{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T14:34:28Z","timestamp":1773326068294,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642248634","type":"print"},{"value":"9783642248641","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-24864-1_11","type":"book-chapter","created":{"date-parts":[[2011,10,17]],"date-time":"2011-10-17T16:34:47Z","timestamp":1318869287000},"page":"151-164","source":"Crossref","is-referenced-by-count":8,"title":["Real-Time Detection of Covert Channels in Highly Virtualized Environments"],"prefix":"10.1007","author":[{"given":"Anyi","family":"Liu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jim","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Li","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"11_CR1","first-page":"296","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"D. Agrawal","year":"2007","unstructured":"D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi and B. Sunar, Trojan detection using IC fingerprinting, Proceedings of the IEEE Symposium on Security and Privacy, pp. 296\u2013310, 2007."},{"key":"11_CR2","unstructured":"Amazon, Amazon Elastic Compute Cloud (Amazon EC2), Seattle, Washington (aws.amazon.com\/ec2)."},{"key":"11_CR3","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-0-387-77322-3_5","volume-title":"Insider Attack and Cyber Security: Beyond the Hacker","author":"M. Ben Salem","year":"2008","unstructured":"M. Ben Salem, S. Hershkop and S. Stolfo, A survey of insider attack detection research, in Insider Attack and Cyber Security: Beyond the Hacker, S. Stolfo, S. Bellovin, S. Hershkop, A. Keromytis, S. Sinclair and S. Smith (Eds.), Springer, New York, pp. 69\u201390, 2008."},{"key":"11_CR4","volume-title":"Proceedings of the Second Annual Workshop on Flow Analysis","author":"V. Berk","year":"2005","unstructured":"V. Berk, A. Giani and G. Cybenko, Covert channel detection using process query systems, Proceedings of the Second Annual Workshop on Flow Analysis, 2005."},{"key":"11_CR5","first-page":"78","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"K. Borders","year":"2006","unstructured":"K. Borders, X. Zhao and A. Prakash, Siren: Catching evasive malware, Proceedings of the IEEE Symposium on Security and Privacy, pp. 78\u201385, 2006."},{"key":"11_CR6","unstructured":"S. Cabuk, Network Covert Channels: Design, Analysis, Detection and Elimination, Ph.D. Thesis, Department of Electrical and Computer Engineering, Purdue University, West Lafayette, Indiana, 2006."},{"key":"11_CR7","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1145\/1030083.1030108","volume-title":"Proceedings of the Eleventh ACM Conference on Computer and Communications Security","author":"S. Cabuk","year":"2004","unstructured":"S. Cabuk, C. Brodley and C. Shields, IP covert timing channels: Design and detection, Proceedings of the Eleventh ACM Conference on Computer and Communications Security, pp. 178\u2013187, 2004."},{"key":"11_CR8","doi-asserted-by":"publisher","DOI":"10.1002\/9781118165881","volume-title":"Nonparametric Statistics for Non-Statisticians: A Step-by-Step Approach","author":"G. Corder","year":"2009","unstructured":"G. Corder and D. Foreman, Nonparametric Statistics for Non-Statisticians: A Step-by-Step Approach, John Wiley, Hoboken, New Jersey, 2009."},{"key":"11_CR9","volume-title":"Pattern Classification","author":"R. Duda","year":"2001","unstructured":"R. Duda, P. Hart and D. Stork, Pattern Classification, John Wiley, New York, 2001."},{"key":"11_CR10","first-page":"18","volume-title":"Proceedings of the Fifth International Workshop on Information Hiding","author":"G. Fisk","year":"2002","unstructured":"G. Fisk, M. Fisk, C. Papadopoulos and J. Neil, Eliminating steganography in Internet traffic with active wardens, Proceedings of the Fifth International Workshop on Information Hiding, pp. 18\u201335, 2002."},{"key":"11_CR11","first-page":"307","volume-title":"Proceedings of the Fourteenth ACM Conference on Computer and Communications Security","author":"S. Gianvecchio","year":"2007","unstructured":"S. Gianvecchio and H. Wang, Detecting covert timing channels: An entropy-based approach, Proceedings of the Fourteenth ACM Conference on Computer and Communications Security, pp. 307\u2013316, 2007."},{"key":"11_CR12","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/978-3-540-87403-4_12","volume-title":"Proceedings of the Eleventh International Symposium on Recent Advances in Intrusion Detection","author":"S. Gianvecchio","year":"2008","unstructured":"S. Gianvecchio, H. Wang, D. Wijesekera and S. Jajodia, Model-based covert timing channels: Automated modeling and evasion, Proceedings of the Eleventh International Symposium on Recent Advances in Intrusion Detection, pp. 211\u2013230, 2008."},{"key":"11_CR13","volume-title":"2006 CSI\/FBI Computer Crime and Security Survey","author":"L. Gordon","year":"2006","unstructured":"L. Gordon, M. Loeb, W. Lucyshyn and R. Richardson, 2006 CSI\/FBI Computer Crime and Security Survey, Computer Security Institute, San Francisco, California, 2006."},{"key":"11_CR14","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1145\/1266840.1266853","volume-title":"Proceedings of the Twelfth ACM Symposium on Access Control Models and Technologies","author":"T. Jaeger","year":"2007","unstructured":"T. Jaeger, R. Sailer and Y. Sreenivasan, Managing the risk of covert information flows in virtual machine systems, Proceedings of the Twelfth ACM Symposium on Access Control Models and Technologies, pp. 81\u201390, 2007."},{"key":"11_CR15","doi-asserted-by":"crossref","first-page":"279","DOI":"10.1145\/1455770.1455806","volume-title":"Proceedings of the Fifteenth ACM Conference on Computer and Communications Security","author":"J. Jung","year":"2008","unstructured":"J. Jung, A. Sheth, B. Greenstein, D. Wetherall, G. Maganis and T. Kohno, Privacy Oracle: A system for finding application leaks with black box differential testing, Proceedings of the Fifteenth ACM Conference on Computer and Communications Security, pp. 279\u2013288, 2008."},{"key":"11_CR16","first-page":"352","volume-title":"Proceedings of the Twenty-First Annual Computer Security Applications Conference","author":"M. Kang","year":"2005","unstructured":"M. Kang, I. Moskowitz and S. Chincheck, The pump: A decade of covert fun, Proceedings of the Twenty-First Annual Computer Security Applications Conference, pp. 352\u2013360, 2005."},{"key":"11_CR17","first-page":"144","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"M. Kang","year":"1995","unstructured":"M. Kang, I. Moskowitz and D. Lee, A network version of the pump, Proceedings of the IEEE Symposium on Security and Privacy, pp. 144\u2013154, 1995."},{"key":"11_CR18","first-page":"286","volume-title":"Proceedings of the Fourteenth ACM Conference on Computer and Communications Security","author":"B. Kopf","year":"2007","unstructured":"B. Kopf and D. Basin, An information-theoretic model for adaptive side-channel attacks, Proceedings of the Fourteenth ACM Conference on Computer and Communications Security, pp. 286\u2013296, 2007."},{"key":"11_CR19","volume-title":"Proceedings of the Forty-Second Hawaii International Conference on System Sciences","author":"Y. Liu","year":"2009","unstructured":"Y. Liu, C. Corbett, K. Chiang, R. Archibald, B. Mukherjee and D. Ghosal, SIDD: A framework for detecting sensitive data exfiltration by an insider attack, Proceedings of the Forty-Second Hawaii International Conference on System Sciences, 2009."},{"issue":"4","key":"11_CR20","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1145\/1138085.1138092","volume":"33","author":"M. Mesnier","year":"2006","unstructured":"M. Mesnier, M. Wachs, B. Salmon and G. Ganger, Relative fitness models for storage, ACM SIGMETRICS Performance Evaluation Review, vol. 33(4), pp. 23\u201328, 2006.","journal-title":"ACM SIGMETRICS Performance Evaluation Review"},{"key":"11_CR21","unstructured":"Microsoft, Microsoft Azure Services Platform, Redmond, Washington (www.microsoft.com\/azure\/default.mspx)."},{"key":"11_CR22","first-page":"173","volume-title":"Proceedings of the Twenty-Fifth Symposium on Applied Computing","author":"K. Okamura","year":"2010","unstructured":"K. Okamura and Y. Oyama, Load-based covert channels between Xen virtual machines, Proceedings of the Twenty-Fifth Symposium on Applied Computing, pp. 173\u2013180, 2010."},{"key":"11_CR23","first-page":"334","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"P. Peng","year":"2006","unstructured":"P. Peng, P. Ning and D. Reeves, On the secrecy of timing-based active watermarking trace-back techniques, Proceedings of the IEEE Symposium on Security and Privacy, pp. 334\u2013349, 2006."},{"key":"11_CR24","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/978-3-540-87403-4_4","volume-title":"Proceedings of the Eleventh International Symposium on Recent Advances in Intrusion Detection","author":"D. Ramsbrock","year":"2008","unstructured":"D. Ramsbrock, X. Wang and X. Jiang, A first step towards live botmaster traceback, Proceedings of the Eleventh International Symposium on Recent Advances in Intrusion Detection, pp. 59\u201377, 2008."},{"key":"11_CR25","first-page":"199","volume-title":"Proceedings of the Sixteenth ACM Conference on Computer and Communications Security","author":"T. Ristenpart","year":"2009","unstructured":"T. Ristenpart, E. Tromer, H. Shacham and S. Savage, Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds, Proceedings of the Sixteenth ACM Conference on Computer and Communications Security, pp. 199\u2013212, 2009."},{"key":"11_CR26","first-page":"59","volume-title":"Proceedings of the Fifteenth USENIX Security Symposium","author":"G. Shah","year":"2006","unstructured":"G. Shah, A. Molina and M. Blaze, Keyboards and covert channels, Proceedings of the Fifteenth USENIX Security Symposium, pp. 59\u201375, 2006."},{"key":"11_CR27","first-page":"311","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"R. Smith","year":"2008","unstructured":"R. Smith and G. Scott Knight, Predictable design of network-based covert communication systems, Proceedings of the IEEE Symposium on Security and Privacy, pp. 311\u2013321, 2008."},{"key":"11_CR28","unstructured":"Verizon, IP latency statistics, New York (www.verizonbusiness.com\/about \/network\/latency), 2010"},{"key":"11_CR29","unstructured":"VMware, VMware ESXi and ESX Info Center, Palo Alto, California (www.vmware.com\/products\/vsphere\/esxi-and-esx\/index.html)."},{"key":"11_CR30","first-page":"96","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"M. Vutukuru","year":"2008","unstructured":"M. Vutukuru, H. Balakrishnan and V. Paxson, Efficient and robust TCP stream normalization, Proceedings of the IEEE Symposium on Security and Privacy, pp. 96\u2013110, 2008."},{"key":"11_CR31","first-page":"99","volume-title":"Proceedings of the Twenty-Second Annual Computer Security Applications Conference","author":"H. Wang","year":"2006","unstructured":"H. Wang, S. Jha and V. Ganapathy, NetSpy: Automatic generation of spyware signatures for NIDS, Proceedings of the Twenty-Second Annual Computer Security Applications Conference, pp. 99\u2013108, 2006."},{"key":"11_CR32","first-page":"81","volume-title":"Proceedings of the Twelfth ACM Conference on Computer and Communications Security","author":"X. Wang","year":"2005","unstructured":"X. Wang, S. Chen and S. Jajodia, Tracking anonymous peer-to-peer VoIP calls on the Internet, Proceedings of the Twelfth ACM Conference on Computer and Communications Security, pp. 81\u201391, 2005."},{"key":"11_CR33","first-page":"116","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"X. Wang","year":"2007","unstructured":"X. Wang, S. Chen and S. Jajodia, Network flow watermarking attack on low-latency anonymous communication systems, Proceedings of the IEEE Symposium on Security and Privacy, pp. 116\u2013130, 2007."},{"key":"11_CR34","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1145\/948109.948115","volume-title":"Proceedings of the Tenth ACM Conference on Computer and Communications Security","author":"X. Wang","year":"2003","unstructured":"X. Wang and D. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays, Proceedings of the Tenth ACM Conference on Computer and Communications Security, pp. 20\u201329, 2003."},{"key":"11_CR35","first-page":"473","volume-title":"Proceedings of the Twenty-Second Annual Computer Security Applications Conference","author":"Z. Wang","year":"2006","unstructured":"Z. Wang and R. Lee, Covert and side channels due to processor architecture, Proceedings of the Twenty-Second Annual Computer Security Applications Conference, pp. 473\u2013482, 2006."}],"container-title":["IFIP Advances in Information and Communication Technology","Critical Infrastructure Protection V"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-24864-1_11.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,11]],"date-time":"2021-12-11T10:36:32Z","timestamp":1639218992000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-24864-1_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642248634","9783642248641"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-24864-1_11","relation":{},"ISSN":["1868-4238","1861-2288"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1861-2288","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}