{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T14:17:32Z","timestamp":1772893052332,"version":"3.50.1"},"publisher-location":"Cham","reference-count":62,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030220372","type":"print"},{"value":"9783030220389","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-22038-9_9","type":"book-chapter","created":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T19:02:31Z","timestamp":1560106951000},"page":"177-196","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":54,"title":["Practical Enclave Malware with Intel SGX"],"prefix":"10.1007","author":[{"given":"Michael","family":"Schwarz","sequence":"first","affiliation":[]},{"given":"Samuel","family":"Weiser","sequence":"additional","affiliation":[]},{"given":"Daniel","family":"Gruss","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,6,6]]},"reference":[{"key":"9_CR1","unstructured":"Adamski, A.: Overview of Intel SGX - Part 2, SGX Externals, August 2018"},{"key":"9_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-319-08509-8_3","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"D Andriesse","year":"2014","unstructured":"Andriesse, D., Bos, H.: Instruction-level steganography for covert trigger-based malware. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 41\u201350. Springer, Cham (2014). \n                      https:\/\/doi.org\/10.1007\/978-3-319-08509-8_3"},{"key":"9_CR3","unstructured":"Arnautov, S., et al.: SCONE: secure Linux containers with Intel SGX. In: OSDI (2016)"},{"key":"9_CR4","unstructured":"Aumasson, J.P., Merino, L.: SGX secure enclaves in practice: security and crypto review. In: Black Hat Briefings (2016)"},{"key":"9_CR5","doi-asserted-by":"crossref","unstructured":"Bauman, E., Lin, Z.: A case for protecting computer games with SGX. In: Workshop on System Software for Trusted Execution (2016)","DOI":"10.1145\/3007788.3007792"},{"key":"9_CR6","doi-asserted-by":"crossref","unstructured":"Bittau, A., Belay, A., Mashtizadeh, A., Mazi\u00e8res, D., Boneh, D.: Hacking blind. In: S&P (2014)","DOI":"10.1109\/SP.2014.22"},{"key":"9_CR7","doi-asserted-by":"crossref","unstructured":"Borrello, P., Coppa, E., D\u2019Elia, D.C., Demetrescu, C.: The ROP needle: hiding trigger-based injection vectors via code reuse. In: ACM Symposium on Applied Computing (SAC) (2019)","DOI":"10.1145\/3297280.3297472"},{"key":"9_CR8","unstructured":"Brasser, F., M\u00fcller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: WOOT (2017)"},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Brenner, S., Hundt, T., Mazzeo, G., Kapitza, R.: Secure cloud micro services using Intel SGX. In: IFIP International Conference on Distributed Applications and Interoperable Systems (2017)","DOI":"10.1007\/978-3-319-59665-5_13"},{"key":"9_CR10","unstructured":"Gesetz zur effektiveren und praxistauglicheren Ausgestaltung des Strafverfahrens (2017)"},{"key":"9_CR11","unstructured":"Carlini, N., Barresi, A., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: on the effectiveness of control-flow integrity. In: USENIX Security (2015)"},{"key":"9_CR12","doi-asserted-by":"crossref","unstructured":"Caulfield, T., Ioannidis, C., Pym, D.: The US vulnerabilities equities process: an economic perspective. In: International Conference on Decision and Game Theory for Security (2017)","DOI":"10.1007\/978-3-319-68711-7_8"},{"key":"9_CR13","unstructured":"Chiueh, T.c., Hsu, F.H.: RAD: a compile-time solution to buffer overflow attacks. In: Conference on Distributed Computing Systems (2001)"},{"key":"9_CR14","unstructured":"Costan, V., Devadas, S.: Intel SGX explained (2016)"},{"key":"9_CR15","unstructured":"Cowan, C., et al.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX Security (1998)"},{"issue":"5","key":"9_CR16","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1145\/1168919.1168862","volume":"34","author":"Jedidiah R. Crandall","year":"2006","unstructured":"Crandall, J.R., Wassermann, G., de Oliveira, D.A., Su, Z., Wu, S.F., Chong, F.T.: Temporal search: detecting hidden malware timebombs with virtual machines. In: ACM SIGARCH Computer Architecture News, vol. 34 (2006)","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"9_CR17","unstructured":"Davenport, S., Ford, R.: SGX: the good, the bad and the downright ugly, January 2014. \n                      https:\/\/www.virusbulletin.com\/virusbulletin\/2014\/01\/sgx-good-bad-and-downright-ugly"},{"key":"9_CR18","unstructured":"Dunn, A.M., Hofmann, O.S., Waters, B., Witchel, E.: Cloaking malware with the trusted platform module. In: USENIX Security Symposium (2011)"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Egelman, S., Herley, C., Van Oorschot, P.C.: Markets for zero-day exploits: ethics and implications. In: New Security Paradigms Workshop (2013)","DOI":"10.1145\/2535813.2535818"},{"key":"9_CR20","unstructured":"Electronic Frontier Foundation: New FBI documents provide details on government\u2019s surveillance spyware (2011)"},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Guan, L., Lin, J., Luo, B., Jing, J., Wang, J.: Protecting private keys against memory disclosure attacks using hardware transactional memory. In: S&P (2015)","DOI":"10.1109\/SP.2015.8"},{"key":"9_CR22","unstructured":"Hall, C.G.: Time sensitivity in cyberweapon reusability. Ph.D. thesis, Monterey. Naval Postgraduate School, California (2017)"},{"key":"9_CR23","unstructured":"Intel: Intel\n                      \n                        \n                      \n                      $$\\textregistered $$\n                      \n                        \n                          \u00ae\n                        \n                      \n                     64 and IA-32 Architectures Software Developer\u2019s Manual, Volume 3 (3A, 3B & 3C): System Programming Guide (325384) (2016)"},{"key":"9_CR24","unstructured":"Intel Corporation: Software Guard Extensions Programming Reference, Rev. 2 (2014)"},{"key":"9_CR25","unstructured":"Intel Corporation: Intel SGX: Debug, Production, Pre-release what\u2019s the difference? January 2016"},{"key":"9_CR26","unstructured":"Intel Corporation: Enclave Signing Key Management, May 2018"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Jang, Y., Lee, S., Kim, T.: Breaking kernel address space layout randomization with Intel TSX. In: CCS (2016)","DOI":"10.1145\/2976749.2978321"},{"key":"9_CR28","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through VMM-based out-of-the-box semantic view reconstruction. In: CCS (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"9_CR29","doi-asserted-by":"crossref","unstructured":"King, S., Chen, P.: SubVirt: implementing malware with virtual machines. In: S&P (2006)","DOI":"10.1109\/SP.2006.38"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Kuvaiskii, D., Faqeh, R., Bhatotia, P., Felber, P., Fetzer, C.: Haft: Hardware-assisted fault tolerance. In: EuroSys (2016)","DOI":"10.1145\/2901318.2901339"},{"key":"9_CR31","unstructured":"Lee, J., et al.: Hacking in darkness: Return-oriented programming against secure enclaves. In: USENIX Security (2017)"},{"key":"9_CR32","unstructured":"Leitch, J.: Process hollowing (2013)"},{"key":"9_CR33","doi-asserted-by":"crossref","unstructured":"Liu, Y., Xia, Y., Guan, H., Zang, B., Chen, H.: Concurrent and consistent virtual machine introspection with hardware transactional memory. In: High Performance Computer Architecture (HPCA) (2014)","DOI":"10.1109\/HPCA.2014.6835951"},{"key":"9_CR34","unstructured":"Marschalek, M.: The Wolf in SGX Clothing. Bluehat IL, January 2018"},{"key":"9_CR35","unstructured":"Miller, M.: Safely searching process virtual address space (2004)"},{"key":"9_CR36","unstructured":"Marlinspike, M.: technology preview: private contact discovery for signal (2017)"},{"key":"9_CR37","unstructured":"Myers, M., Youndt, S.: An introduction to hardware-assisted virtual machine (HVM) rootkits. Mega Security (2007)"},{"key":"9_CR38","doi-asserted-by":"crossref","unstructured":"N\u00e9meth, Z.L., Erd\u0151di, L.: When every byte counts - writing minimal length shellcodes. In: Intelligent Systems and Informatics (SISY) (2015)","DOI":"10.1109\/SISY.2015.7325392"},{"key":"9_CR39","unstructured":"Bacca, N.: Soft launching ledger SGX enclave (2017)"},{"key":"9_CR40","unstructured":"Noubir, G., Sanatinia, A.: Trusted code execution on untrusted platforms using Intel SGX. Virus Bulletin (2016)"},{"key":"9_CR41","unstructured":"PaX Team: Address space layout randomization (ASLR) (2003)"},{"key":"9_CR42","unstructured":"PaX Team: RAP: RIP ROP (2015)"},{"key":"9_CR43","doi-asserted-by":"crossref","unstructured":"Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Comprehensive shellcode detection using runtime heuristics. In: ACSAC (2010)","DOI":"10.1145\/1920261.1920305"},{"key":"9_CR44","doi-asserted-by":"crossref","unstructured":"Prakash, A., Yin, H.: Defeating ROP through denial of stack pivot. In: ACSAC (2015)","DOI":"10.1145\/2818000.2818023"},{"key":"9_CR45","unstructured":"Russinovich, M.: Sony, rootkits and digital rights management gone too far, October 2005"},{"key":"9_CR46","unstructured":"Rutkowska, J.: Thoughts on Intel\u2019s upcoming Software Guard Extensions (Part 2) (2013)"},{"key":"9_CR47","doi-asserted-by":"crossref","unstructured":"Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., Russinovich, M.: VC3: trustworthy data analytics in the cloud using SGX. In: S&P (2015)","DOI":"10.1109\/SP.2015.10"},{"key":"9_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-60876-1_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Schwarz","year":"2017","unstructured":"Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3\u201324. Springer, Cham (2017). \n                      https:\/\/doi.org\/10.1007\/978-3-319-60876-1_1"},{"key":"9_CR49","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: CCS (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"9_CR50","unstructured":"Sharif, M.I., Lanzi, A., Giffin, J.T., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: NDSS (2008)"},{"key":"9_CR51","doi-asserted-by":"crossref","unstructured":"Shinde, S., Le Tien, D., Tople, S., Saxena, P.: PANOPLY: Low-TCB Linux applications with SGX enclaves. In: NDSS (2017)","DOI":"10.14722\/ndss.2017.23500"},{"key":"9_CR52","doi-asserted-by":"crossref","unstructured":"Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: S&P (2013)","DOI":"10.1109\/SP.2013.45"},{"key":"9_CR53","unstructured":"Stack shield: a stack smashing technique protection tool for Linux (2011)"},{"key":"9_CR54","doi-asserted-by":"crossref","unstructured":"Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., Walter, T.: Breaking the memory secrecy assumption. In: EuroSys (2009)","DOI":"10.1145\/1519144.1519145"},{"key":"9_CR55","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: S&P (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"9_CR56","doi-asserted-by":"crossref","unstructured":"Theodorides, M., Wagner, D.: Breaking active-set backward-edge CFI. In: Hardware Oriented Security and Trust (HOST) (2017)","DOI":"10.1109\/HST.2017.7951803"},{"key":"9_CR57","unstructured":"Tsai, C.C., Porter, D.E., Vij, M.: Graphene-SGX: a practical library OS for unmodified applications on SGX. In: USENIX ATC (2017)"},{"key":"9_CR58","doi-asserted-by":"crossref","unstructured":"Vrancken, K., Piessens, F., Strackx, R.: Hardening Intel SGX applications: balancing concerns. In: Workshop on System Software for Trusted Execution (2017)","DOI":"10.1145\/3152701.3152711"},{"key":"9_CR59","doi-asserted-by":"publisher","first-page":"440","DOI":"10.1007\/978-3-319-45744-4_22","volume-title":"Computer Security \u2013 ESORICS 2016","author":"Nico Weichbrodt","year":"2016","unstructured":"Weichbrodt, N., Kurmus, A., Pietzuch, P., Kapitza, R.: AsyncShock: exploiting synchronisation bugs in Intel SGX enclaves. In: ESORICS (2016)"},{"key":"9_CR60","unstructured":"Weisse, O., et al.: Foreshadow-NG: breaking the virtual memory abstraction with transient out-of-order execution (2018)"},{"key":"9_CR61","doi-asserted-by":"crossref","unstructured":"Yan, F., Huang, F., Zhao, L., Peng, H., Wang, Q.: Baseline is fragile: on the effectiveness of stack pivot defense. In: ICPADS (2016)","DOI":"10.1109\/ICPADS.2016.0062"},{"key":"9_CR62","doi-asserted-by":"crossref","unstructured":"You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: Broadband, Wireless Computing, Communication and Applications (2010)","DOI":"10.1109\/BWCCA.2010.85"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-22038-9_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T19:10:00Z","timestamp":1560107400000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-22038-9_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030220372","9783030220389"],"references-count":62,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-22038-9_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"6 June 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Gothenburg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sweden","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 June 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 June 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.dimva2019.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"dimca2019.hotcrp.com","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}