{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T03:58:43Z","timestamp":1743134323831,"version":"3.40.3"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319288642"},{"type":"electronic","value":"9783319288659"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-28865-9_7","type":"book-chapter","created":{"date-parts":[[2016,1,23]],"date-time":"2016-01-23T03:40:02Z","timestamp":1453520402000},"page":"116-134","source":"Crossref","is-referenced-by-count":0,"title":["Defeating Kernel Driver Purifier"],"prefix":"10.1007","author":[{"given":"Jidong","family":"Xiao","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hai","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haining","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"Sony bmg copy protection rootkit scandal. \n                    http:\/\/en.wikipedia.org\/wiki\/Sony_BMG_copy_protection_rootkit_scandal"},{"key":"7_CR2","unstructured":"Alberts, B.: Dr linux 2.6 rootkit released. \n                    http:\/\/lwn.net\/Articles\/296952\/"},{"key":"7_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/3-540-61996-8_49","volume-title":"Information Hiding","author":"D Aucsmith","year":"1996","unstructured":"Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317\u2013333. Springer, Heidelberg (1996)"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S.K., Ustuner, A.: Thorough static analysis of device drivers. In: Proceedings of the First European Conference on Computer Systems (EuroSys), vol. 40, pp. 73\u201385. ACM (2006)","DOI":"10.1145\/1218063.1217943"},{"key":"7_CR5","unstructured":"Boyd-Wickizer, S., Zeldovich, N.: Tolerating malicious device drivers in linux. In: Proceedings of the USENIX Annual Technical Conference (ATC), p. 9. USENIX Association (2010)"},{"key":"7_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/3-540-47870-1_10","volume-title":"Security and Privacy in Digital Rights Management","author":"H Chang","year":"2002","unstructured":"Chang, H., Atallah, M.J.: Protecting software code by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160\u2013175. Springer, Heidelberg (2002)"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Chou, A., Yang, J., Chelf, B., Hallem, S., Engler, D.: An empirical study of operating systems errors. In: Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles (SOSP). ACM (2001)","DOI":"10.21236\/ADA419594"},{"key":"7_CR8","unstructured":"Cuadro cpu benchmark. \n                    http:\/\/sourceforge.net\/projects\/cuadrocpubenchm"},{"key":"7_CR9","unstructured":"Garfinkel, T., Rosenblum, M., et al.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the Tenth Annual Symposium on Network and Distributed Systems Security (NDSS) (2003)"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Glerum, K., Kinshumann, K., Greenberg, S., Aul, G., Orgovan, V., Nichols, G., Grant, D., Loihle, G., Hunt, G.: Debugging in the (very) large: ten years of implementation and experience. In: Proceedings of the Twenty-Second ACM Symposium on Operating Systems Principles (SOSP), pp. 103\u2013116. ACM (2009)","DOI":"10.1145\/1629575.1629586"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Gu, Z., Sumner, W.N., Deng, Z., Zhang, X., Xu, D.: Drip: a framework for purifying trojaned kernel drivers. In: IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE (2013)","DOI":"10.1109\/DSN.2013.6575342"},{"key":"7_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/3-540-47870-1_9","volume-title":"Security and Privacy in Digital Rights Management","author":"B Horne","year":"2002","unstructured":"Horne, B., Matheson, L., Sheehan, C., Tarjan, R.E.: Dynamic self-checking techniques for improved tamper resistance. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 141\u2013159. Springer, Heidelberg (2002)"},{"key":"7_CR13","unstructured":"Iperf benchmark. \n                    http:\/\/sourceforge.net\/projects\/iperf\/"},{"key":"7_CR14","unstructured":"IPSECS. The kbeast rootkit. \n                    http:\/\/core.ipsecs.com\/rootkit\/kernel-rootkit\/kbeast-v1\/"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction. In: Proceedings of the Fourteenth ACM Conference on Computer and Communications Security (CCS), pp. 128\u2013138. ACM (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Kadav, A., Swift, M.M.: Understanding modern device drivers. In: Proceedings of the Seventeenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), vol. 40, pp. 87\u201398. ACM (2012)","DOI":"10.1145\/2150976.2150987"},{"key":"7_CR17","unstructured":"Kagstrom, S.: Provide ways of crashing the kernel through debugfs. \n                    http:\/\/lwn.net\/Articles\/371208\/"},{"key":"7_CR18","unstructured":"Keizer, G.: Researchers spot rootkits on more sony usb drives. \n                    http:\/\/www.computerworld.com\/s\/article\/9033798\/Researchers_spot_rootkits_on_more_Sony_USB_drives"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Kovah, X., Kallenberg, C., Weathers, C., Herzog, A., Albin, M., Butterworth, J.: New results for timing-based attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P), pp. 239\u2013253. IEEE (2012)","DOI":"10.1109\/SP.2012.45"},{"key":"7_CR20","unstructured":"Kuznetsov, V., Chipounov, V., Candea, G.: Testing closed-source binary device drivers with ddt. In: Proceedings of the USENIX Annual Technical Conference (ATC), p. 12. USENIX Association (2010)"},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"Mao, Y., Chen, H., Zhou, D., Wang, X., Zeldovich, N., Kaashoek, M.F.: Software fault isolation with api integrity and multi-principal modules. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP), pp. 115\u2013128. ACM (2011)","DOI":"10.1145\/2043556.2043568"},{"key":"7_CR22","unstructured":"Mitchell, D.: The rootkit of all evil. \n                    http:\/\/www.nytimes.com\/2005\/11\/19\/business\/media\/19online.html?_r=0"},{"key":"7_CR23","unstructured":"Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot-a coprocessor-based kernel runtime integrity monitor. In: USENIX Security Symposium, pp. 179\u2013194 (2004)"},{"key":"7_CR24","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles (SOSP), vol. 39, pp. 1\u201316. ACM (2005)","DOI":"10.1145\/1095809.1095812"},{"key":"7_CR25","unstructured":"Srivastava, A., Giffin, J.T.: Efficient monitoring of untrusted kernel-mode execution. In: Proceedings of the Eighteenth Annual Symposium on Network and Distributed System Security (NDSS). Citeseer (2011)"},{"key":"7_CR26","unstructured":"stealth. Announcing full functional adore-ng rootkit for 2.6 kernel. \n                    http:\/\/lwn.net\/Articles\/75991\/"},{"key":"7_CR27","unstructured":"styx\n                    \n                      \n                    \n                    $$\\hat{.}$$\n                   Infecting loadable kernel modules: kernel versions 2.6.x\/3.0.x. \n                    http:\/\/www.phrack.org\/issues.html?issue=68&id=11#article"},{"key":"7_CR28","doi-asserted-by":"crossref","unstructured":"Sze, W.-K., Sekar, R.: A portable user-level approach for system-wide integrity protection. In: Proceedings of the 29th Annual Computer Security Applications Conference, pp. 219\u2013228. ACM (2013)","DOI":"10.1145\/2523649.2523655"},{"key":"7_CR29","unstructured":"Viega, J., Messier, M.: Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More. O\u2019Reilly Media Inc. (2009)"},{"key":"7_CR30","unstructured":"Williams, D., Reynolds, P., Walsh, K., Sirer, E.G., Schneider, F.B.: Device driver safety through a reference validation mechanism. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI), pp. 241\u2013254 (2008)"},{"key":"7_CR31","unstructured":"Xiong, X., Tian, D., Liu, P.: Practical protection of kernel integrity for commodity os from untrusted extensions. In: Proceedings of the Eighteenth Annual Symposium on Network and Distributed System Security (NDSS) (2011)"},{"key":"7_CR32","doi-asserted-by":"crossref","unstructured":"Zhang, F., Leach, K., Sun, K., Stavrou, A.: Spectre: a dependable introspection framework via system management mode. In: Proceedings of the 43rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1\u201312. IEEE (2013)","DOI":"10.1109\/DSN.2013.6575343"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-28865-9_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T07:21:38Z","timestamp":1559373698000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-28865-9_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319288642","9783319288659"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-28865-9_7","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2015]]}}}