{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T00:52:15Z","timestamp":1740099135485,"version":"3.37.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319935621"},{"type":"electronic","value":"9783319935638"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-93563-8_12","type":"book-chapter","created":{"date-parts":[[2018,6,22]],"date-time":"2018-06-22T07:30:02Z","timestamp":1529652602000},"page":"137-149","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Automatic Mitigation of Kernel Rootkits in Cloud Environments"],"prefix":"10.1007","author":[{"given":"Jonathan","family":"Grimm","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Irfan","family":"Ahmed","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vassil","family":"Roussev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Manish","family":"Bhatt","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"ManPyo","family":"Hong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,6,23]]},"reference":[{"key":"12_CR1","unstructured":"Basic$$\\_$$_6 rootkit (2016). \nhttps:\/\/github.com\/bowlofstew\/rootkit.com\/tree\/master\/hoglund\/basic_6"},{"key":"12_CR2","unstructured":"BinDiff (2016). \nhttps:\/\/www.zynamics.com\/bindiff.html\/"},{"key":"12_CR3","unstructured":"kBouncer (2016). \nhttp:\/\/www.cs.columbia.edu\/~vpappas\/papers\/kbouncer.pdf"},{"key":"12_CR4","unstructured":"Libguestfs (2016). \nhttp:\/\/libguestfs.org\/"},{"key":"12_CR5","unstructured":"LibVMI (2016). \nhttp:\/\/libvmi.com"},{"key":"12_CR6","unstructured":"Opdis (2016). \nhttp:\/\/mkfs.github.io\/content\/opdis\/"},{"key":"12_CR7","unstructured":"Suterusu rootkit (2016). \nhttps:\/\/github.com\/mncoppola\/suterusu"},{"key":"12_CR8","unstructured":"Understanding and Defeating Windows 8.1 Kernel Patch Protection (2016). \nhttp:\/\/www.nosuchcon.org\/talks\/2014\/D2_01_Andrea_Allievi_Win8.1_Patch_protections.pdf"},{"key":"12_CR9","unstructured":"Volatility (2016). \nhttp:\/\/www.volatilityfoundation.org\/"},{"key":"12_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-27659-5_1","volume-title":"Information Security","author":"I Ahmed","year":"2015","unstructured":"Ahmed, I., Richard, G.G., Zoranic, A., Roussev, V.: Integrity checking of function pointers in kernel pools via virtual machine introspection. In: Desmedt, Y. (ed.) ISC 2013. LNCS, vol. 7807, pp. 3\u201319. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-27659-5_1"},{"key":"12_CR11","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-642-41148-9_21","volume-title":"Advances in Digital Forensics IX","author":"I Ahmed","year":"2013","unstructured":"Ahmed, I., Zoranic, A., Javaid, S., Richard, G., Roussev, V.: Rule-based integrity checking of interrupt descriptor tables in cloud environments. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2013. IAICT, vol. 410, pp. 305\u2013328. Springer, Heidelberg (2013). \nhttps:\/\/doi.org\/10.1007\/978-3-642-41148-9_21"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Ahmed, I., Zoranic, A., Javaid, S., Richard III, G.G.: ModChecker: kernel module integrity checking in the cloud environment. In: 2012 41st International Conference on Parallel Processing Workshops, pp. 306\u2013313. IEEE (2012)","DOI":"10.1109\/ICPPW.2012.46"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., Rhee, J., Xu, D.: DKSM: subverting virtual machine introspection for fun and profit. In: Proceedings of the 29th IEEE Symposium on Reliable Distributed Systems (2010)","DOI":"10.1109\/SRDS.2010.39"},{"issue":"1","key":"12_CR14","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1145\/2775111","volume":"48","author":"E Bauman","year":"2015","unstructured":"Bauman, E., Ayoade, G., Lin, Z.: A survey on hypervisor-based monitoring: approaches, applications, and evolutions. ACM Comput. Surv. (CSUR) 48(1), 10 (2015)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"12_CR15","first-page":"16","volume":"50","author":"N Burow","year":"2016","unstructured":"Burow, N., Carr, S.A., Brunthaler, S., Payer, M., Nash, J., Larsen, P., Franz, M.: Control-flow integrity: precision, security, and performance. ACM Comput. Surv. 50, 16 (2016)","journal-title":"ACM Comput. Surv."},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Criswell, J., Dautenhahn, N., Adve, V.: KCoFI: complete control-flow integrity for commodity operating system kernels. In: Proceedings of the IEEE Symposium on Security and Privacy (2014)","DOI":"10.1109\/SP.2014.26"},{"key":"12_CR17","unstructured":"Garfinkel, T., Rosenblum, M., et al.: A virtual machine introspection based architecture for intrusion detection. In: NDSS, vol. 3, pp. 191\u2013206 (2003)"},{"key":"12_CR18","volume-title":"Rootkits: Subverting the Windows Kernel","author":"G Hoglund","year":"2006","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, Boston (2006)"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Jain, B., Baig, M.B., Zhang, D., Porter, D.E., Sion, R.: SoK: introspections on trust and the semantic gap. In: 2014 IEEE Symposium on Security and Privacy, pp. 605\u2013620. IEEE (2014)","DOI":"10.1109\/SP.2014.45"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through VMM-based out-of-the-box semantic view reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 128\u2013138. ACM (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Win, T.Y., Tianfield, H., Mair, Q.: Detection of malware and kernel-level rootkits in cloud computing environments. In: 2nd IEEE International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 295\u2013300 (2015)","DOI":"10.1109\/CSCloud.2015.54"},{"key":"12_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1007\/978-3-319-26362-5_4","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"P Yuan","year":"2015","unstructured":"Yuan, P., Zeng, Q., Ding, X.: Hardware-assisted fine-grained code-reuse attack detection. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 66\u201385. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-26362-5_4"}],"container-title":["Lecture Notes in Computer Science","Information Security Applications"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-93563-8_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,6,22]],"date-time":"2018-06-22T07:35:44Z","timestamp":1529652944000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-93563-8_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319935621","9783319935638"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-93563-8_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}