{"id":"https://openalex.org/W4306178584","doi":"https://doi.org/10.1145/3495243.3560548","title":"Sifter","display_name":"Sifter","publication_year":2022,"publication_date":"2022-10-14","ids":{"openalex":"https://openalex.org/W4306178584","doi":"https://doi.org/10.1145/3495243.3560548"},"language":"en","primary_location":{"id":"doi:10.1145/3495243.3560548","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3495243.3560548","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3495243.3560548","source":{"id":"https://openalex.org/S4363608994","display_name":"Proceedings of the 28th Annual International Conference on Mobile Computing And Networking","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual International Conference on Mobile Computing And Networking","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3495243.3560548","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5077064733","display_name":"Hsin-Wei Hung","orcid":"https://orcid.org/0000-0002-4007-339X"},"institutions":[{"id":"https://openalex.org/I2803209242","display_name":"University of California System","ror":"https://ror.org/00pjdza24","country_code":"US","type":"education","lineage":["https://openalex.org/I2803209242"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hsin-Wei Hung","raw_affiliation_strings":["University of California"],"affiliations":[{"raw_affiliation_string":"University of California","institution_ids":["https://openalex.org/I2803209242"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088812047","display_name":"Yingtong Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I2803209242","display_name":"University of California System","ror":"https://ror.org/00pjdza24","country_code":"US","type":"education","lineage":["https://openalex.org/I2803209242"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yingtong Liu","raw_affiliation_strings":["University of California"],"affiliations":[{"raw_affiliation_string":"University of California","institution_ids":["https://openalex.org/I2803209242"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5003045043","display_name":"Ardalan Amiri Sani","orcid":"https://orcid.org/0000-0003-0130-587X"},"institutions":[{"id":"https://openalex.org/I2803209242","display_name":"University of California System","ror":"https://ror.org/00pjdza24","country_code":"US","type":"education","lineage":["https://openalex.org/I2803209242"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ardalan Amiri Sani","raw_affiliation_strings":["University of California"],"affiliations":[{"raw_affiliation_string":"University of California","institution_ids":["https://openalex.org/I2803209242"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5077064733"],"corresponding_institution_ids":["https://openalex.org/I2803209242"],"apc_list":null,"apc_paid":null,"fwci":0.7292,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.70664149,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"623","last_page":"635"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7370898127555847},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.6627474427223206},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6274961233139038},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5835839509963989},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.5774651169776917},{"id":"https://openalex.org/keywords/trusted-computing-base","display_name":"Trusted computing base","score":0.5736417770385742},{"id":"https://openalex.org/keywords/linux-kernel","display_name":"Linux kernel","score":0.5447074770927429},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5411036014556885},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5225967168807983},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.4463811218738556},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.44516488909721375},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.07377117872238159},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.06645384430885315},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.05610877275466919}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7370898127555847},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.6627474427223206},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6274961233139038},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5835839509963989},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.5774651169776917},{"id":"https://openalex.org/C147346212","wikidata":"https://www.wikidata.org/wiki/Q5492632","display_name":"Trusted computing base","level":4,"score":0.5736417770385742},{"id":"https://openalex.org/C553261973","wikidata":"https://www.wikidata.org/wiki/Q14579","display_name":"Linux kernel","level":2,"score":0.5447074770927429},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5411036014556885},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5225967168807983},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.4463811218738556},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.44516488909721375},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.07377117872238159},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.06645384430885315},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.05610877275466919},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3495243.3560548","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3495243.3560548","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3495243.3560548","source":{"id":"https://openalex.org/S4363608994","display_name":"Proceedings of the 28th Annual International Conference on Mobile Computing And Networking","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual International Conference on Mobile Computing And Networking","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3495243.3560548","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3495243.3560548","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3495243.3560548","source":{"id":"https://openalex.org/S4363608994","display_name":"Proceedings of the 28th Annual International Conference on Mobile Computing And Networking","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual International Conference on Mobile Computing And Networking","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7699999809265137,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G3382891349","display_name":null,"funder_award_id":"1763172","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G575572559","display_name":null,"funder_award_id":"1763172 and 1846230","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6430172839","display_name":null,"funder_award_id":"2020 Android Security and PrIvacy REsearch (ASPIRE)","funder_id":"https://openalex.org/F4320309327","funder_display_name":"Google"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320309327","display_name":"Google","ror":"https://ror.org/00njsd438"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4306178584.pdf","grobid_xml":"https://content.openalex.org/works/W4306178584.grobid-xml"},"referenced_works_count":30,"referenced_works":["https://openalex.org/W1516432943","https://openalex.org/W1606518565","https://openalex.org/W1639956611","https://openalex.org/W1941427975","https://openalex.org/W1988143662","https://openalex.org/W2019814385","https://openalex.org/W2043579558","https://openalex.org/W2065176875","https://openalex.org/W2118372007","https://openalex.org/W2129860818","https://openalex.org/W2135143063","https://openalex.org/W2136520403","https://openalex.org/W2137756679","https://openalex.org/W2149124089","https://openalex.org/W2603707637","https://openalex.org/W2888922197","https://openalex.org/W2890977390","https://openalex.org/W2927543040","https://openalex.org/W3016185124","https://openalex.org/W3021426193","https://openalex.org/W3081770884","https://openalex.org/W3092347617","https://openalex.org/W3106913944","https://openalex.org/W3163863206","https://openalex.org/W3194351501","https://openalex.org/W4226491378","https://openalex.org/W6630914723","https://openalex.org/W6646363968","https://openalex.org/W6774033646","https://openalex.org/W7064111672"],"related_works":["https://openalex.org/W2377509977","https://openalex.org/W2354398839","https://openalex.org/W23760953","https://openalex.org/W1970216380","https://openalex.org/W2123619123","https://openalex.org/W2373778029","https://openalex.org/W4380793018","https://openalex.org/W4387446146","https://openalex.org/W1495866883","https://openalex.org/W4377941332"],"abstract_inverted_index":{"The":[0,94],"Linux":[1],"kernel":[2,31,55,84,113],"is":[3,70,99],"an":[4],"important":[5],"part":[6],"of":[7,13,73,82,143],"the":[8,18,30,71,79,141],"Trusted":[9],"Computing":[10],"Base":[11],"(TCB)":[12],"a":[14,43,50,128],"mobile":[15],"device":[16],"using":[17],"Android":[19],"OS,":[20],"making":[21],"it":[22],"attractive":[23],"to":[24,64,77,111],"attackers.":[25],"While":[26],"all":[27],"vulnerabilities":[28,89,131],"in":[29,97,105],"are":[32,36,61,102],"important,":[33],"those":[34,58],"that":[35,60,100,120,135],"directly":[37,62],"reachable":[38],"by":[39,140],"untrusted":[40,65,92],"programs":[41,108],"pose":[42],"grave":[44],"threat.":[45],"This":[46],"paper":[47],"introduces":[48],"Sifter,":[49],"solution":[51],"for":[52,91],"protecting":[53],"security-critical":[54],"modules,":[56],"i.e.,":[57],"modules":[59,85],"exposed":[63],"programs.":[66,93],"Sifter's":[67],"key":[68,95],"approach":[69],"use":[72,142],"fine-grained,":[74],"highly-selective":[75],"filters":[76,119],"reduce":[78],"attack":[80],"surface":[81],"these":[83,112],"and":[86,126],"make":[87],"their":[88],"unreachable":[90],"observation":[96],"Sifter":[98],"there":[101],"rich":[103],"patterns":[104],"how":[106],"legitimate":[107],"issue":[109],"syscalls":[110],"modules;":[114],"thus,":[115],"one":[116],"can":[117],"generate":[118],"only":[121,137],"allow":[122],"such":[123],"syscall":[124,145],"patterns,":[125],"as":[127],"result":[129],"mitigate":[130],"(including":[132],"zero-day":[133],"ones)":[134],"could":[136],"be":[138],"exploited":[139],"unorthodox":[144],"patterns.":[146]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2022-10-14T00:00:00"}