{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T16:26:33Z","timestamp":1732033593089},"publisher-location":"Berlin, Heidelberg","reference-count":44,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642161605"},{"type":"electronic","value":"9783642161612"}],"license":[{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-16161-2_10","type":"book-chapter","created":{"date-parts":[[2010,11,26]],"date-time":"2010-11-26T22:17:14Z","timestamp":1290809834000},"page":"162-180","source":"Crossref","is-referenced-by-count":7,"title":["Transparent Protection of Commodity OS Kernels Using Hardware Virtualization"],"prefix":"10.1007","author":[{"given":"Michael","family":"Grace","sequence":"first","affiliation":[]},{"given":"Zhi","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Deepa","family":"Srinivasan","sequence":"additional","affiliation":[]},{"given":"Jinku","family":"Li","sequence":"additional","affiliation":[]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Zhenkai","family":"Liang","sequence":"additional","affiliation":[]},{"given":"Siarhei","family":"Liakh","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"10_CR1","unstructured":"W\u2009\u2227\u2009X, \n                    \n                      http:\/\/en.wikipedia.org\/wiki\/W_xor_X"},{"key":"10_CR2","unstructured":"Rootkit Numbers Rocketing UP, McAfee Says (2006), \n                    \n                      http:\/\/news.cnet.com\/2100-7349_3-6061878.html"},{"key":"10_CR3","unstructured":"AMD Virtualization (AMD-V) Technology (2009), \n                    \n                      http:\/\/sites.amd.com\/us\/business\/it-solutions\/usage-models\/virtualization\/Pages\/amd-v.aspx"},{"key":"10_CR4","unstructured":"Cooperation Grows in Fight Against Cybercrime (2010), \n                    \n                      http:\/\/www.avertlabs.com\/research\/blog\/index.php\/category\/rootkits-and-stealth-malware\/"},{"key":"10_CR5","unstructured":"Intel 64 and IA-32 Architectures Software Developers Manual, Volume 3B: System Programming Guide (2010), \n                    \n                      http:\/\/www.intel.com\/assets\/pdf\/manual\/253669.pdf"},{"issue":"1","key":"10_CR6","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1609956.1609960","volume":"13","author":"M. Abadi","year":"2009","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-Flow Integrity Principles, Implementations, and Applications. ACM Transactions on Information and System Security\u00a013(1), 1\u201340 (2009)","journal-title":"ACM Transactions on Information and System Security"},{"key":"10_CR7","unstructured":"Apache Http Server Project, \n                    \n                      http:\/\/httpd.apache.org\/"},{"key":"10_CR8","unstructured":"ab - Apache Benchmarking Tool, \n                    \n                      http:\/\/httpd.apache.org\/docs\/2.2\/programs\/ab.html"},{"key":"10_CR9","first-page":"164","volume-title":"SOSP 2003: Proceedings of the 19th ACM Symposium on Operating Systems Principles","author":"P. Barham","year":"2003","unstructured":"Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T.L., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. In: SOSP 2003: Proceedings of the 19th ACM Symposium on Operating Systems Principles, pp. 164\u2013177. ACM, New York (2003)"},{"key":"10_CR10","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1145\/1455770.1455776","volume-title":"CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security","author":"E. Buchanan","year":"2008","unstructured":"Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC. In: CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 27\u201338. ACM, New York (2008)"},{"key":"10_CR11","first-page":"147","volume-title":"OSDI 2006: Proceedings of the 7th Symposium on Operating Systems Design and Implementation","author":"M. Castro","year":"2006","unstructured":"Castro, M., Costa, M., Harris, T.: Securing Software by Enforcing Data-Flow Integrity. In: OSDI 2006: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 147\u2013160. USENIX Association, Berkeley (2006)"},{"key":"10_CR12","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1145\/1346281.1346284","volume-title":"ASPLOS XIII: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems","author":"X. Chen","year":"2008","unstructured":"Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.: Overshadow: A Virtualization-based Approach to Retrofitting Protection in Commodity Operating Systems. In: ASPLOS XIII: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 2\u201313. ACM, New York (2008)"},{"key":"10_CR13","first-page":"211","volume-title":"OSDI 2002: Proceedings of the 5th Symposium on Operating Systems Design and Implementation","author":"G.W. Dunlap","year":"2002","unstructured":"Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: ReVirt: Enabling Intrusion Analysis Through Virtual-Machine Logging and Replay. In: OSDI 2002: Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pp. 211\u2013224. ACM, New York (2002)"},{"key":"10_CR14","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of the Network and Distributed Systems Security Symposium, pp. 191\u2013206 (2003)"},{"key":"10_CR15","unstructured":"Grizzard, J.B.: Towards Self-Healing Systems: Re-establishing Trust in Compromised Systems. Ph.D. thesis, Georgia Institute of Technology (2006)"},{"key":"10_CR16","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. In: Security 2009: Proceedings of the 18th USENIX Security Symposium (2009)"},{"key":"10_CR17","first-page":"128","volume-title":"CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security","author":"X. Jiang","year":"2007","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy Malware Detection through VMM-based \u201cOut-of-the-Box\u201d Semantic View Reconstruction. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 128\u2013138. ACM, New York (2007)"},{"key":"10_CR18","unstructured":"Klein, T.: ScoopyNG (2010), \n                    \n                      http:\/\/www.trapkit.de\/research\/vmm\/scoopyng\/"},{"key":"10_CR19","unstructured":"Kortchinsky, K.: Honeypots: Counter Measures to VMware Fingerprinting (2004), \n                    \n                      http:\/\/seclists.org\/lists\/honeypots\/2004\/Jan-Mar\/0015.html"},{"key":"10_CR20","unstructured":"Liakh, S., Jiang, X.: [2\/4,tip:x86\/mm] Set First MB as RW+NX (2010), \n                    \n                      https:\/\/patchwork.kernel.org\/patch\/90048\/"},{"key":"10_CR21","unstructured":"Liakh, S., Jiang, X.: [3\/4,tip:x86\/mm] NX Protection for Kernel Data (2010), \n                    \n                      https:\/\/patchwork.kernel.org\/patch\/90046\/"},{"key":"10_CR22","unstructured":"Liakh, S., Jiang, X.: [4\/4,tip:x86\/mm] RO\/NX Protection for Loadable Kernel Modules (2010), \n                    \n                      https:\/\/patchwork.kernel.org\/patch\/90047\/"},{"key":"10_CR23","unstructured":"Liston, T., Skoudis, E.: On the Cutting Edge: Thwarting Virtual Machine Detection (2006), \n                    \n                      http:\/\/handlers.sans.org\/tliston\/ThwartingVMDetection_Liston_Skoudis.pdf"},{"key":"10_CR24","unstructured":"LMbench - Tools for Performance Analysis (1998), \n                    \n                      http:\/\/www.bitmover.com\/lmbench\/"},{"key":"10_CR25","doi-asserted-by":"crossref","unstructured":"Lombardi, F., Di Pietro, R.: KvmSec: A Security Extension for Linux Kernel Virtual Machines. In: SAC 2009: Proceedings of the 2009 ACM Symposium on Applied Computing, New York, NY, pp. 2029\u20132034 (2009)","DOI":"10.1145\/1529282.1529733"},{"key":"10_CR26","first-page":"151","volume-title":"VEE 2008: Proceedings of the 4th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments","author":"D.G. Murray","year":"2008","unstructured":"Murray, D.G., Milos, G., Hand, S.: Improving Xen Security through Disaggregation. In: VEE 2008: Proceedings of the 4th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments, pp. 151\u2013160. ACM, New York (2008)"},{"key":"10_CR27","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1109\/SP.2008.24","volume-title":"Oakland 2008: IEEE Symposium on Security and Privacy (S&P 2008)","author":"B.D. Payne","year":"2008","unstructured":"Payne, B.D., Carbone, M., Sharif, M.I., Lee, W.: Lares: An Architecture for Secure Active Monitoring Using Virtualization. In: Oakland 2008: IEEE Symposium on Security and Privacy (S&P 2008), pp. 233\u2013247. IEEE Computer Society, Los Alamitos (2008)"},{"key":"10_CR28","first-page":"179","volume-title":"Security 2004: Proceedings of the 13th USENIX Security Symposium","author":"N.L. Petroni Jr.","year":"2004","unstructured":"Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - A Coprocessor-based Kernel Runtime Integrity Monitor. In: Security 2004: Proceedings of the 13th USENIX Security Symposium, pp. 179\u2013194. USENIX Association, Berkeley (2004)"},{"key":"10_CR29","unstructured":"Petroni, Jr., N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An Architecture for Specification-based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In: Security 2006: Proceedings of the 15th USENIX Security Symposium, pp. 289\u2013304. USENIX Association, Berkeley (2006)"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Petroni, Jr., N.L., Hicks, M.: Automated Detection of Persistent Kernel Control-Flow Attacks. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 103\u2013115 (2007)","DOI":"10.1145\/1315245.1315260"},{"key":"10_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-87403-4_1","volume-title":"Recent Advances in Intrusion Detection","author":"R. Riley","year":"2008","unstructured":"Riley, R., Jiang, X., Xu, D.: Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 1\u201320. Springer, Heidelberg (2008)"},{"key":"10_CR32","first-page":"81","volume-title":"VEE 2008: Proceedings of the 4th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments","author":"N.E. Rosenblum","year":"2008","unstructured":"Rosenblum, N.E., Cooksey, G., Miller, B.P.: Virtual Machine-provided Context Sensitive Page Mappings. In: VEE 2008: Proceedings of the 4th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments, pp. 81\u201390. ACM, New York (2008)"},{"key":"10_CR33","unstructured":"Rutkowska, J.: Red Pill (2004), \n                    \n                      http:\/\/invisiblethings.org\/papers\/redpill.html"},{"key":"10_CR34","unstructured":"Rutkowska, J.: System Virginity Verifier: Defining the Roadmap for Malware Detection on Windows System (2005), \n                    \n                      http:\/\/www.invisiblethings.org\/papers\/hitb05_virginity_verifier.ppt"},{"key":"10_CR35","unstructured":"Rutkowska, J., Wojtczuk, R.: Qubes OS Architecture (2010), \n                    \n                      http:\/\/qubes-os.org\/"},{"key":"10_CR36","first-page":"335","volume-title":"SOSP 2007: Proceedings of the 21st ACM SIGOPS Symposium on Operating Systems Principles","author":"A. Seshadri","year":"2007","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel code Integrity for Commodity OSes. In: SOSP 2007: Proceedings of the 21st ACM SIGOPS Symposium on Operating Systems Principles, pp. 335\u2013350. ACM, New York (2007)"},{"key":"10_CR37","first-page":"552","volume-title":"CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security","author":"H. Shacham","year":"2007","unstructured":"Shacham, H.: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552\u2013561. ACM, New York (2007)"},{"key":"10_CR38","first-page":"477","volume-title":"CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security","author":"M.I. Sharif","year":"2009","unstructured":"Sharif, M.I., Lee, W., Cui, W., Lanzi, A.: Secure In-VM Monitoring Using Hardware Virtualization. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 477\u2013487. ACM, New York (2009)"},{"key":"10_CR39","unstructured":"Sparks, S., Butler, J.: Shadow Walker.: Raising the Bar for Rootkit Detection. In: Black Hat Japan (2005)"},{"key":"10_CR40","first-page":"368","volume-title":"DSN 2005: Proceedings of the 2005 International Conference on Dependable Systems and Networks","author":"Y.M. Wang","year":"2005","unstructured":"Wang, Y.M., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting Stealth Software with Strider GhostBuster. In: DSN 2005: Proceedings of the 2005 International Conference on Dependable Systems and Networks, pp. 368\u2013377. IEEE Computer Society, Los Alamitos (2005)"},{"key":"10_CR41","doi-asserted-by":"publisher","first-page":"380","DOI":"10.1109\/SP.2010.30","volume-title":"Oakland 2010: IEEE Symposium on Security and Privacy (S&P 2010)","author":"Z. Wang","year":"2010","unstructured":"Wang, Z., Jiang, X.: HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In: Oakland 2010: IEEE Symposium on Security and Privacy (S&P 2010), pp. 380\u2013398. IEEE Computer Society, Los Alamitos (2010)"},{"key":"10_CR42","first-page":"545","volume-title":"CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security","author":"Z. Wang","year":"2009","unstructured":"Wang, Z., Jiang, X., Cui, W., Ning, P.: Countering Kernel Rootkits with Lightweight Hook Protection. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 545\u2013554. ACM, New York (2009)"},{"key":"10_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-87403-4_2","volume-title":"Recent Advances in Intrusion Detection","author":"Z. Wang","year":"2008","unstructured":"Wang, Z., Jiang, X., Cui, W., Wang, X.: Countering Persistent Kernel Rootkits through Systematic Hook Discovery. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 21\u201338. Springer, Heidelberg (2008)"},{"key":"10_CR44","first-page":"127","volume-title":"Oakland 2005: Proceedings of the 2005 IEEE Symposium on Security and Privacy (S&P 2005)","author":"G. Wurster","year":"2005","unstructured":"Wurster, G., Oorschot, P.C.v., Somayaji, A.: A Generic Attack on Checksumming-Based Software Tamper Resistance. In: Oakland 2005: Proceedings of the 2005 IEEE Symposium on Security and Privacy (S&P 2005), pp. 127\u2013138. IEEE Computer Society, Los Alamitos (2005)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-16161-2_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,3,22]],"date-time":"2019-03-22T09:57:02Z","timestamp":1553248622000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-16161-2_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642161605","9783642161612"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-16161-2_10","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2010]]}}}