{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,29]],"date-time":"2026-03-29T16:30:29Z","timestamp":1774801829048,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":51,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642138683","type":"print"},{"value":"9783642138690","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-13869-0_10","type":"book-chapter","created":{"date-parts":[[2010,6,29]],"date-time":"2010-06-29T11:24:20Z","timestamp":1277810660000},"page":"141-165","source":"Crossref","is-referenced-by-count":10,"title":["Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture"],"prefix":"10.1007","author":[{"given":"Amit","family":"Vasudevan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jonathan M.","family":"McCune","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ning","family":"Qu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Leendert","family":"van Doorn","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Adrian","family":"Perrig","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"10_CR1","unstructured":"Elevated privileges. CVE-2007-4993 (2007)"},{"key":"10_CR2","unstructured":"Multiple integer overflows allow execution of arbitrary code. CVE-2007-5497 (2007)"},{"key":"10_CR3","unstructured":"The CPU hardware emulation does not properly handle the Trap flag. CVE-2008-4915 (under review) (2008)"},{"key":"10_CR4","unstructured":"Directory traversal vulnerability in the shared folders feature. CVE-2008-0923 (under review) (2008)"},{"key":"10_CR5","unstructured":"Multiple buffer overflows in openwsman allow remote attackers to execute arbitrary code. CVE-2008-2234 (2008)"},{"key":"10_CR6","unstructured":"AMD64 virtualization: Secure virtual machine architecture reference manual. AMD Publication no. 33047 rev. 3.01 (2005)"},{"key":"10_CR7","unstructured":"Anderson, J.P.: Computer security technology planning study. Technical Report ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB (1972)"},{"key":"10_CR8","unstructured":"Boileau, A.: Hit by a bus: Physical access attacks with firewire. RuxCon (2006)"},{"key":"10_CR9","unstructured":"Bratus, S., D\u2019Cunha, N., Sparks, E., Smith, S.W.: TOCTOU, traps, and trusted computing. In: Proc. Conference on Trusted Computing and Trust in Information Technologies, TRUST (2008)"},{"key":"10_CR10","volume-title":"PCI Express System Architecture","author":"R. Budruk","year":"2004","unstructured":"Budruk, R., Anderson, D., Shanley, T.: PCI Express System Architecture. Addison-Wesley, Reading (2004)"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Datta, A., Franklin, J., Garg, D., Kaynar, D.: A logic of secure systems and its applications to trusted computing. In: Proc. IEEE Symposium on Security and Privacy (2009)","DOI":"10.1109\/SP.2009.16"},{"key":"10_CR12","unstructured":"Duflot, L., Levillain, O., Morin, B., Grumelard, O.: Getting into the SMRAM: SMM reloaded. In: Central Directorate for Information Systems Security (2009)"},{"key":"10_CR13","unstructured":"Findeisen, R.: Buggy south bridge in HP dc5750. Personal communication (April 2008)"},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Franklin, J., Seshadri, A., Qu, N., Chaki, S., Datta, A.: Attacking, repairing, and verifying SecVisor: A retrospective on the security of a hypervisor. CMU Cylab Technical Report CMU-CyLab-08-008 (2008)","DOI":"10.1145\/1294261.1294294"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"H\u00e4rtig, H., Hohmuth, M., Liedtke, J., Sch\u00f6nberg, S., Wolter, J.: The performance of microkernel-based systems. In: Proceedings of the ACM Symposium on Operating Systems Principles (SOSP) (October 1997)","DOI":"10.1145\/268998.266660"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Heasman, J.: Implementing and detecting a PCI rootkit. NGSSoftware Insight Security Research (2006)","DOI":"10.1016\/S1353-4858(06)70326-9"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Heasman, J.: Implementing and detecting an ACPI BIOS rootkit. Black Hat USA (2006)","DOI":"10.1016\/S1353-4858(06)70326-9"},{"key":"10_CR18","unstructured":"Heasman, J.: Hacking the extensible firware interface. Black Hat USA (2007)"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Heiser, G., Elphinstone, K., Kuz, I., Klein, G., Petters, S.M.: Towards trustworthy computing systems: Taking microkernels to the next level. In: Proc. ACM Operating Systems Review (2007)","DOI":"10.1145\/1278901.1278904"},{"key":"10_CR20","unstructured":"Hewlett-Packard, et al.: Advanced configuration and power interface specification. Revision 3.0b (October 2006)"},{"key":"10_CR21","unstructured":"Intel virtualization technology specification for the IA-32 Intel architecture. Intel Publication no. C97063-002 (April 2005)"},{"key":"10_CR22","unstructured":"Intel trusted execution technology \u2013 measured launched environment developer\u2019s guide. Document no. 315168-005 (June 2008)"},{"key":"10_CR23","unstructured":"Intel Corporation. The extensible firmware interface specification (2002), http:\/\/www.intel.com\/technology\/efi\/"},{"key":"10_CR24","unstructured":"International Organization for Standardization. Information technology \u2013 Security techniques \u2013 evaluation criteria for IT security \u2013 Part 1: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements. ISO\/IEC 15408-1, 15408-2, 15408-3 (1999)"},{"key":"10_CR25","doi-asserted-by":"crossref","unstructured":"Karger, P.A.: Multi-level security requirements for hypervisors. In: Proc. Annual Computer Security Applications Conference (ACSAC) (December 2005)","DOI":"10.1109\/CSAC.2005.41"},{"key":"10_CR26","unstructured":"Kauer, B.: OSLO: Improving the security of Trusted Computing. In: Proc. USENIX Security Symposium (August 2007)"},{"key":"10_CR27","doi-asserted-by":"crossref","unstructured":"Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal verification of an OS kernel. In: Proc. SOSP (2009)","DOI":"10.1145\/1629575.1629596"},{"key":"10_CR28","unstructured":"Microsoft. Microsoft technet MS08-067: Vulnerability in server service could allow remote code execution (2008)"},{"key":"10_CR29","unstructured":"Microsoft. Hyper-V architecture. Microsoft Developers Network (2009)"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Popek, G.J., Goldberg, R.P.: Formal requirements for virtualizable third generation architectures. ACM Comm.\u00a017 (1974)","DOI":"10.1145\/361011.361073"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proc. ACM Conference on Computer and Communications Security, CCS (2009)","DOI":"10.1145\/1653662.1653687"},{"key":"10_CR32","doi-asserted-by":"crossref","unstructured":"Robin, J.S., Irvine, C.E.: Analysis of the Intel Pentium\u2019s ability to support a secure virtual machine monitor. In: Proc. USENIX Security Symposium (2000)","DOI":"10.21236\/ADA423654"},{"key":"10_CR33","unstructured":"Roscoe, T., Elphinstone, K., Heiser, G.: Hype and virtue. In: Proc. HotOS Workshop (May 2007)"},{"key":"10_CR34","unstructured":"Rutkowska, J.: Subverting Vista kernel for fun and profit. SyScan and Black Hat Presentations (2006)"},{"key":"10_CR35","unstructured":"Sacco, A.L., Ortega, A.A.: Persistent BIOS infection. Core Security Technologies (2009)"},{"issue":"9","key":"10_CR36","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"J. Saltzer","year":"1975","unstructured":"Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proc. IEEE\u00a063(9), 1278\u20131308 (1975)","journal-title":"Proc. IEEE"},{"key":"10_CR37","unstructured":"SecuriTeam. Opteron exposed: Reverse engineering AMD K8 microcode updates. SecuriTeam Security Reviews (2004)"},{"key":"10_CR38","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Shi, E., Perrig, A., VanDoorn, L., Khosla, P.: Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In: Proc. SOSP (2005)","DOI":"10.1145\/1095810.1095812"},{"key":"10_CR39","doi-asserted-by":"crossref","unstructured":"Sheshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: Proc. SOSP (2007)","DOI":"10.1145\/1294261.1294294"},{"key":"10_CR40","unstructured":"tboot. Trusted boot (2009), http:\/\/sourceforge.net\/projects\/tboot\/"},{"key":"10_CR41","unstructured":"P.\u00a0Technologies. Phoenix securecore (2009), http:\/\/www.phoenix.com"},{"key":"10_CR42","unstructured":"tpmdd-devel. TPM driver problem on GM45. TPM Device Driver Mailing List (December 2008)"},{"key":"10_CR43","unstructured":"Trusted Computing Group. PC client specific TPM interface specification (TIS). Ver. 1.2, Rev. 1.0 (July 2005)"},{"key":"10_CR44","unstructured":"Trusted Computing Group. Trusted platform module main specification, Part 1: Design principles, Part 2: TPM structures, Part 3: Commands. Version 1.2, Revision 103 (July 2007)"},{"key":"10_CR45","unstructured":"VMware. VMware ESX server system architecture (2009), http:\/\/www.vmware.com\/support\/esx21\/doc\/esx21_admin_system_architecture.html"},{"key":"10_CR46","unstructured":"VMware Communities. ESX 3.5 or Xen 4.1? (2008), http:\/\/communities.vmware.com\/message\/900657"},{"key":"10_CR47","unstructured":"Wojtczuk, R.: Detecting and preventing the Xen hypervisor subversions. Invisible Things Lab (2008)"},{"key":"10_CR48","unstructured":"Wojtczuk, R.: Subverting the Xen hypervisor. Invisible Things Lab (2008)"},{"key":"10_CR49","unstructured":"Wojtczuk, R., Rutkowska, J.: Xen 0wning trilogy. Invisible Things Lab (2008)"},{"key":"10_CR50","unstructured":"Wojtczuk, R., Rutkowska, J.: Attacking SMM memory via Intel CPU cache poisoning. Invisible Things Lab (2009)"},{"key":"10_CR51","unstructured":"XenSource. Xen architecture overview. Version 1.2 (February 2008)"}],"container-title":["Lecture Notes in Computer Science","Trust and Trustworthy Computing"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-13869-0_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,1]],"date-time":"2023-06-01T19:52:11Z","timestamp":1685649131000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-13869-0_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642138683","9783642138690"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-13869-0_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}