{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T22:51:03Z","timestamp":1757631063451,"version":"3.44.0"},"publisher-location":"Cham","reference-count":66,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030589509"},{"type":"electronic","value":"9783030589516"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58951-6_16","type":"book-chapter","created":{"date-parts":[[2020,9,11]],"date-time":"2020-09-11T09:07:40Z","timestamp":1599815260000},"page":"316-337","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["HART: Hardware-Assisted Kernel Module Tracing on Arm"],"prefix":"10.1007","author":[{"given":"Yunlan","family":"Du","sequence":"first","affiliation":[]},{"given":"Zhenyu","family":"Ning","sequence":"additional","affiliation":[]},{"given":"Jun","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Zhilong","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Yueh-Hsun","family":"Lin","sequence":"additional","affiliation":[]},{"given":"Fengwei","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Xinyu","family":"Xing","sequence":"additional","affiliation":[]},{"given":"Bing","family":"Mao","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,12]]},"reference":[{"key":"16_CR1","unstructured":"PTWRITE - write data to a processor trace packet. https:\/\/hjlebbink.github.io\/x86doc\/html\/PTWRITE.html"},{"key":"16_CR2","unstructured":"TCP westwood+ congestion control (2003). https:\/\/tools.ietf.org\/html\/rfc3649"},{"key":"16_CR3","unstructured":"Processor tracing (2013). https:\/\/software.intel.com\/en-us\/blogs\/2013\/09\/18\/processor-tracing"},{"key":"16_CR4","unstructured":"Juno ARM Development Platform SoC Technical Reference Manual (2014)"},{"key":"16_CR5","unstructured":"slub (2017). https:\/\/www.kernel.org\/doc\/Documentation\/vm\/slub.txt"},{"key":"16_CR6","unstructured":"Home Google\/Kasan Wiki (2018). https:\/\/github.com\/google\/kasan\/wiki"},{"key":"16_CR7","unstructured":"Apple A4 (2019). https:\/\/www.apple.com\/newsroom\/2010\/06\/07Apple-Presents-iPhone-4\/"},{"key":"16_CR8","unstructured":"Config$$\\_$$usb$$\\_$$storage: USB mass storage support (2019). https:\/\/cateee.net\/lkddb\/web-lkddb\/USB_STORAGE.html"},{"key":"16_CR9","unstructured":"Embedded trace macrocell architecture specification (2019). http:\/\/infocenter.arm.com\/help\/index.jsp?topic=\/com.arm.doc.ihi0014q\/index.html"},{"key":"16_CR10","unstructured":"ftrace - function tracer (2019). https:\/\/www.kernel.org\/doc\/Documentation\/trace\/ftrace.txt"},{"key":"16_CR11","unstructured":"Getting started with kmemcheck - the Linux kernel documentation (2019). https:\/\/www.kernel.org\/doc\/html\/v4.14\/dev-tools\/kmemcheck.html"},{"key":"16_CR12","unstructured":"H-TCP - congestion control for high delay-bandwidth product networks (2019). http:\/\/www.hamilton.ie\/net\/htcp.htm"},{"key":"16_CR13","unstructured":"HFS plus (2019). https:\/\/www.forensicswiki.org\/wiki\/HFS%2B"},{"key":"16_CR14","unstructured":"i.MX53 quick start board\u2014NXP (2019). https:\/\/www.nxp.com\/products\/power-management\/pmics\/power-management-for-i.mx-application-processors\/i.mx53-quick-start-board:IMX53QSB"},{"key":"16_CR15","unstructured":"The kernel address sanitizer (Kasan) - the Linux kernel documentation (2019). https:\/\/www.kernel.org\/doc\/html\/v4.14\/dev-tools\/kasan.html"},{"key":"16_CR16","unstructured":"Kmemleak (2019). https:\/\/www.kernel.org\/doc\/html\/v4.14\/dev-tools\/kmemleak.html"},{"key":"16_CR17","unstructured":"Samsung Exynos 3110 (2019). https:\/\/www.samsung.com\/semiconductor\/minisite\/exynos\/products\/mobileprocessor\/exynos-3-single-3110\/"},{"key":"16_CR18","unstructured":"Snapdragon 200 series (2019). https:\/\/www.qualcomm.com\/snapdragon\/processors\/200"},{"key":"16_CR19","unstructured":"Universal disk format (2019). https:\/\/docs.oracle.com\/cd\/E19683-01\/806-4073\/fsoverview-8\/index.html"},{"key":"16_CR20","unstructured":"ARM: Cortex-A8 Technical Reference Manual (2014)"},{"key":"16_CR21","doi-asserted-by":"crossref","unstructured":"Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 268\u2013279. ACM (2015)","DOI":"10.1145\/2810103.2813691"},{"key":"16_CR22","unstructured":"Boyd-Wickizer, S., Zeldovich, N.: Tolerating malicious device drivers in Linux. In: USENIX Annual Technical Conference, Boston (2010)"},{"key":"16_CR23","doi-asserted-by":"crossref","unstructured":"Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping kernel objects to enable systematic integrity checking. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 555\u2013565. ACM (2009)","DOI":"10.1145\/1653662.1653729"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Castro, M., et al.: Fast byte-granularity software fault isolation. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, pp. 45\u201358. ACM (2009)","DOI":"10.1145\/1629575.1629581"},{"key":"16_CR25","doi-asserted-by":"crossref","unstructured":"Chen, H., Mao, Y., Wang, X., Zhou, D., Zeldovich, N., Kaashoek, M.F.: Linux kernel vulnerabilities: state-of-the-art defenses and open problems. In: Proceedings of the Second Asia-Pacific Workshop on Systems, p. 5. ACM (2011)","DOI":"10.1145\/2103799.2103805"},{"key":"16_CR26","doi-asserted-by":"crossref","unstructured":"Criswell, J., Dautenhahn, N., Adve, V.: KCoFI: complete control-flow integrity for commodity operating system kernels. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 292\u2013307. IEEE (2014)","DOI":"10.1109\/SP.2014.26"},{"key":"16_CR27","doi-asserted-by":"crossref","unstructured":"Criswell, J., Lenharth, A., Dhurjati, D., Adve, V.: Secure virtual architecture: a safe execution environment for commodity operating systems. In: Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles, SOSP 2007, pp. 351\u2013366. ACM (2007)","DOI":"10.1145\/1294261.1294295"},{"key":"16_CR28","unstructured":"Don, C., Capps, C., Sawyer, D., Lohr, J., Dowding, G., et al.: IOzone filesystem benchmark (2016). http:\/\/www.iozone.org\/"},{"key":"16_CR29","unstructured":"Dugan, J., Elliott, S., Mah, B.A., Poskanzer, J., Prabhu, K., et al.: iPerf - the ultimate speed test tool for TCP, UDP and SCTP (2018). https:\/\/iperf.fr\/"},{"key":"16_CR30","doi-asserted-by":"crossref","unstructured":"Floyd, S.: Highspeed TCP for large congestion windows (2003). https:\/\/tools.ietf.org\/html\/rfc3649","DOI":"10.17487\/rfc3649"},{"key":"16_CR31","unstructured":"Garfinkel, T., Rosenblum, M., et al.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2003, pp. 191\u2013206 (2003)"},{"key":"16_CR32","doi-asserted-by":"crossref","unstructured":"Ge, X., Cui, W., Jaeger, T.: GRIFFIN: guarding control flows using intel processor trace. In: Proceedings of the 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2017)","DOI":"10.1145\/3037697.3037716"},{"key":"16_CR33","unstructured":"Ghannam, M.: CVE-2017-8824 Linux: use-after-free in DCCP code (2017). https:\/\/www.openwall.com\/lists\/oss-security\/2017\/12\/05\/1"},{"key":"16_CR34","doi-asserted-by":"crossref","unstructured":"Gu, Y., Zhao, Q., Zhang, Y., Lin, Z.: PT-CFI: transparent backward-edge control flow violation detection using intel processor trace. In: Proceedings of the 7th ACM International Conference on Data and Application Security and Privacy (CODASPY) (2017)","DOI":"10.1145\/3029806.3029830"},{"key":"16_CR35","unstructured":"Hertz, J., Newsham, T.: Project triforce: run AFL on everything! (2016). https:\/\/www.nccgroup.trust\/us\/about-us\/newsroom-and-events\/blog\/2016\/june\/project-triforce-run-afl-on-everything\/"},{"key":"16_CR36","unstructured":"Hinum, K.: Hisilicon kirin 920 (2017). https:\/\/www.notebookcheck.net\/HiSilicon-Kirin-920-SoC-Benchmarks-and-Specs.240088.0.html"},{"key":"16_CR37","unstructured":"Iyer, R.K.: An OS-level framework for providing application-aware reliability. In: 12th Pacific Rim International Symposium on Dependable Computing, PRDC 2006 (2007)"},{"key":"16_CR38","doi-asserted-by":"crossref","unstructured":"Kazdagli, M., Ling, H., Reddi, V., Tiwari, M.: Morpheus: benchmarking computational diversity in mobile malware. In: Proceedings of Hardware and Architectural Support for Security and Privacy (2014)","DOI":"10.1145\/2611765.2611767"},{"key":"16_CR39","doi-asserted-by":"crossref","unstructured":"Linares-V\u00e1squez, M., Bavota, G., Escobar-Vel\u00e1squez, C.: An empirical study on android-related vulnerabilities. In: 2017 IEEE\/ACM 14th International Conference on Mining Software Repositories (MSR), pp. 2\u201313. IEEE (2017)","DOI":"10.1109\/MSR.2017.60"},{"key":"16_CR40","unstructured":"Machiry, A., Spensky, C., Corina, J., Stephens, N., Kruegel, C., Vigna, G.: Dr. Checker: a soundy analysis for Linux kernel drivers. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1007\u20131024. USENIX Association (2017)"},{"key":"16_CR41","doi-asserted-by":"crossref","unstructured":"Moon, H., Lee, J., Hwang, D., Jung, S., Seo, J., Paek, Y.: Architectural supports to protect OS kernels from code-injection attacks. In: Proceedings of Hardware and Architectural Support for Security and Privacy (2016)","DOI":"10.1145\/2948618.2948623"},{"key":"16_CR42","unstructured":"Nikolenko, V.: Heap off-by-one POC (2016). http:\/\/cyseclabs.com\/exploits\/matreshka.c"},{"key":"16_CR43","unstructured":"Ning, Z., Zhang, F.: Ninja: towards transparent tracing and debugging on arm. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 33\u201349 (2017)"},{"key":"16_CR44","unstructured":"Popov, A.: CVE-2017-2636: exploit the race condition in the n$$\\_$$hdlc Linux kernel driver bypassing SMEP (2017). https:\/\/a13xp0p0v.github.io\/2017\/03\/24\/CVE-2017-2636.html"},{"key":"16_CR45","unstructured":"Rubin, P., MacKenzie, D., Kemp, S.: dd - convert and copy a file (2019). http:\/\/man7.org\/linux\/man-pages\/man1\/dd.1.html"},{"key":"16_CR46","unstructured":"Schumilo, S.: Multiple memory corruption issues in ntfs.ko (Linux 4.15.0-15.16) (2018). https:\/\/bugs.launchpad.net\/ubuntu\/+source\/linux\/+bug\/1763403"},{"key":"16_CR47","unstructured":"Schumilo, S., Aschermann, C., Gawlik, R., Schinzel, S., Holz, T.: kAFL: hardware-assisted feedback fuzzing for OS kernels. In: Proceedings of the 26th Security Symposium (USENIX Security) (2017)"},{"key":"16_CR48","unstructured":"Sehr, D., et al.: Adapting software fault isolation to contemporary CPU architectures. In: 19th USENIX Security Symposium (USENIX Security 2010), pp. 1\u201312 (2010)"},{"key":"16_CR49","unstructured":"Freescale Semiconductor: i.MX53 Multimedia Applications Processor Reference Manual (2012)"},{"key":"16_CR50","unstructured":"Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: USENIX Annual Technical Conference, pp. 309\u2013318 (2012)"},{"key":"16_CR51","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: ACM SIGOPS Operating Systems Review, pp. 335\u2013350. ACM (2007)","DOI":"10.1145\/1294261.1294294"},{"key":"16_CR52","unstructured":"snorez: Exploit of CVE-2017-7184 (2017). https:\/\/raw.githubusercontent.com\/snorez\/exploits\/master\/cve-2017-7184\/exp.c"},{"key":"16_CR53","doi-asserted-by":"crossref","unstructured":"Song, C., Lee, B., Lu, K., Harris, W., Kim, T., Lee, W.: Enforcing kernel security invariants with data flow integrity. In: NDSS (2016)","DOI":"10.14722\/ndss.2016.23218"},{"key":"16_CR54","doi-asserted-by":"crossref","unstructured":"Swift, M.M., Martin, S., Levy, H.M., Eggers, S.J.: Nooks: an architecture for reliable device drivers. In: Proceedings of the 10th Workshop on ACM SIGOPS European Workshop, pp. 102\u2013107. ACM (2002)","DOI":"10.1145\/1133373.1133393"},{"key":"16_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-319-11379-1_6","volume-title":"Research in Attacks, Intrusions and Defenses","author":"A Tang","year":"2014","unstructured":"Tang, A., Sethumadhavan, S., Stolfo, S.J.: Unsupervised anomaly-based malware detection using hardware features. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 109\u2013129. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-11379-1_6"},{"key":"16_CR56","unstructured":"Perception Point Team: Refcount overflow exploit (2017). https:\/\/github.com\/SecWiki\/linux-kernel-exploits\/blob\/master\/2016\/CVE-2016-0728\/cve-2016-0728.c"},{"key":"16_CR57","unstructured":"virtuoso: virtuoso\/etm2human: Arm\u2019s ETM v3 decoder (2009). https:\/\/github.com\/virtuoso\/etm2human"},{"key":"16_CR58","doi-asserted-by":"crossref","unstructured":"Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: ACM SIGOPS Operating Systems Review, pp. 203\u2013216. ACM (1994)","DOI":"10.1145\/168619.168635"},{"key":"16_CR59","unstructured":"Wang, X., Backer, J.: SIGDROP: signature-based ROP detection using hardware performance counters. arXiv preprint arXiv:1609.02667 (2016)"},{"key":"16_CR60","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X.: HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 380\u2013395. IEEE (2010)","DOI":"10.1109\/SP.2010.30"},{"key":"16_CR61","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X., Cui, W., Ning, P.: Countering kernel rootkits with lightweight hook protection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 545\u2013554. ACM (2009)","DOI":"10.1145\/1653662.1653728"},{"key":"16_CR62","unstructured":"Wu, W., Chen, Y., Xing, X., Zou, W.: Kepler: facilitating control-flow hijacking primitive evaluation for Linux kernel vulnerabilities. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1187\u20131204 (2019)"},{"key":"16_CR63","unstructured":"Wu, W., Chen, Y., Xu, J., Xing, X., Gong, X., Zou, W.: Fuze: towards facilitating exploit generation for kernel use-after-free vulnerabilities. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 781\u2013797 (2018)"},{"key":"16_CR64","unstructured":"Xiong, X., Tian, D., Liu, P., et al.: Practical protection of kernel integrity for commodity OS from untrusted extensions. In: NDSS, vol. 11 (2011)"},{"key":"16_CR65","unstructured":"Zhou, F., et al.: SafeDrive: safe and recoverable extensions using language-based techniques. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 45\u201360. USENIX Association (2006)"},{"key":"16_CR66","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1007\/978-3-319-06320-1_14","volume-title":"Information Security Practice and Experience","author":"HW Zhou","year":"2014","unstructured":"Zhou, H.W., Wu, X., Shi, W.C., Yuan, J.H., Liang, B.: HDROP: detecting ROP attacks using performance monitoring counters. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 172\u2013186. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-06320-1_14"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2020"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58951-6_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T22:03:56Z","timestamp":1757541836000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58951-6_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030589509","9783030589516"],"references-count":66,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58951-6_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"12 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guildford","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/esorics2020.sccs.surrey.ac.uk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"366","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"72","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,16","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9,1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-10 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}