{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T00:50:31Z","timestamp":1740099031089,"version":"3.37.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319743127"},{"type":"electronic","value":"9783319743134"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-74313-4_11","type":"book-chapter","created":{"date-parts":[[2018,1,17]],"date-time":"2018-01-17T00:17:43Z","timestamp":1516148263000},"page":"132-146","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Lightweight Non-intrusive Virtual Machine Introspection"],"prefix":"10.1007","author":[{"given":"Natalia","family":"Fursova","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pavel","family":"Dovgalyuk","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ivan","family":"Vasiliev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vladimir","family":"Makarov","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,1,18]]},"reference":[{"issue":"2","key":"11_CR1","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1145\/2007183.2007189","volume":"45","author":"F Azmandian","year":"2011","unstructured":"Azmandian, F., Moffie, M., Alshawabkeh, M., Dy, J., Aslam, J., Kaeli, D.: Virtual machine monitor-based lightweight intrusion detection. SIGOPS Oper. Syst. Rev. 45(2), 38\u201353 (2011). http:\/\/doi.acm.org\/10.1145\/2007183.2007189","journal-title":"SIGOPS Oper. Syst. Rev."},{"key":"11_CR2","unstructured":"Bellard, F.: Qemu, a fast and portable dynamic translator. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2005, p. 41. USENIX Association, Berkeley (2005). http:\/\/dl.acm.org\/citation.cfm?id=1247360.1247401"},{"key":"11_CR3","unstructured":"Bungale, P.P., Luk, C.K.: Pinos: a programmable framework for whole-system dynamic instrumentation. In: Proceedings of the 3rd International Conference on Virtual Execution Environments, VEE 2007, pp. 137\u2013147. ACM, New York (2007). http:\/\/doi.acm.org\/10.1145\/1254810.1254830"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"Chen, P., Noble, B.: When virtual is better than real [operating system relocation to virtual machines]. In: Proceedings of the Eighth Workshop on Hot Topics in Operating Systems, 2001, pp. 133\u2013138, May 2001","DOI":"10.1109\/HOTOS.2001.990073"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Hodosh, J., Hulin, P., Leek, T., Whelan, R.: Repeatable reverse engineering for the greater good with panda, October 2014","DOI":"10.1145\/2843859.2843867"},{"key":"11_CR6","unstructured":"Dolan-Gavitt, B., Hodosh, J., Hulin, P., Leek, T., Whelan, R.: Repeatable reverse engineering with panda. In: Proceedings of the 5th Program Protection and Reverse Engineering Workshop, PPREW-5, pp. 4:1\u20134:11. ACM, New York (2015). http:\/\/doi.acm.org\/10.1145\/2843859.2843867"},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Leek, T., Hodosh, J., Lee, W.: Tappan zee (north) bridge: mining memory accesses for introspection. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & #38; Communications Security, CCS 2013, pp. 839\u2013850. ACM, New York (2013). http:\/\/doi.acm.org\/10.1145\/2508859.2516697","DOI":"10.1145\/2508859.2516697"},{"key":"11_CR8","doi-asserted-by":"publisher","unstructured":"Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Lee, W.: Virtuoso: narrowing the semantic gap in virtual machine introspection. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP 2011, pp. 297\u2013312. IEEE Computer Society, Washington, DC (2011). https:\/\/doi.org\/10.1109\/SP.2011.11","DOI":"10.1109\/SP.2011.11"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Dovgalyuk, P.: Deterministic replay of system\u2019s execution with multi-target qemu simulator for dynamic analysis and reverse debugging. In: Proceedings of the 2012 16th European Conference on Software Maintenance and Reengineering, CSMR 2012, pp. 553\u2013556. IEEE Computer Society, Washington, DC (2012)","DOI":"10.1109\/CSMR.2012.74"},{"key":"11_CR10","unstructured":"Dovgalyuk, P., Dmitriev, D., Makarov, V.: Don\u2019t panic: reverse debugging of kernel drivers. In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, ESEC\/FSE 2015, pp. 938\u2013941. ACM, New York (2015). http:\/\/doi.acm.org\/10.1145\/2786805.2803179"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Fu, Y., Lin, Z.: Space traveling across vm: automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 586\u2013600, May 2012","DOI":"10.1109\/SP.2012.40"},{"key":"11_CR12","unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the Network and Distributed Systems Security Symposium, pp. 191\u2013206 (2003)"},{"key":"11_CR13","unstructured":"Guillon, C.: Program instrumentation with qemu. In: 1st International QEMU Users Forum, vol. 1, pp. 15\u201318 (2011)"},{"key":"11_CR14","unstructured":"Henderson, A., Prakash, A., Yan, L.K., Hu, X., Wang, X., Zhou, R., Yin, H.: Make it work, make it right, make it fast: Building a platform-neutral whole-system dynamic binary analysis platform. In: Proceedings of the 2014 International Symposium on Software Testing and Analysis, ISSTA 2014, pp. 248\u2013258. ACM, New York (2014). http:\/\/doi.acm.org\/10.1145\/2610384.2610407"},{"key":"11_CR15","unstructured":"Hizver, J., Chiueh, T.c.: Real-time deep virtual machine introspection and its applications. In: Proceedings of the 10th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments, VEE 2014, pp. 3\u201314. ACM, New York (2014). http:\/\/doi.acm.org\/10.1145\/2576195.2576196"},{"key":"11_CR16","unstructured":"Julino, J.: Lightweight introspection for full system simulations. Diploma thesis, System Architecture Group, Karlsruhe Institute of Technology (KIT), Germany, 1 March 2014. http:\/\/os.itec.kit.edu\/"},{"key":"11_CR17","unstructured":"Lawton, K.P.: Bochs: A portable pc emulator for unix\/x. Linux J. 1996(29es) (1996). http:\/\/dl.acm.org\/citation.cfm?id=326350.326357"},{"issue":"7","key":"11_CR18","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1145\/2365864.2151044","volume":"47","author":"G Lefebvre","year":"2012","unstructured":"Lefebvre, G., Cully, B., Head, C., Spear, M., Hutchinson, N., Feeley, M., Warfield, A.: Execution mining. SIGPLAN Not. 47(7), 145\u2013158 (2012). http:\/\/doi.acm.org\/10.1145\/2365864.2151044","journal-title":"SIGPLAN Not."},{"key":"11_CR19","unstructured":"Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2005, pp. 190\u2013200. ACM, New York (2005). http:\/\/doi.acm.org\/10.1145\/1065010.1065034"},{"issue":"1","key":"11_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13677-014-0016-2","volume":"3","author":"A More","year":"2014","unstructured":"More, A., Tapaswi, S.: Virtual machine introspection: towards bridging the semantic gap. J. Cloud Comput. 3(1), 1\u201314 (2014). https:\/\/doi.org\/10.1186\/s13677-014-0016-2","journal-title":"J. Cloud Comput."},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Tong, X., Moshovos, A.: Qtrace: a framework for customizable full system instrumentation. In: 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), pp. 245\u2013255, March 2015","DOI":"10.1109\/ISPASS.2015.7095810"},{"key":"11_CR22","unstructured":"Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security 2012, p. 29. USENIX Association, Berkeley (2012). http:\/\/dl.acm.org\/citation.cfm?id=2362793.2362822"}],"container-title":["Lecture Notes in Computer Science","Perspectives of System Informatics"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-74313-4_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,9]],"date-time":"2019-10-09T08:30:21Z","timestamp":1570609821000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-74313-4_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319743127","9783319743134"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-74313-4_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}