{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T14:19:36Z","timestamp":1773325176944,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":38,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540874027","type":"print"},{"value":"9783540874034","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-87403-4_1","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T07:42:05Z","timestamp":1221637325000},"page":"1-20","source":"Crossref","is-referenced-by-count":122,"title":["Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing"],"prefix":"10.1007","author":[{"given":"Ryan","family":"Riley","sequence":"first","affiliation":[]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Dongyan","family":"Xu","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy Malware Detection through VMM-Based \u201cOut-of-the-Box\u201d Semantic View Reconstruction. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS 2007) (October 2007)","DOI":"10.1145\/1315245.1315262"},{"key":"1_CR2","unstructured":"Petroni Jr., N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An Architecture for Specification-based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In: Proceedings of the 15th USENIX Security Symposium (2006)"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Petroni Jr., N.L., Hicks, M.: Automated Detection of Persistent Kernel Control-Flow Attacks. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS 2007) (October 2007)","DOI":"10.1145\/1315245.1315260"},{"key":"1_CR4","unstructured":"Petroni, N., Fraser, T., Molina, J., Arbaugh, W.: Copilot: A Coprocessor-based Kernel Runtime Integrity Monitor. In: Proceedings of the 13th USENIX Security Symposium, pp. 179\u2013194 (2004)"},{"key":"1_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-540-74320-0_12","volume-title":"Recent Advances in Intrusion Detection","author":"J. Wilhelm","year":"2007","unstructured":"Wilhelm, J., Chiueh, T.-c.: A Forced Sampled Execution Approach to Kernel Rootkit Identification. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 219\u2013235. Springer, Heidelberg (2007)"},{"key":"1_CR6","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proc. Network and Distributed Systems Security Symposium (NDSS 2003) (February 2003)"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Guarantee Lifetime Kernel Code Integrity for Commodity OSes. In: Proceedings of the ACM Symposium on Operating Systems Principles (SOSP 2007) (October 2007)","DOI":"10.1145\/1294261.1294294"},{"key":"1_CR8","unstructured":"Bellard, F.: QEMU: A Fast and Portable Dynamic Translator. In: Proceedings of the USENIX Annual Technical Conference, FREENIX Track, pp. 41\u201346 (2005)"},{"key":"1_CR9","unstructured":"Innotek: Virtualbox (Last accessed, September 2007), http:\/\/www.virtualbox.org\/"},{"key":"1_CR10","unstructured":"Intel: Vanderpool Technology (2005), http:\/\/www.intel.com\/technology\/computing\/vptech"},{"key":"1_CR11","unstructured":"AMD: AMD64 Architecture Programmer\u2019s Manual Volume 2: System Programming, 3.12 edition (September 2006)"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Dunlap, G., King, S., Cinar, S., Basrai, M., Chen, P.: ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay. In: Proc. USENIX Symposium on Operating Systems Design and Implementation (OSDI 2002) (2002)","DOI":"10.1145\/1060289.1060309"},{"key":"1_CR13","doi-asserted-by":"crossref","unstructured":"Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A Virtual Machine-Based Platform for Trusted Computing. In: Proc. of ACM Symposium on Operating System Principles (SOSP 2003) (October 2003)","DOI":"10.1145\/945445.945464"},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-540-74320-0_11","volume-title":"Recent Advances in Intrusion Detection","author":"X. Jiang","year":"2007","unstructured":"Jiang, X., Wang, X.: \u201cOut-of-the-Box\u201d Monitoring of VM-Based High-Interaction Honeypots. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 198\u2013218. Springer, Heidelberg (2007)"},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"Joshi, A., King, S., Dunlap, G., Chen, P.: Detecting Past and Present Intrusions through Vulnerability-specific Predicates. In: Proc. ACM Symposium on Operating Systems Principles (SOSP 2005), pp. 91\u2013104 (2005)","DOI":"10.1145\/1095810.1095820"},{"key":"1_CR16","unstructured":"Riley, R., Jiang, X., Xu, D.: Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing. Technical report CERIAS TR 2001-146, Purdue University"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Arbaugh, W.A., Farber, D.J., Smith, J.M.: A Secure and Reliable Bootstrap Architecture. In: Proceedings of IEEE Symposium on Security and Privacy, May 1997, pp. 65\u201371 (1997)","DOI":"10.1109\/SECPRI.1997.601317"},{"key":"1_CR18","unstructured":"sd, devik: Linux on-the-fly Kernel Patching without LKM. Phrack\u00a011(58) Article 7"},{"key":"1_CR19","unstructured":"fuzen_op: Fu rootkit (Last accessed, September 2007), http:\/\/www.rootkit.com\/project.php?id=12"},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In: Proceedings of the ACM Conference on Computer and Communications Security (CCS 2007) (October 2007)","DOI":"10.1145\/1315245.1315313"},{"key":"1_CR21","unstructured":"Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.: Non-Control-Data Attacks Are Realistic Threats. In: Proceedings of the 14th USENIX Security Symposium (August 2005)"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Baliga, A., Kamat, P., Iftode, L.: Lurking in the Shadows: Identifying Systemic Threats to Kernel Data. In: Proc. of IEEE Symposium on Security and Privacy (Oakland 2007) (May 2007)","DOI":"10.1109\/SP.2007.25"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control Flow Integrity: Principles, Implementations, and Applications. In: Proc. ACM Conference on Computer and Communications Security (CCS 2005) (November 2005)","DOI":"10.1145\/1102120.1102165"},{"key":"1_CR24","unstructured":"Grizzard, J.B.: Towards Self-Healing Systems: Re-establishing Trust in Compromised Systems. Ph.D. Thesis, Georgia Institute of Technology (May 2006)"},{"key":"1_CR25","unstructured":"Castro, M., Costa, M., Harris, T.: Securing Software by Enforcing Data-Flow Integrity. In: Proc. of USENIX Symposium on Operating Systems Design and Implementation (OSDI 2006) (2006)"},{"key":"1_CR26","unstructured":"Klein, T.: Scooby Doo - VMware Fingerprint Suite (2003), http:\/\/www.trapkit.de\/research\/vmm\/scoopydoo\/index.html"},{"key":"1_CR27","unstructured":"Rutkowska, J.: Red Pill: Detect VMM Using (Almost) One CPU Instruction (November 2004), http:\/\/invisiblethings.org\/papers\/redpill.html"},{"key":"1_CR28","unstructured":"F-Secure Corporation: Agobot, http:\/\/www.f-secure.com\/v-descs\/agobot.shtml"},{"key":"1_CR29","unstructured":"Kortchinsky, K.: Honeypots: Counter Measures to VMware Fingerprinting (January 2004), http:\/\/seclists.org\/lists\/honeypots\/2004\/Jan-Mar\/0015.html"},{"key":"1_CR30","unstructured":"Liston, T., Skoudis, E.: On the Cutting Edge: Thwarting Virtual Machine Detection (2006), http:\/\/handlers.sans.org\/tliston\/ThwartingVMDetection_Liston_Skoudis.pdf"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. In: Proc. of the 13th Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2008) (March 2008)","DOI":"10.1145\/1346281.1346284"},{"key":"1_CR32","unstructured":"Microsoft Corporation: Driver Signing for Windows, http:\/\/www.microsoft.com\/resources\/documentation\/windows\/xp\/all\/proddocs\/en-us\/code_signing.mspx?mfr=true"},{"key":"1_CR33","series-title":"Lecture Notes in Computer Science","first-page":"91","volume-title":"Advances in Computer Systems Architecture","author":"C. Kruegel","year":"2004","unstructured":"Kruegel, C., Robertson, W., Vigna, G.: Detecting Kernel-Level Rootkits Through Binary Analysis. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol.\u00a03189, pp. 91\u2013100. Springer, Heidelberg (2004)"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"Zhang, X., van Doorn, L., Jaeger, T., Perez, R., Sailer, R.: Secure Coprocessor-based Intrusion Detection. In: Proceedings of the 10th ACM SIGOPS European Workshop, pp. 239\u2013242 (2002)","DOI":"10.1145\/1133373.1133423"},{"key":"1_CR35","doi-asserted-by":"crossref","unstructured":"Wang, Y.M., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting Stealth Software with Strider GhostBuster. In: Proc. IEEE International Conference on Dependable Systems and Networks (DSN 2005), pp. 368\u2013377 (2005)","DOI":"10.1109\/DSN.2005.39"},{"key":"1_CR36","unstructured":"Kennell, R., Jamieson, L.H.: Establishing the Genuinity of Remote Computer Systems. In: Proc. of the 12th USENIX Security Symposium (August 2003)"},{"key":"1_CR37","doi-asserted-by":"crossref","unstructured":"Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based Policy Enforcement for Remote Access. In: Proc. of ACM Conference on Computer and Communications Security (CCS 2004) (October 2004)","DOI":"10.1145\/1030083.1030125"},{"key":"1_CR38","unstructured":"Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proc. of the 13th USENIX Security Symposium (August 2004)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87403-4_1.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,23]],"date-time":"2020-11-23T21:37:24Z","timestamp":1606167444000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87403-4_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540874027","9783540874034"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87403-4_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}