{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T10:53:35Z","timestamp":1725533615195},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642029172"},{"type":"electronic","value":"9783642029189"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-02918-9_4","type":"book-chapter","created":{"date-parts":[[2009,6,26]],"date-time":"2009-06-26T14:15:11Z","timestamp":1246025711000},"page":"48-67","source":"Crossref","is-referenced-by-count":4,"title":["Shepherding Loadable Kernel Modules through On-demand Emulation"],"prefix":"10.1007","author":[{"given":"Chaoting","family":"Xuan","sequence":"first","affiliation":[]},{"given":"John","family":"Copeland","sequence":"additional","affiliation":[]},{"given":"Raheem","family":"Beyah","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"4_CR1","unstructured":"Rutkowska, J.: Subverting Vista Kernel for Fun and Profit (2006), http:\/\/www.invisiblethings.org\/papers.html"},{"key":"4_CR2","unstructured":"Garfinkel, T., Rosenblum, M.: AVirtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of the Symposium on Network and Distributed System Security, NDSS (2003)"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Zhang, X., van Doorn, L., Jaeger, T., Perez, R., Sailer, R.: Secure Coprocessor-based Intrusion Detection. In: Proceedings of the ACM SIGOPS European Workshop (2002)","DOI":"10.1145\/1133373.1133423"},{"key":"4_CR4","unstructured":"Petroni, N.L., Fraser, T., Molinz, J., Arbaugh, W.A.: Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor. In: Proceedings of the USENIX Security Symposium (2004)"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Petroni, N.L., Hicks, M.: Automated Detection of Persistent Kernel Control-Flow Attacks. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2007)","DOI":"10.1145\/1315245.1315260"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy Malware Detection through VMM-Based \u201dOut-of-the-Box\u201d Semantic View Recontruction. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"4_CR7","unstructured":"Rutkowska, J.: Introducing Stealth Malware Taxonomy (2006), http:\/\/www.invisiblethings.org\/papers.html"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Baliga, A., Kamat, P., Iftode, L.: Lurking in the Shadows: Identifying Systemic Threats to Kernel Data. In: Proceedings of IEEE Symposium on Security and Privacy (2007)","DOI":"10.1109\/SP.2007.25"},{"key":"4_CR9","unstructured":"BroFrancis, M.D., Ellick, M.C., Jeffery, C.C., Roy, C.: Cloaker: Hardware Supported Rootkit Concealment. In: Proceedings of IEEE Symposium on Security and Privacy (2008)"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Heasman, J.: Implementing and Detecting a PCI Rootkit. Technical report, next Generation Security Software Ltd. (November 2006)","DOI":"10.1016\/S1353-4858(06)70326-9"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Heasman, J.: Implementing and Detecing an ACPI BIOS Rootkit. In: Black Hat Europe, Amsterdam (March 2006)","DOI":"10.1016\/S1353-4858(06)70326-9"},{"key":"4_CR12","unstructured":"Bellard, F.: Qemu and Kqemu (2008), http:\/\/fabrice.bellard.free.fr\/qemu\/"},{"key":"4_CR13","first-page":"314","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"S.T. King","year":"2006","unstructured":"King, S.T., Chen, P.M., Wang, Y.M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: Implementing malware with virtual machines. In: Proceedings of the IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 314\u2013327. IEEE Computer Society, Los Alamitos (2006)"},{"key":"4_CR14","unstructured":"Blue Pill, http:\/\/bluepillproject.org\/"},{"key":"4_CR15","unstructured":"Scythale. Hacking deeper in the system, http:\/\/www.phrack.com\/"},{"key":"4_CR16","unstructured":"Truff. Infecting Loadable Kernel Module, http:\/\/www.phrack.com\/"},{"key":"4_CR17","unstructured":"Bonnie, http:\/\/www.textuality.com\/bonnie\/"},{"key":"4_CR18","unstructured":"Iperf, http:\/\/dast.nlanr.net\/Projects\/Iperf\/"},{"key":"4_CR19","unstructured":"McVoy, L.W., Staelin, C.: Lmbench: Portable Tools for Performance Analysis. In: Proceedings of the USENIX Annual Technical Conference, pp. 279\u2013294 (1996)"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Ho, A., Fetterman, M., Clark, C., Warfield, A., Hand, S.: Practical Taint-Based Protection using Demand Emulation. In: Proceedings of the ACM SIGOPS\/EuroSys European Conference on Computer Systems (2006)","DOI":"10.1145\/1217935.1217939"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. In: Proceedings of the ACM Symposium on Operating systems Princeiples, SOSP (2005)","DOI":"10.1145\/1095810.1095812"},{"key":"4_CR22","unstructured":"Microsoft. Windows Kernel Patch Protection (2008), http:\/\/www.microsoft.com\/whdc\/driver\/kernel\/64bitpatching.mspx"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Kim, G., Spafford, E.: The Design and Implementation of Tripwire: A File system Integrity Checker. Technical report, Purdue University (1993)","DOI":"10.1145\/191177.191183"},{"key":"4_CR24","unstructured":"Petroni, N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In: Proceedings of the USENIX Security Symposium (2006)"},{"key":"4_CR25","unstructured":"Wang, Y.M., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting Stealth Software with Strider GhostBuster. In: Proceeding of International Conference on Denpendable Network Systems, DSN (2005)"},{"key":"4_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-540-74320-0_12","volume-title":"Recent Advances in Intrusion Detection","author":"J. Wilhelm","year":"2007","unstructured":"Wilhelm, J., Chiueh, T.: A Forced Sampled Execution Approach to Kernel Rootkit Identification. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 219\u2013235. Springer, Heidelberg (2007)"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Kruegel, B.C., Robertson, W., Vigna, G.: Detecting Kernel-Level Rootkits Through Binary Analysis. In: Proceedings of the 20th Annual Computer Security Applications Conference, ACSAC (2004)","DOI":"10.1109\/CSAC.2004.19"},{"key":"4_CR28","volume-title":"Rootkits: Subverting the Windows Kernel","author":"G. Hoglund","year":"2005","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, Reading (2005)"},{"key":"4_CR29","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.P.: Secure execurtion via program shepherding. In: Proceedings of the USENIX Security Symposium (2002)"},{"key":"4_CR30","unstructured":"Security-Ehanced Linux, http:\/\/www.nsa.gov\/selinux\/"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Guarantee Lifetime Kernel Code Integrity for Commodity OSes. In: Proceedings of the ACM Symposium on Operating Systems Principles, SOSP (2007)","DOI":"10.1145\/1294261.1294294"},{"key":"4_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-87403-4_1","volume-title":"Recent Advances in Intrusion Detection","author":"R. Riley","year":"2008","unstructured":"Riley, R., Jiang, X., Xu, D.: Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 1\u201320. Springer, Heidelberg (2008)"},{"key":"4_CR33","unstructured":"Windows Vista Security Blog, http:\/\/blogs.msdn.com\/windowsvistasecurity\/archive\/2007\/08\/16\/driver-signing-kernel-patch-protection-and-kpp-driver-signing.aspx"},{"key":"4_CR34","unstructured":"Windows Driver Signing, http:\/\/www.microsoft.com\/"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: VMM-based hidden process detection and identification using Lycosid. In: Proceedings of the 4th International Conference on Virtual Execution Environments (VEE) (March 2008)","DOI":"10.1145\/1346256.1346269"},{"key":"4_CR36","unstructured":"Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor Suppot for Idnetifying Covertly Executing Binaries. In: Proceedings of the USENIX Security Symposium (2008)"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Baliga, A., Ganapathy, V., Iftode, L.: Automatic Inference and Enforcement of Kernel Data Structure Invariants. In: Proceedings of the 24th Annual Computer Security Applications Conference, ACSAC (2008)","DOI":"10.1109\/ACSAC.2008.29"},{"key":"4_CR38","unstructured":"Yin, H., Liang, Z., Song, D.: Hookfinder: Identifying and understanding malware hooking behaviors. In: Proceeding of the Annual Network and distributed System Security Symposium, NDSS (2008)"},{"key":"4_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-87403-4_2","volume-title":"Recent Advances in Intrusion Detection","author":"Z. Wang","year":"2008","unstructured":"Wang, Z., Jiang, X., Cui, W., Wang, X.: Countering Persistent Kernel Rootkits Through Systematic Hook Discovery. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 21\u201338. Springer, Heidelberg (2008)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-02918-9_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,21]],"date-time":"2019-05-21T03:20:32Z","timestamp":1558408832000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-02918-9_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642029172","9783642029189"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-02918-9_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}