{"id":"https://openalex.org/W3212661259","doi":"https://doi.org/10.1145/3460120.3484551","title":"Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks","display_name":"Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3212661259","doi":"https://doi.org/10.1145/3460120.3484551","mag":"3212661259"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3484551","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484551","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5084633808","display_name":"Carter Yagemann","orcid":"https://orcid.org/0000-0002-8018-0341"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Carter Yagemann","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043531280","display_name":"Mohammad A. Noureddine","orcid":null},"institutions":[{"id":"https://openalex.org/I192578771","display_name":"Rose\u2013Hulman Institute of Technology","ror":"https://ror.org/00mp6e841","country_code":"US","type":"education","lineage":["https://openalex.org/I192578771"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mohammad A. Noureddine","raw_affiliation_strings":["Rose-Hulman Institute of Technology, Terre Haute, IN, USA"],"affiliations":[{"raw_affiliation_string":"Rose-Hulman Institute of Technology, Terre Haute, IN, USA","institution_ids":["https://openalex.org/I192578771"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089936565","display_name":"Wajih Ul Hassan","orcid":"https://orcid.org/0000-0002-5676-6027"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wajih Ul Hassan","raw_affiliation_strings":["University of Illinois Urbana-Champaign, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana-Champaign, Urbana, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052526223","display_name":"Simon P. Chung","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Simon Chung","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021649580","display_name":"Adam Bates","orcid":"https://orcid.org/0000-0003-1511-4951"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam Bates","raw_affiliation_strings":["University of Illinois Urbana-Champaign, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana-Champaign, Urbana, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047140382","display_name":"Wenke Lee","orcid":"https://orcid.org/0000-0003-2761-1277"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenke Lee","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5084633808"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":1.5398,"has_fulltext":false,"cited_by_count":17,"citation_normalized_percentile":{"value":0.86262417,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"3337","last_page":"3351"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8294713497161865},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.778705358505249},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.6572113037109375},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.5777280330657959},{"id":"https://openalex.org/keywords/dependency-graph","display_name":"Dependency graph","score":0.4937690198421478},{"id":"https://openalex.org/keywords/data-integrity","display_name":"Data integrity","score":0.4854002892971039},{"id":"https://openalex.org/keywords/framing","display_name":"Framing (construction)","score":0.466718852519989},{"id":"https://openalex.org/keywords/audit-trail","display_name":"Audit trail","score":0.46169838309288025},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.36449187994003296},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.23116475343704224},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.17378047108650208},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.17142322659492493}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8294713497161865},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.778705358505249},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.6572113037109375},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.5777280330657959},{"id":"https://openalex.org/C16311509","wikidata":"https://www.wikidata.org/wiki/Q4148050","display_name":"Dependency graph","level":3,"score":0.4937690198421478},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.4854002892971039},{"id":"https://openalex.org/C169087156","wikidata":"https://www.wikidata.org/wiki/Q2131593","display_name":"Framing (construction)","level":2,"score":0.466718852519989},{"id":"https://openalex.org/C80958533","wikidata":"https://www.wikidata.org/wiki/Q1047174","display_name":"Audit trail","level":3,"score":0.46169838309288025},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36449187994003296},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.23116475343704224},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.17378047108650208},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.17142322659492493},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C66938386","wikidata":"https://www.wikidata.org/wiki/Q633538","display_name":"Structural engineering","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3460120.3484551","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484551","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:scholar.rose-hulman.edu:computersci_fac-1261","is_oa":false,"landing_page_url":"https://scholar.rose-hulman.edu/computersci_fac/262","pdf_url":null,"source":{"id":"https://openalex.org/S4377196619","display_name":"Rose-Hulman Scholar (Rose\u2013Hulman Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I192578771","host_organization_name":"Rose\u2013Hulman Institute of Technology","host_organization_lineage":["https://openalex.org/I192578771"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Faculty Publications  -  Computer Science & Software Engineering","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.8199999928474426,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G6106948975","display_name":null,"funder_award_id":"CNS-1750024,CNS-2055127","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W168132470","https://openalex.org/W1504467209","https://openalex.org/W1963947298","https://openalex.org/W1969501726","https://openalex.org/W1992741024","https://openalex.org/W1993736952","https://openalex.org/W1996931407","https://openalex.org/W2022018347","https://openalex.org/W2054901814","https://openalex.org/W2081276694","https://openalex.org/W2096347345","https://openalex.org/W2112525062","https://openalex.org/W2116998101","https://openalex.org/W2155851497","https://openalex.org/W2162800072","https://openalex.org/W2168270139","https://openalex.org/W2183816381","https://openalex.org/W2213728018","https://openalex.org/W2252814878","https://openalex.org/W2252980215","https://openalex.org/W2269223136","https://openalex.org/W2293351723","https://openalex.org/W2294333398","https://openalex.org/W2317668908","https://openalex.org/W2491693446","https://openalex.org/W2512784977","https://openalex.org/W2516933175","https://openalex.org/W2532844970","https://openalex.org/W2574009340","https://openalex.org/W2579106964","https://openalex.org/W2584029330","https://openalex.org/W2601206855","https://openalex.org/W2604395162","https://openalex.org/W2605534153","https://openalex.org/W2612687770","https://openalex.org/W2614037574","https://openalex.org/W2620229640","https://openalex.org/W2734941459","https://openalex.org/W2755094099","https://openalex.org/W2765596487","https://openalex.org/W2766852928","https://openalex.org/W2790316935","https://openalex.org/W2790557990","https://openalex.org/W2792591096","https://openalex.org/W2889727957","https://openalex.org/W2891196279","https://openalex.org/W2914982603","https://openalex.org/W2917388839","https://openalex.org/W2962703433","https://openalex.org/W2970528944","https://openalex.org/W3006711782","https://openalex.org/W3008508243","https://openalex.org/W3109160943","https://openalex.org/W4234859835","https://openalex.org/W4245671428","https://openalex.org/W6629958140"],"related_works":["https://openalex.org/W2327631927","https://openalex.org/W2093568763","https://openalex.org/W1985166372","https://openalex.org/W2003096546","https://openalex.org/W2430210575","https://openalex.org/W4289354592","https://openalex.org/W2165069859","https://openalex.org/W2099112646","https://openalex.org/W2626477053","https://openalex.org/W2342550845"],"abstract_inverted_index":{"Provenance-based":[0],"causal":[1],"analysis":[2],"of":[3,13,45],"audit":[4],"logs":[5],"has":[6],"proven":[7],"to":[8,33,70,80,95],"be":[9],"an":[10],"invaluable":[11],"method":[12],"investigating":[14],"system":[15,72],"intrusions.":[16],"However,":[17],"it":[18],"also":[19,109],"suffers":[20],"from":[21],"dependency":[22],"explosion,":[23],"whereby":[24],"long-running":[25],"processes":[26],"accumulate":[27],"many":[28],"dependencies":[29,42],"that":[30,52,61],"are":[31,78],"hard":[32],"unravel.":[34],"Execution":[35],"unit":[36],"partitioning":[37],"addresses":[38],"this":[39],"by":[40],"segmenting":[41],"into":[43],"units":[44],"work,":[46],"such":[47],"as":[48],"isolating":[49],"the":[50,102],"events":[51],"processed":[53],"a":[54,65],"single":[55],"HTTP":[56],"request.":[57],"Unfortunately,":[58],"we":[59],"discover":[60],"current":[62],"designs":[63],"have":[64],"semantic":[66],"gap":[67],"problem":[68],"due":[69],"how":[71,88,111],"calls":[73],"and":[74,104,117],"application":[75],"log":[76,118],"messages":[77],"used":[79],"infer":[81],"complex":[82],"internal":[83],"program":[84,116],"states.":[85],"We":[86,108],"demonstrate":[87],"attackers":[89],"can":[90],"modify":[91],"existing":[92,115],"code":[93],"exploits":[94],"control":[96],"event":[97],"partitioning,":[98],"breaking":[99],"links":[100],"in":[101],"attack":[103],"framing":[105],"innocent":[106],"users.":[107],"show":[110],"our":[112],"techniques":[113],"circumvent":[114],"integrity":[119],"defenses.":[120]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}