{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T01:17:05Z","timestamp":1743124625864,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":23,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642333378"},{"type":"electronic","value":"9783642333385"}],"license":[{"start":{"date-parts":[[2012,1,1]],"date-time":"2012-01-01T00:00:00Z","timestamp":1325376000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-33338-5_2","type":"book-chapter","created":{"date-parts":[[2012,9,26]],"date-time":"2012-09-26T01:17:07Z","timestamp":1348622227000},"page":"22-41","source":"Crossref","is-referenced-by-count":35,"title":["Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection"],"prefix":"10.1007","author":[{"given":"Martim","family":"Carbone","sequence":"first","affiliation":[]},{"given":"Matthew","family":"Conover","sequence":"additional","affiliation":[]},{"given":"Bruce","family":"Montague","sequence":"additional","affiliation":[]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 2003 Network and Distributed System Symposium (2003)"},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Payne, B.D., Carbone, M., Lee, W.: Secure and flexible monitoring of virtual machines. In: Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007) (2007)","DOI":"10.1109\/ACSAC.2007.4413005"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through vmm-based \u201dout-of-the-box\u201d semantic view reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"2_CR4","unstructured":"Petroni, N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An architecture for specification-based detection of semantic integrity violations in kernel dynamic data. In: Proceedings of the 15th USENIX Security Symposium (2006)"},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Petroni, N.L., Hicks, M.: Automated detection of persistent kernel control-flow attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315260"},{"key":"2_CR6","unstructured":"Chiueh, T., Conover, M., Lu, M., Montague, B.: Stealthy deployment and execution of in-guest kernel agents. In: Blackhat Technical Security Conference (2009)"},{"key":"2_CR7","doi-asserted-by":"crossref","unstructured":"Payne, B.D., Carbone, M., Sharif, M., Lee, W.: Lares: An architecture for secure active monitoring using virtualization. In: Proceedings of the IEEE Symposium on Security and Privacy (2008)","DOI":"10.1109\/SP.2008.24"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Sharif, M., Lee, W., Cui, W., Lanzi, A.: Secure In-VM Monitoring Using Hardware Virtualization. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (2009)","DOI":"10.1145\/1653662.1653720"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In: Proceedings of Thirteenth International Conference on Architectural Support for Programming Languages and Operating Systems (2008)","DOI":"10.1145\/1346281.1346284"},{"key":"2_CR10","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional (2005)"},{"key":"2_CR11","unstructured":"Hund, R., Holz, T., Freiling, F.: Return-Oriented Rootkits: Bypassing Code Integrity Protection Mechanisms. In: Proceedings of the 18th USENIX Security Symposium (2009)"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"2_CR13","unstructured":"VMware Inc.: VMware VMsafe partner program, (December 2010), \n                      http:\/\/www.vmware.com\/technical-resources\/security\/vmsafe.html"},{"key":"2_CR14","unstructured":"bugcheck, skape: Finding Ntoskrnl.exe Base Address. Uninformed\u00a03 (2006)"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Lee, W.: Virtuoso: Narrowing the semantic gap in virtual machine introspection. In: Proceedings of the IEEE Symposium on Security and Privacy (2011)","DOI":"10.1109\/SP.2011.11"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: A new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2011)","DOI":"10.1145\/1966913.1966919"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (2010)","DOI":"10.1145\/1866307.1866370"},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping Kernel Objects to Enable Systematic Integrity Checking. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (2009)","DOI":"10.1145\/1653662.1653729"},{"key":"2_CR19","unstructured":"Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: Tracking processes in a virtual machine environment. In: Proceedings of the 2006 USENIX Annual Technical Conference, USENIX 2006 (2006)"},{"key":"2_CR20","unstructured":"Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: Proceedings of the 17th USENIX Security Symposium (2008)"},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"Joshi, A., King, S.T., Dunlap, G.W., Chen, P.M.: Detecting past and present intrusions through vulnerability-specific predicates. In: Proceedings of the 20th ACM Symposium on Operating Systems Principles (2005)","DOI":"10.1145\/1095810.1095820"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Srinivasan, D., Wang, Z., Jiang, X., Xu, D.: Process out-grafting: An efficient \u201cout-of-vm\u201d approach for fine-grained process execution monitoring. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (2011)","DOI":"10.1145\/2046707.2046751"},{"key":"2_CR23","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure Execution Via Program Shepherding. In: Proceedings of the 11th USENIX Security Symposium (2002)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-33338-5_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,9]],"date-time":"2021-08-09T19:04:40Z","timestamp":1628535880000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-642-33338-5_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642333378","9783642333385"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-33338-5_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2012]]}}}