{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:10:59Z","timestamp":1772039459431,"version":"3.50.1"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319998275","type":"print"},{"value":"9783319998282","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-99828-2_19","type":"book-chapter","created":{"date-parts":[[2018,8,25]],"date-time":"2018-08-25T11:35:10Z","timestamp":1535196910000},"page":"263-277","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Follow the WhiteRabbit: Towards Consolidation of On-the-Fly Virtualization and Virtual Machine Introspection"],"prefix":"10.1007","author":[{"given":"Sergej","family":"Proskurin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Julian","family":"Kirsch","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Apostolis","family":"Zarras","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,8,26]]},"reference":[{"key":"19_CR1","unstructured":"Chen, P.M., Noble, B.D.: When virtual is better than real. In: USENIX Workshop on Hot Topics in Operating Systems (HotOS) (2001)"},{"key":"19_CR2","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual machine introspection based architecture for intrusion detection. In: ISOC Network and Distributed System Security Symposium (NDSS) (2003)"},{"key":"19_CR3","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware analysis via hardware virtualization extensions. In: ACM Conference on Computer and Communications Security (CCS) (2008)","DOI":"10.1145\/1455770.1455779"},{"key":"19_CR4","doi-asserted-by":"crossref","unstructured":"Gu, Z., Deng, Z., Xu, D., Jiang, X.: Process implanting: a new active introspection framework for virtualization. In: Annual Information Security Symposium (2012)","DOI":"10.1109\/SRDS.2011.26"},{"key":"19_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-642-38631-2_15","volume-title":"Network and System Security","author":"S Vogl","year":"2013","unstructured":"Vogl, S., Kilic, F., Schneider, C., Eckert, C.: X-TIER: Kernel module injection. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 192\u2013205. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38631-2_15"},{"key":"19_CR6","doi-asserted-by":"crossref","unstructured":"Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system. In: Annual Computer Security Applications Conference (ACSAC) (2014)","DOI":"10.1145\/2664243.2664252"},{"key":"19_CR7","unstructured":"Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: USENIX Security Symposium (2008)"},{"key":"19_CR8","unstructured":"Kittel, T., Vogl, S., Lengyel, T.K., Pfoh, J., Eckert, C.: Code validation for modern OS kernels. In: Workshop on Malware Memory Forensics (MMF) (2014)"},{"key":"19_CR9","unstructured":"Kocher, P., et al.: Spectre Attacks: Exploiting Speculative Execution. arXiv preprint arXiv:1801.01203"},{"key":"19_CR10","unstructured":"Lipp, M., et al.: Meltdown. arXiv preprint arXiv:1801.01207"},{"key":"19_CR11","doi-asserted-by":"crossref","unstructured":"Shockley, M., Maixner, C., Johnson, R., DeRidder, M., Petullo, W.M.: Using VisorFlow to control information flow without modifying the operating system Kernel or its Userspace. In: International Workshop on Managing Insider Security Threats (2017)","DOI":"10.1145\/3139923.3139924"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Deng, Z., Zhang, X., Xu, D.: SPIDER: stealthy binary program instrumentation and debugging via hardware virtualization. In: Annual Computer Security Applications Conference (ACSAC) (2013)","DOI":"10.1145\/2523649.2523675"},{"issue":"7","key":"19_CR13","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1145\/361011.361073","volume":"17","author":"GJ Popek","year":"1974","unstructured":"Popek, G.J., Goldberg, R.P.: Formal requirements for virtualizable third generation architectures. Commun. ACM 17(7), 412\u2013421 (1974)","journal-title":"Commun. ACM"},{"key":"19_CR14","doi-asserted-by":"crossref","unstructured":"Dall, C., Nieh, J.: KVM\/ARM: The design and implementation of the linux ARM hypervisor. In: International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2014)","DOI":"10.1145\/2541940.2541946"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Pfoh, J., Schneider, C., Eckert, C.: A formal model for virtual machine introspection. In: Workshop on Virtual Machine Security (VMSec) (2009)","DOI":"10.1145\/1655148.1655150"},{"key":"19_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1007\/978-3-642-25141-2_7","volume-title":"Advances in Information and Computer Security","author":"J Pfoh","year":"2011","unstructured":"Pfoh, J., Schneider, C., Eckert, C.: Nitro: hardware-based system call tracing for virtual machines. In: Iwata, T., Nishigaki, M. (eds.) IWSEC 2011. LNCS, vol. 7038, pp. 96\u2013112. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25141-2_7"},{"key":"19_CR17","unstructured":"Shi, H., Alwabel, A., Mirkovic, J.: Cardinal pill testing of system virtual machines. In: USENIX Security Symposium (2014)"},{"key":"19_CR18","unstructured":"Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is not transparency: VMM detection myths and realities. In: USENIX Workshop on Hot Topics in Operating Systems (HotOS) (2007)"},{"key":"19_CR19","unstructured":"Chen, X., Andersen, J., Mao, Z.M., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN) (2008)"},{"key":"19_CR20","doi-asserted-by":"crossref","unstructured":"Miramirkhani, N., Appini, M.P., Nikiforakis, N., Polychronakis, M.: Spotless sandboxes: evading malware analysis systems using wear-and-tear artifacts. In: IEEE Symposium on Security and Privacy (S&P) (2017)","DOI":"10.1109\/SP.2017.42"},{"key":"19_CR21","unstructured":"Domas, C.: Breaking the x86 ISA, Black Hat, USA (2017)"},{"key":"19_CR22","doi-asserted-by":"crossref","unstructured":"Jain, B., Baig, M.B., Zhang, D., Porter, D.E., Sion, R.: SoK: introspections on trust and the semantic gap. In: IEEE Symposium on Security and Privacy (S&P) (2014)","DOI":"10.1109\/SP.2014.45"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: implementing malware with virtual machines. In: IEEE Symposium on Security and Privacy (S&P) (2006)","DOI":"10.1109\/SP.2006.38"},{"key":"19_CR24","unstructured":"Rutkowska, J.: Subverting VistaTM Kernel for fun and profit, Black Hat, USA (2006)"},{"key":"19_CR25","unstructured":"Dai Zovi, D.A.: Hardware Virtualization Rootkits, Black Hat, USA (2006)"},{"key":"19_CR26","unstructured":"Rutkowska, J., Tereshkin, A.: IsGameOver () Anyone, Black Hat, USA (2007)"},{"key":"19_CR27","doi-asserted-by":"crossref","unstructured":"David, F.M., Chan, E.M., Carlyle, J.C., Campbell, R.H.: Cloaker: hardware supported rootkit concealment. In: IEEE Symposium on Security and Privacy (S&P) (2008)","DOI":"10.1109\/SP.2008.8"},{"key":"19_CR28","doi-asserted-by":"crossref","unstructured":"Zhang, N., Sun, H., Sun, K., Lou, W., Hou, Y.T.: CacheKit: Evading memory introspection using cache incoherence. In: IEEE Symposium on Security and Privacy (S&P) (2016)","DOI":"10.1109\/EuroSP.2016.34"},{"key":"19_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"376","DOI":"10.1007\/978-3-319-50011-9_29","volume-title":"Information and Communications Security","author":"R Buhren","year":"2016","unstructured":"Buhren, R., Vetter, J., Nordholz, J.: The threat of virtualization: hypervisor-based rootkits on the ARM architecture. In: Lam, K.-Y., Chi, C.-H., Qing, S. (eds.) ICICS 2016. LNCS, vol. 9977, pp. 376\u2013391. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-50011-9_29"},{"key":"19_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/978-3-642-15512-3_16","volume-title":"Recent Advances in Intrusion Detection","author":"L Martignoni","year":"2010","unstructured":"Martignoni, L., Fattori, A., Paleari, R., Cavallaro, L.: Live and trustworthy forensic analysis of commodity production systems. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 297\u2013316. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15512-3_16"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-99828-2_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,26]],"date-time":"2022-08-26T00:05:05Z","timestamp":1661472305000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-99828-2_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319998275","9783319998282"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-99828-2_19","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"26 August 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poznan","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"33","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/ifipsec2018.pwr.edu.pl\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"89","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"330% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}