{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T13:00:26Z","timestamp":1743080426815,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":24,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642236433"},{"type":"electronic","value":"9783642236440"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23644-0_2","type":"book-chapter","created":{"date-parts":[[2012,2,11]],"date-time":"2012-02-11T00:06:20Z","timestamp":1328918780000},"page":"21-40","source":"Crossref","is-referenced-by-count":6,"title":["Dymo: Tracking Dynamic Code Identity"],"prefix":"10.1007","author":[{"given":"Bob","family":"Gilbert","sequence":"first","affiliation":[]},{"given":"Richard","family":"Kemmerer","sequence":"additional","affiliation":[]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: A View on Current Malware Behaviors. In: 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (2009)"},{"key":"2_CR2","unstructured":"Bhatkar, S., DuVarney, D., Sekar, R.: Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In: 12th USENIX Security Symposium (2003)"},{"key":"2_CR3","unstructured":"Blazakis, D.: Interpreter Exploitation. In: 4th USENIX Workshop on Offensive Technologies (2010)"},{"key":"2_CR4","unstructured":"Chen, C., Xu, J., Sezer, E., Gauriar, P., Iyer, R.: Non-Control-Data Attacks Are Realistic Threats. In: 14th USENIX Security Symposium (2005)"},{"key":"2_CR5","unstructured":"Fewer, S.: Reflective DLL Injection. Tech. rep., Harmony Security (2008)"},{"key":"2_CR6","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for UNIX Processes. In: 17th IEEE Symposium on Security and Privacy (1996)"},{"key":"2_CR7","doi-asserted-by":"crossref","unstructured":"Frias-Martinez, V., Sherrick, J., Stolfo, S.J., Keromytis, A.D.: A Network Access Control Mechanism Based on Behavior Profiles. In: 25th Annual Computer Security Applications Conference (2009)","DOI":"10.1109\/ACSAC.2009.10"},{"key":"2_CR8","unstructured":"Haitsma, J., Kalker, T., Oostveen, J.: Robust Audio Hashing for Content Identification. In: 2nd International Workshop on Content-Based Multimedia Indexing (2001)"},{"key":"2_CR9","unstructured":"Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation A Virtual Machine Directed Approach to Trusted Computing. In: 3rd USENIX Virtual Machine Research and Technology Symposium (2004)"},{"issue":"4","key":"2_CR10","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1145\/54289.871709","volume":"22","author":"N. Hardy","year":"1988","unstructured":"Hardy, N.: The Confused Deputy. Operating Systems Review\u00a022(4), 36\u201338 (1988)","journal-title":"Operating Systems Review"},{"key":"2_CR11","unstructured":"Hunt, G., Brubacher, D.: Detours: Binary Interception of Win32 Functions. In: 3rd USENIX Windows NT Symposium (1999)"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Kim, G.H., Spafford, E.H.: The Design and Implementation of Tripwire: A File System Integrity Checker. In: 2nd ACM Conference on Computer and Communications Security (1994)","DOI":"10.1145\/191177.191183"},{"key":"2_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the Detection of Anomalous System Call Arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"2_CR14","unstructured":"Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor Support for Identifying Covertly Executing Binaries. In: 17th USENIX Security Symposium (2008)"},{"key":"2_CR15","unstructured":"Mandelin, D.: An Overview of TraceMonkey (July 2009), \n                    \n                      http:\/\/hacks.mozilla.org\/2009\/07\/tracemonkey-overview\/"},{"key":"2_CR16","unstructured":"Microsoft Corporation: A detailed description of the Data Execution Prevention (DEP) feature (September 2006), \n                    \n                      http:\/\/support.microsoft.com\/kb\/875352"},{"key":"2_CR17","unstructured":"Microsoft Corporation: Windows Vista Application Development Requirements for User Account Control (UAC) (April 2007), \n                    \n                      http:\/\/msdn.microsoft.com\/en-us\/library\/aa905330.aspx"},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Commodity Computers. In: 31st IEEE Symposium on Security and Privacy (2010)","DOI":"10.1109\/SP.2010.32"},{"key":"2_CR19","unstructured":"Ramachandran, A., Bhandankar, K., Tariq, M.B., Feamster, N.: Packets with Provenance. Tech. Rep. GT-CS-08-02, Georgia Institute of Technology (2008)"},{"key":"2_CR20","unstructured":"Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: 13th USENIX Security Symposium (2004)"},{"issue":"9","key":"2_CR21","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"J.H. Saltzer","year":"1975","unstructured":"Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE\u00a063(9), 1278\u20131308 (1975)","journal-title":"Proceedings of the IEEE"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In: 14th ACM Conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"2_CR23","unstructured":"Zeigler, A.: IE8 and Loosely-Coupled IE (LCIE) (March 2008), \n                    \n                      http:\/\/blogs.msdn.com\/b\/ie\/archive\/2008\/03\/11\/ie8-and-loosely-coupled-ie-lcie.aspx"},{"key":"2_CR24","unstructured":"Zetter, K.: Google Hack Attack Was Ultra Sophisticated, New Details Show (January 2010), \n                    \n                      http:\/\/www.wired.com\/threatlevel\/2010\/01\/operation-aurora\/"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23644-0_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,4,27]],"date-time":"2019-04-27T12:15:18Z","timestamp":1556367318000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23644-0_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642236433","9783642236440"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23644-0_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}