{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T18:31:29Z","timestamp":1768415489815,"version":"3.49.0"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030657444","type":"print"},{"value":"9783030657451","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-65745-1_5","type":"book-chapter","created":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T08:03:25Z","timestamp":1608278605000},"page":"79-93","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication"],"prefix":"10.1007","author":[{"given":"Michael","family":"Kiperberg","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Raz Ben","family":"Yehuda","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nezer J.","family":"Zaidenberg","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,12,19]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Bilge, L., Dumitra\u015f, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833\u2013844 (2012)","DOI":"10.1145\/2382196.2382284"},{"issue":"4","key":"5_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2584679","volume":"16","author":"L Bilge","year":"2014","unstructured":"Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Kruegel, C.: Exposure: a passive DNS analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(4), 1\u201328 (2014)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"5_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-3-319-24174-6_4","volume-title":"Computer Security \u2013 ESORICS 2015","author":"P Chen","year":"2015","unstructured":"Chen, P., Xu, J., Lin, Z., Xu, D., Mao, B., Liu, P.: A practical approach for adaptive data structure layout randomization. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 69\u201389. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-24174-6_4"},{"key":"5_CR4","unstructured":"Cook, K.: Kernel address space layout randomization. Linux Security Summit (2013)"},{"key":"5_CR5","unstructured":"Deshane, T., Shepherd, Z., Matthews, J., Ben-Yehuda, M., Shah, A., Rao, B.: Quantitative comparison of Xen and KVM, pp. 1\u20132. Xen Summit, Boston (2008)"},{"key":"5_CR6","unstructured":"Ermolov, M., Shishkin, A.: Microsoft windows 8.1 kernel patch protection analysis (2014)"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Ge, X., Talele, N., Payer, M., Jaeger, T.: Fine-grained control-flow integrity for kernel software. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 179\u2013194. IEEE (2016)","DOI":"10.1109\/EuroSP.2016.24"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Ghafir, I., Prenosil, V.: DNS traffic analysis for malicious domains detection. In: 2015 2nd International Conference on Signal Processing and Integrated Networks (SPIN), pp. 613\u2013918. IEEE (2015)","DOI":"10.1109\/SPIN.2015.7095337"},{"key":"5_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-40667-1_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Graziano","year":"2016","unstructured":"Graziano, M., Flore, L., Lanzi, A., Balzarotti, D.: Subverting operating system properties through evolutionary DKOM attacks. In: Caballero, J., Zurutuza, U., Rodr\u00edguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 3\u201324. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-40667-1_1"},{"key":"5_CR10","unstructured":"Guide, P.: Intel\u00ae 64 and IA-32 architectures software developer\u2019s manual. Volume 3B: System programming Guide, Part 2, 11 (2011)"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 969\u2013986. IEEE (2016)","DOI":"10.1109\/SP.2016.62"},{"key":"5_CR12","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In: USENIX Security Symposium, pp. 383\u2013398 (2009)"},{"key":"5_CR13","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-55415-5_1","volume-title":"ICT Systems Security and Privacy Protection","author":"N Kheir","year":"2014","unstructured":"Kheir, N., Tran, F., Caron, P., Deschamps, N.: Mentor: positive DNS reputation to skim-off benign domains in botnet C&C blacklists. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 1\u201314. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55415-5_1"},{"key":"5_CR14","unstructured":"Korkin, I.: Hypervisor-based active data protection for integrity and confidentiality of dynamically allocated memory in windows kernel. arXiv preprint arXiv:1805.11847 (2018)"},{"key":"5_CR15","unstructured":"Larabel, M., Tippett, M.: Phoronix test suite. Phoronix Media (2020). http:\/\/www.phoronix-test-suite.com\/. Accessed June 2020"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Lentz, M., Sen, R., Druschel, P., Bhattacharjee, B.: Secloak: arm trustzone-based mobile peripheral control. In: Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services, pp. 1\u201313 (2018)","DOI":"10.1145\/3210240.3210334"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Lu, S., Lin, Z., Zhang, M.: Kernel vulnerability analysis: a survey. In: 2019 IEEE Fourth International Conference on Data Science in Cyberspace (DSC), pp. 549\u2013554. IEEE (2019)","DOI":"10.1109\/DSC.2019.00089"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Markuze, A., Morrison, A., Tsafrir, D.: True iommu protection from dma attacks: when copy is faster than zero copy. In: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 249\u2013262 (2016)","DOI":"10.1145\/2954680.2872379"},{"key":"5_CR19","unstructured":"McVoy, L.W., Staelin, C., et al.: lmbench: portable tools for performance analysis. In: USENIX Annual Technical Conference, San Diego, CA, USA, pp. 279\u2013294 (1996)"},{"key":"5_CR20","unstructured":"Neiger, G., Santoni, A., Leung, F., Rodgers, D., Uhlig, R.: Intel virtualization technology: hardware support for efficient processor virtualization. Intel Technol. J. 10(3), 167\u2013177 (2006)"},{"key":"5_CR21","unstructured":"Petroni Jr, N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot-a coprocessor-based kernel runtime integrity monitor. In: USENIX Security Symposium, San Diego, USA, pp. 179\u2013194 (2004)"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Petroni Jr, N.L., Hicks, M.: Automated detection of persistent kernel control-flow attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 103\u2013115 (2007)","DOI":"10.1145\/1315245.1315260"},{"key":"5_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1007\/978-3-642-25141-2_7","volume-title":"Advances in Information and Computer Security","author":"J Pfoh","year":"2011","unstructured":"Pfoh, J., Schneider, C., Eckert, C.: Nitro: hardware-based system call tracing for virtual machines. In: Iwata, T., Nishigaki, M. (eds.) IWSEC 2011. LNCS, vol. 7038, pp. 96\u2013112. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25141-2_7"},{"issue":"6","key":"5_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3291047","volume":"51","author":"S Pinto","year":"2019","unstructured":"Pinto, S., Santos, N.: Demystifying ARM TrustZone: a comprehensive survey. ACM Comput. Surv. (CSUR) 51(6), 1\u201336 (2019)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Proskurin, S., Lengyel, T., Momeu, M., Eckert, C., Zarras, A.: Hiding in the shadows: empowering arm for stealthy virtual machine introspection. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 407\u2013417 (2018)","DOI":"10.1145\/3274694.3274698"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Rahbarinia, B., Perdisci, R., Antonakakis, M.: Segugio: efficient behavior-based tracking of malware-control domains in large ISP networks. In: 2015 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks, pp. 403\u2013414. IEEE (2015)","DOI":"10.1109\/DSN.2015.35"},{"key":"5_CR27","unstructured":"Rutkowska, J., Wojtczuk, R.: Preventing and detecting xen hypervisor subversions. Blackhat Briefings USA (2008)"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, pp. 335\u2013350 (2007)","DOI":"10.1145\/1323293.1294294"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Shinagawa, T., et al.: Bitvisor: a thin hypervisor for enforcing i\/o device security. In: Proceedings of the 2009 ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments, pp. 121\u2013130 (2009)","DOI":"10.1145\/1508293.1508311"},{"key":"5_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/3-540-45067-X_20","volume-title":"Information Security and Privacy","author":"A Singh","year":"2003","unstructured":"Singh, A., Nordstr\u00f6m, O., Lu, C., dos Santos, A.L.M.: Malicious ICMP tunneling: defense against the vulnerability. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 226\u2013236. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-45067-X_20"},{"issue":"43","key":"5_CR31","first-page":"139","volume":"1","author":"S Smalley","year":"2001","unstructured":"Smalley, S., Vance, C., Salamon, W.: Implementing selinux as a linux security module. NAI Labs Report 1(43), 139 (2001)","journal-title":"NAI Labs Report"},{"key":"5_CR32","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: Sok: eternal war in memory. In: 2013 IEEE Symposium on Security and Privacy, pp. 48\u201362. IEEE (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"5_CR33","volume-title":"Microsoft Virtualization with Hyper-V","author":"A Velte","year":"2009","unstructured":"Velte, A., Velte, T.: Microsoft Virtualization with Hyper-V. McGraw-Hill Inc., New York (2009)"},{"key":"5_CR34","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X.: Hypersafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: 2010 IEEE Symposium on Security and Privacy, pp. 380\u2013395. IEEE (2010)","DOI":"10.1109\/SP.2010.30"},{"key":"5_CR35","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X., Cui, W., Ning, P.: Countering kernel rootkits with lightweight hook protection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 545\u2013554 (2009)","DOI":"10.1145\/1653662.1653728"},{"key":"5_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-87403-4_2","volume-title":"Recent Advances in Intrusion Detection","author":"Z Wang","year":"2008","unstructured":"Wang, Z., Jiang, X., Cui, W., Wang, X.: Countering persistent kernel rootkits through systematic hook discovery. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 21\u201338. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-87403-4_2"},{"key":"5_CR37","doi-asserted-by":"crossref","unstructured":"White, J.S., Pape, S.R., Meily, A.T., Gloo, R.M.: Dynamic malware analysis using introvirt: a modified hypervisor-based system. In: Cyber Sensing 2013, vol. 8757, p. 87570D. International Society for Optics and Photonics (2013)","DOI":"10.1117\/12.2015545"},{"key":"5_CR38","unstructured":"Wilkins, R., Richardson, B.: Uefi secure boot in modern computer security solutions. In: UEFI Forum (2013)"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-65745-1_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T08:38:44Z","timestamp":1608280724000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-65745-1_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030657444","9783030657451"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-65745-1_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"19 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2,75","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the Corona pandemic the event was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}