{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T03:48:42Z","timestamp":1743047322401,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030287511"},{"type":"electronic","value":"9783030287528"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-28752-8_14","type":"book-chapter","created":{"date-parts":[[2019,8,6]],"date-time":"2019-08-06T11:02:31Z","timestamp":1565089351000},"page":"253-272","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["DETERMINING THE FORENSIC DATA REQUIREMENTS FOR INVESTIGATING HYPERVISOR ATTACKS"],"prefix":"10.1007","author":[{"given":"Changwei","family":"Liu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anoop","family":"Singhal","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ramaswamy","family":"Chandramouli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Duminda","family":"Wijesekera","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,8,7]]},"reference":[{"unstructured":"A. Belay, A. Bittau, A. Mashtizadeh, D. Terei, D. Mazieres and C. Kozyrakis, Dune: Safe user-level access to privileged CPU features, Proceedings of the Tenth USENIX Symposium on Operating Systems Design and Implementation, pp. 335\u2013348, 2012.","key":"14_CR1"},{"unstructured":"J. Boutoille and G. Campana, Xen Exploitation Part 3: XSA-182, Qubes escape, Quarkslab\u2019s Blog (blog.quarkslab.com\/xen-exploitation-part-3-xsa-182-qubes-escape.html), August 4, 2016.","key":"14_CR2"},{"unstructured":"B. Dolan-Gavitt, B. Payne and W. Lee, Leveraging Forensic Tools for Virtual Machine Introspection, School of Computer Science, Georgia Institute of Technology, Atlanta, Georgia, 2011.","key":"14_CR3"},{"unstructured":"H. Fayyad-Kazan, L. Perneel and M. Timmerman, Full and para-virtualization with Xen: A performance comparison, Journal of Emerging Trends in Computing and Information Sciences, vol. 4(9), pp. 719\u2013727, 2013.","key":"14_CR4"},{"unstructured":"T. Garfinkel and M. Rosenblum, A virtual machine introspection based architecture for intrusion detection, Proceedings of the Network and Distributed System Security Symposium, pp. 191\u2013206, 2003.","key":"14_CR5"},{"doi-asserted-by":"crossref","unstructured":"R. Goldberg, Survey of virtual machine research, IEEE Computer, vol. 7(9), pp. 34\u201345, 1974.","key":"14_CR6","DOI":"10.1109\/MC.1974.6323581"},{"doi-asserted-by":"crossref","unstructured":"M. Graziano, A. Lanzi and D. Balzarotti, Hypervisor memory forensics, Proceedings of the Sixteenth International Symposium on Research in Attacks, Intrusions and Defenses, pp. 21\u201340, 2013.","key":"14_CR7","DOI":"10.1007\/978-3-642-41284-4_2"},{"unstructured":"J. Horn, Pandavirtualization: Exploiting the Xen Hypervisor, Project Zero, Google, Mountain View, California (googleprojectzero.blogspot.com\/2017\/04\/pandavirtualization-exploiting-xen.html), April 7, 2017.","key":"14_CR8"},{"doi-asserted-by":"crossref","unstructured":"L. Joshi, M. Kumar and R. Bharti, Understanding threats to hypervisor, its forensics mechanism and its research challenges, International Journal of Computer Applications, vol. 119(1), pp. 1\u20135, 2015.","key":"14_CR9","DOI":"10.5120\/21028-2755"},{"unstructured":"J. Kloster, J. Kristensen and A. Mejlholm, Efficient Memory Sharing in the Xen Virtual Machine Monitor, DAT5 Semester Thesis Report, Department of Computer Science, Aalborg University, Aalborg, Denmark, 2006.","key":"14_CR10"},{"unstructured":"KVM Contributors, Kernel Virtual Machine, KVM (www.linux-kvm.org\/page\/Main_Page), 2019.","key":"14_CR11"},{"unstructured":"LibVMI Community, LibVMI: LibVMI Virtual Machine Introspection, LibVMI (libvmi.com), 2019.","key":"14_CR12"},{"doi-asserted-by":"crossref","unstructured":"C. Liu, A. Singhal and D. Wijesekera, A layered graphical model for cloud forensic mission attack impact analysis, in Advances in Digital Forensics XIV, G. Peterson and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 263\u2013289, 2018.","key":"14_CR13","DOI":"10.1007\/978-3-319-99277-8_15"},{"unstructured":"S. Lowe, 2015 State of Hyperconverged Infrastructure Market Report, ActualTech Media, Bluffton, South Carolina, 2015.","key":"14_CR14"},{"doi-asserted-by":"crossref","unstructured":"P. Mell and T. Grance, Sidebar: The NIST definition of cloud computing, Communications of the ACM, vol. 53(6), p. 50, 2010.","key":"14_CR15","DOI":"10.6028\/NIST.SP.800-145"},{"doi-asserted-by":"crossref","unstructured":"A. Moser, C. Kruegel and E. Kirda, Exploring multiple execution paths for malware analysis, Proceedings of the IEEE Symposium on Security and Privacy, pp. 231\u2013245, 2007.","key":"14_CR16","DOI":"10.1109\/SP.2007.17"},{"unstructured":"National Institute of Standards and Technology, NIST National Vulnerability Database, Gaithersburg, Maryland (nvd.nist.gov), 2019.","key":"14_CR17"},{"unstructured":"B. Pariseau, KVM reignites Type 1 vs. Type 2 hypervisor debate, TechTarget, Newton, Massachusetts (searchservervirtualization.techtarget.com\/news\/2240034817\/KVM-reignites-Type-1-vs-Type-2-hypervisor-debate), April 15, 2011.","key":"14_CR18"},{"doi-asserted-by":"crossref","unstructured":"B. Payne, Simplifying Virtual Machine Introspection Using LibVMI, Sandia Report SAND2012-7818, Sandia National Laboratories, Albuquerque, New Mexico, 2012.","key":"14_CR19","DOI":"10.2172\/1055635"},{"doi-asserted-by":"crossref","unstructured":"D. Perez-Botero, J. Szefer and R. Lee, Characterizing hypervisor vulnerabilities in cloud computing servers, Proceedings of the International Workshop on Security in Cloud Computing, pp. 3\u201310, 2013.","key":"14_CR20","DOI":"10.1145\/2484402.2484406"},{"doi-asserted-by":"crossref","unstructured":"G. Popek and R. Goldberg, Formal requirements for virtualizable third generation architectures, Communications of the ACM, vol. 17(7), pp. 412\u2013421, 1974.","key":"14_CR21","DOI":"10.1145\/361011.361073"},{"unstructured":"QEMU, QEMU \u2013 The FAST! Processor Emulator (www.qemu.org), 2019.","key":"14_CR22"},{"unstructured":"J. Satran, L. Shalev, M. Ben-Yehuda and Z. Machulsky, Scalable I\/O \u2013 A well-architected way to do scalable, secure and virtualized I\/O, Proceedings of the Workshop on I\/O Virtualization, 2008.","key":"14_CR23"},{"doi-asserted-by":"crossref","unstructured":"J. Shi, Y. Yang and C. Tang, Hardware assisted hypervisor introspection, SpringerPlus, vol. 5(647), 2016.","key":"14_CR24","DOI":"10.1186\/s40064-016-2257-7"},{"doi-asserted-by":"crossref","unstructured":"Y. Song, H. Wang and T. Soyata, Hardware and software aspects of VM-based mobile-cloud offloading, in Enabling Real-Time Mobile Cloud Computing through Emerging Technologies, T. Soyata (Ed.), IGI Global, Hershey, Pennsylvania, pp. 247\u2013271, 2015.","key":"14_CR25","DOI":"10.4018\/978-1-4666-8662-5.ch008"},{"doi-asserted-by":"crossref","unstructured":"J. Szefer, E. Keller, R. Lee and J. Rexford, Eliminating the hypervisor attack surface for a more secure cloud, Proceedings of the Eighteenth ACM Conference on Computer and Communications Security, pp. 401\u2013412, 2011.","key":"14_CR26","DOI":"10.1145\/2046707.2046754"},{"doi-asserted-by":"crossref","unstructured":"A. Thongthua and S. Ngamsuriyaroj, Assessment of hypervisor vulnerabilities, Proceedings of the International Conference on Cloud Computing Research and Innovations, pp. 71\u201377, 2016.","key":"14_CR27","DOI":"10.1109\/ICCCRI.2016.19"},{"doi-asserted-by":"crossref","unstructured":"R. Uhlig, G. Neiger, D. Rodgers, A. Santoni, F. Martins, A. Anderson, S. Bennett, A. Kagi, F. Leung and L. Smith, Intel virtualization technology, IEEE Computer, vol. 38(5), pp. 48\u201356, 2005.","key":"14_CR28","DOI":"10.1109\/MC.2005.163"},{"unstructured":"G. Wang, Z. Estrada, C. Pham, Z. Kalbarczyk and R. Iyer, Hypervisor introspection: A technique for evading passive virtual machine monitoring, Proceedings of the Ninth USENIX Workshop on Offensive Technologies, 2015.","key":"14_CR29"},{"unstructured":"Xen Project, x86 Paravirtualized Memory Management (http:\/\/www.wiki.xen.org\/wiki\/X86_Paravirtualised_Memory_Management), 2019.","key":"14_CR30"},{"unstructured":"Xen\u00a0Project, Xen\u00a0Project\u00a0Software Overview (http:\/\/www.wiki.xen.org\/wiki\/Xen_Project_Software_Overview), 2019.","key":"14_CR31"}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics XV"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-28752-8_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,6]],"date-time":"2023-08-06T00:08:23Z","timestamp":1691280503000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-28752-8_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030287511","9783030287528"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-28752-8_14","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"7 August 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DigitalForensics","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Digital Forensics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Orlando, FL","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 January 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 January 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"digitalforensics2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip119.org\/Conferences\/ConferenceProgramCommittee2019.pdf","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}