedin, New Zealand","institution_ids":["https://openalex.org/I80281795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112323455","display_name":"Jean Bacon","orcid":"https://orcid.org/0000-0003-0987-9982"},"institutions":[{"id":"https://openalex.org/I241749","display_name":"University of Cambridge","ror":"https://ror.org/013meh722","country_code":"GB","type":"education","lineage":["https://openalex.org/I241749"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Jean Bacon","raw_affiliation_strings":["University of Cambridge, Cambridge, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Cambridge, Cambridge, United Kingdom","institution_ids":["https://openalex.org/I241749"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054751297","display_name":"Margo Seltzer","orcid":"https://orcid.org/0000-0002-2165-4658"},"institutions":[{"id":"https://openalex.org/I141945490","display_name":"University of British Columbia","ror":"https://ror.org/03rmrcq20","country_code":"CA","type":"education","lineage":["https://openalex.org/I141945490"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Margo Seltzer","raw_affiliation_strings":["University of British Columbia, Vancouver, BC, Canada"],"affiliations":[{"raw_affiliation_string":"University of British Columbia, Vancouver, BC, Canada","institution_ids":["https://openalex.org/I141945490"]}]}],"institutions":[],"countries_distinct_count":5,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5005580571"],"corresponding_institution_ids":["https://openalex.org/I36234482"],"apc_list":null,"apc_paid":null,"fwci":22.4027,"has_fulltext":true,"cited_by_count":83,"citation_normalized_percentile":{"value":0.99272998,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1601","last_page":"1616"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8548138737678528},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6283098459243774},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5744448900222778},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5473676919937134},{"id":"https://openalex.org/keywords/provenance","display_name":"Provenance","score":0.5078869462013245},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.4972532093524933},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42406654357910156},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.37162622809410095},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3485671877861023}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8548138737678528},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6283098459243774},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5744448900222778},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5473676919937134},{"id":"https://openalex.org/C2780049196","wikidata":"https://www.wikidata.org/wiki/Q23582628","display_name":"Provenance","level":2,"score":0.5078869462013245},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.4972532093524933},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42406654357910156},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.37162622809410095},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3485671877861023},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C5900021","wikidata":"https://www.wikidata.org/wiki/Q163082","display_name":"Petrology","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3243734.3243776","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3243734.3243776","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3243776","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:research-information.bris.ac.uk:publications/d8ce031b-fa85-4242-afc0-c14dae25d477","is_oa":true,"landing_page_url":"https://research-information.bris.ac.uk/en/publications/d8ce031b-fa85-4242-afc0-c14dae25d477","pdf_url":"https://research-information.bris.ac.uk/ws/files/166855312/paper.pdf","source":{"id":"https://openalex.org/S4306400895","display_name":"Bristol Research (University of Bristol)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I36234482","host_organization_name":"University of Bristol","host_organization_lineage":["https://openalex.org/I36234482"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:research-information.bris.ac.uk:openaire/d8ce031b-fa85-4242-afc0-c14dae25d477","is_oa":true,"landing_page_url":"https://hdl.handle.net/1983/d8ce031b-fa85-4242-afc0-c14dae25d477","pdf_url":null,"source":{"id":"https://openalex.org/S7407055359","display_name":"Explore Bristol Research","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Pasquier, T, Han, X, Moyer, T, Bates, A, Hermant, O, Eyers, D, Bacon, J & Seltzer, M 2018, Runtime Analysis of Whole-System Provenance. in CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security : Toronto, Canada (2018). Association for Computing Machinery, pp. 1601-1616. https://doi.org/10.1145/3243734.3243776","raw_type":"contributionToPeriodical"}],"best_oa_location":{"id":"doi:10.1145/3243734.3243776","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3243734.3243776","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3243776","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1053005048","display_name":null,"funder_award_id":"EP/K011510/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G3178348044","display_name":null,"funder_award_id":"SSI-1450277","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2885157095.pdf","grobid_xml":"https://content.openalex.org/works/W2885157095.grobid-xml"},"referenced_works_count":91,"referenced_works":["https://openalex.org/W109501752","https://openalex.org/W116902681","https://openalex.org/W168132470","https://openalex.org/W169514714","https://openalex.org/W191839766","https://openalex.org/W200839506","https://openalex.org/W1415938757","https://openalex.org/W1444906800","https://openalex.org/W1448681276","https://openalex.org/W1504669610","https://openalex.org/W1516432943","https://openalex.org/W1549716092","https://openalex.org/W1559528097","https://openalex.org/W1575826986","https://openalex.org/W1578024308","https://openalex.org/W1582703556","https://openalex.org/W1788180225","https://openalex.org/W1813893391","https://openalex.org/W1858703999","https://openalex.org/W1876967670","https://openalex.org/W1967845068","https://openalex.org/W1968467415","https://openalex.org/W1972062587","https://openalex.org/W1986079362","https://openalex.org/W1990089904","https://openalex.org/W2002547931","https://openalex.org/W2009232481","https://openalex.org/W2033984447","https://openalex.org/W2039157918","https://openalex.org/W2049314312","https://openalex.org/W2053068495","https://openalex.org/W2060692877","https://openalex.org/W2081276694","https://openalex.org/W2086234010","https://openalex.org/W2096347345","https://openalex.org/W2096761130","https://openalex.org/W2102673514","https://openalex.org/W2105321788","https://openalex.org/W2111123597","https://openalex.org/W2122646361","https://openalex.org/W2129592257","https://openalex.org/W2131975293","https://openalex.org/W2133196068","https://openalex.org/W2141736438","https://openalex.org/W2150858564","https://openalex.org/W2152449272","https://openalex.org/W2157575657","https://openalex.org/W2158126684","https://openalex.org/W2159357881","https://openalex.org/W2161337603","https://openalex.org/W2162171351","https://openalex.org/W2162283517","https://openalex.org/W2162546229","https://openalex.org/W2170646878","https://openalex.org/W2213728018","https://openalex.org/W2234087692","https://openalex.org/W2237023204","https://openalex.org/W2276008606","https://openalex.org/W2283438976","https://openalex.org/W2288636546","https://openalex.org/W2294464288","https://openalex.org/W2294556882","https://openalex.org/W2295705535","https://openalex.org/W2350778671","https://openalex.org/W2397699236","https://openalex.org/W2407590826","https://openalex.org/W2467908049","https://openalex.org/W2512039142","https://openalex.org/W2522585932","https://openalex.org/W2579106964","https://openalex.org/W2597525217","https://openalex.org/W2607500032","https://openalex.org/W2624201633","https://openalex.org/W2712690582","https://openalex.org/W2747394252","https://openalex.org/W2747669027","https://openalex.org/W2751178935","https://openalex.org/W2751624957","https://openalex.org/W2751844787","https://openalex.org/W2755094099","https://openalex.org/W2770930256","https://openalex.org/W2790316935","https://openalex.org/W2807158246","https://openalex.org/W2887200831","https://openalex.org/W2963232610","https://openalex.org/W2964098485","https://openalex.org/W3101089035","https://openalex.org/W3121686295","https://openalex.org/W4242362323","https://openalex.org/W4365786623","https://openalex.org/W6630914723"],"related_works":["https://openalex.org/W2354627941","https://openalex.org/W2347483153","https://openalex.org/W2353379336","https://openalex.org/W2379683085","https://openalex.org/W2363868702","https://openalex.org/W2374448931","https://openalex.org/W2376723740","https://openalex.org/W2370535391","https://openalex.org/W2370679613","https://openalex.org/W2380057024"],"abstract_inverted_index":{"Identifying":[0],"the":[1,24,82,123,150,166],"root":[2,37],"cause":[3],"and":[4,79,115,140],"impact":[5],"of":[6,23,26,84,118,125,130,152,169],"a":[7,11,20,29,105,128],"system":[8,161],"intrusion":[9,138],"remains":[10],"foundational":[12],"challenge":[13],"in":[14,46,176],"computer":[15,177],"security.":[16,178],"Digital":[17],"provenance":[18,73,94],"provides":[19,91],"detailed":[21],"history":[22],"flow":[25],"information":[27],"within":[28],"computing":[30],"system,":[31],"connecting":[32],"suspicious":[33],"events":[34],"to":[35,127,172],"their":[36],"causes.":[38],"Although":[39],"existing":[40],"provenance-based":[41,170],"auditing":[42],"techniques":[43],"provide":[44],"value":[45],"forensic":[47,70],"analysis,":[48,95],"they":[49],"assume":[50],"that":[51,109,147],"such":[52],"analysis":[53,60,119],"takes":[54],"place":[55],"only":[56],"retrospectively.":[57],"Such":[58],"post-hoc":[59],"is":[61,104],"insufficient":[62],"for":[63,69,99,112],"realtime":[64,93,153],"security":[65,101,132],"applications;":[66],"moreover,":[67],"even":[68],"tasks,":[71],"prior":[72],"collection":[74],"systems":[75],"exhibited":[76],"poor":[77],"performance":[78],"scalability,":[80],"jeopardizing":[81],"timeliness":[83],"query":[85,154],"responses.":[86],"We":[87,121],"present":[88],"CamQuery,":[89],"which":[90],"inline,":[92],"making":[96],"it":[97],"suitable":[98],"implementing":[100],"applications.":[102,120],"CamQuery":[103,126,148,163],"Linux":[106],"Security":[107],"Module":[108],"offers":[110],"support":[111],"both":[113],"userspace":[114],"in-kernel":[116],"execution":[117],"demonstrate":[122,146],"applicability":[124],"variety":[129],"runtime":[131],"applications":[133],"including":[134],"data":[135],"loss":[136],"prevention,":[137],"detection,":[139],"regulatory":[141],"compliance.":[142],"In":[143],"evaluation,":[144],"we":[145],"reduces":[149],"latency":[151],"mechanisms,":[155],"while":[156],"imposing":[157],"minimal":[158],"overheads":[159],"on":[160],"execution.":[162],"thus":[164],"enables":[165],"further":[167],"deployment":[168],"technologies":[171],"address":[173],"central":[174],"challenges":[175]},"counts_by_year":[{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":16},{"year":2021,"cited_by_count":20},{"year":2020,"cited_by_count":13},{"year":2019,"cited_by_count":7},{"year":2018,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}