{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T07:31:02Z","timestamp":1776238262128,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642372995","type":"print"},{"value":"9783642373008","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-37300-8_2","type":"book-chapter","created":{"date-parts":[[2013,3,13]],"date-time":"2013-03-13T04:53:59Z","timestamp":1363150439000},"page":"21-41","source":"Crossref","is-referenced-by-count":63,"title":["Understanding DMA Malware"],"prefix":"10.1007","author":[{"given":"Patrick","family":"Stewin","sequence":"first","affiliation":[]},{"given":"Iurii","family":"Bystrov","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"3","key":"2_CR1","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1535\/itj.1003.02","volume":"10","author":"D. Abramson","year":"2006","unstructured":"Abramson, D., Jackson, J., Muthrasanallur, S., Neiger, G., Regnier, G., Sankaran, R., Schoinas, I., Uhlig, R., Vembu, B., Wiegert, J.: Intel Virtualization Technology for Directed I\/O. Intel Technology Journal\u00a010(3), 179\u2013192 (2006)","journal-title":"Intel Technology Journal"},{"key":"2_CR2","unstructured":"Aumaitre, D., Devine, C.: Subverting Windows 7 x64 Kernel with DMA attacks. Sogeti ESEC Lab (July 2010), \n                    \n                      http:\/\/esec-lab.sogeti.com\/dotclear\/public\/publications\/10-hitbamsterdam-dmaattacks.pdf"},{"key":"2_CR3","unstructured":"Boileau, A.: Hit by a Bus: Physical Access Attacks with Firewire. Security-Assessment.com, Ruxcon 2006 (October 2006), \n                    \n                      http:\/\/www.security-assessment.com\/files\/presentations\/ab_firewire_rux2k6-final.pdf"},{"key":"2_CR4","unstructured":"Budruk, R., Shanley, T., Anderson, D.: PCI Express System Architecture. The PC System Architecture Series. Addison Wesley, Pearson Education, MindShare, Inc. (July 2010)"},{"key":"2_CR5","unstructured":"Bulygin, Y.: Chipset based Approach to detect Virtualization Malware. TuCancUnix (2008), \n                    \n                      http:\/\/www.tucancunix.net\/ceh\/bhusa\/BHUSA08\/speakers\/Bulygin_Detection_of_Rootkits\/bh-us-08-bulygin_Chip_Based_Approach_to_Detect_Rootkits.pdf"},{"key":"2_CR6","unstructured":"Corbet, J., Rubini, A., Kroah-Hartman, G.: Linux Device Drivers, 3rd edn. O\u2019Reilly Media, Inc. (2005)"},{"key":"2_CR7","unstructured":"Delugr\u00e9, G.: Closer to metal: Reverse engineering the Broadcom NetExtreme\u2019s firmware. Sogeti ESEC Lab (October 2010), \n                    \n                      http:\/\/esec-lab.sogeti.com\/dotclear\/public\/publications\/10-hack.lu-nicreverse_slides.pdf"},{"key":"2_CR8","unstructured":"Dornseif, M.: 0wned by an iPod - hacking by Firewire. Laboratory for Dependable Distributed Systems University of Mannheim, PacSec 2004 (November 2004), \n                    \n                      http:\/\/pi1.informatik.uni-mannheim.de\/filepool\/presentations\/0wned-by-an-ipod-hacking-by-firewire.pdf"},{"key":"2_CR9","unstructured":"Dornseif, M., Becher, M., Klein, C.N.: FireWire \u2013 all your memory are belong to us. CanSecWest (May 2005), \n                    \n                      http:\/\/cansecwest.com\/core05\/2005-firewire-cansecwest.pdf"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/978-3-642-23644-0_20","volume-title":"Recent Advances in Intrusion Detection","author":"L. Duflot","year":"2011","unstructured":"Duflot, L., Perez, Y.-A., Morin, B.: What If You Can\u2019t Trust Your Network Card? In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol.\u00a06961, pp. 378\u2013397. Springer, Heidelberg (2011)"},{"key":"2_CR11","unstructured":"Duflot, L., Perez, Y.-A., Valadon, G., Levillain, O.: Can you still trust your network card? French Network and Information Security Agency (FNISA) (March 2010), \n                    \n                      http:\/\/www.ssi.gouv.fr\/IMG\/pdf\/csw-trustnetworkcard.pdf"},{"key":"2_CR12","first-page":"1","volume-title":"Proceedings of the 4th International Conference on Security and Privacy in Communication Networks","author":"S. Embleton","year":"2008","unstructured":"Embleton, S., Sparks, S., Zou, C.: Smm rootkits: a new breed of os independent malware. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, pp. 1\u201312. ACM, New York (2008)"},{"key":"2_CR13","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proc. Network and Distributed Systems Security Symposium (February 2003)"},{"key":"2_CR14","unstructured":"Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press (2009)"},{"key":"2_CR15","unstructured":"Hennessy, J.L., Patterson, D.A.: Computer Architecture: A Quantitative Approach, 3rd edn. Morgan Kaufmann (May 2005)"},{"key":"2_CR16","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional (2005)"},{"key":"2_CR17","unstructured":"Intel Corporation: Intel I\/O Controller Hub (ICH9) Family. Intel Corporation (August 2008), \n                    \n                      http:\/\/www.intel.com\/content\/dam\/doc\/datasheet\/io-controller-hub-9-datasheet.pdf"},{"key":"2_CR18","unstructured":"Intel Corporation: 2nd Generation Intel Core vPro Processor Family. Intel Corporation (June 2011), \n                    \n                      http:\/\/www.intel.com\/content\/dam\/doc\/white-paper\/performance-2nd-generation-core-vpro-family-paper.pdf"},{"key":"2_CR19","unstructured":"Intel Corporation: Access Accounts More Securely with Intel Identity Protection Technology. Intel Corporation (February 2011), \n                    \n                      http:\/\/ipt.intel.com\/Libraries\/Documents\/Intel_IdentityProtect_techbrief_v7.sflb.ashx"},{"key":"2_CR20","first-page":"314","volume-title":"SP 2006: Proceedings of the 2006 IEEE Symposium on Security and Privacy","author":"S.T. King","year":"2006","unstructured":"King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: Implementing malware with virtual machines. In: SP 2006: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 314\u2013327. IEEE Computer Society, Washington, DC (2006)"},{"key":"2_CR21","unstructured":"Kumar, A., Goel, P., Saint-Hilaire, Y.: Active Platform Management Demystified. Richard Bowles, Intel Press (2009)"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Li, Y., McCune, J.M., Perrig, A.: VIPER: Verifying the integrity of peripherals\u2019 firmware. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (October 2011)","DOI":"10.1145\/2046707.2046711"},{"key":"2_CR23","unstructured":"Maynor, D.: DMA: Skeleton key of computing && selected soap box rants. CanSecWest (May 2005), \n                    \n                      http:\/\/cansecwest.com\/core05\/DMA.ppt"},{"key":"2_CR24","volume-title":"Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004","author":"N.L. Petroni Jr.","year":"2004","unstructured":"Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a coprocessor-based kernel runtime integrity monitor. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol.\u00a013. USENIX Association, Berkeley (2004)"},{"key":"2_CR25","unstructured":"Russinovich, M., Solomon, D.A.: Windows Internals: Including Windows Server 2008 and Windows Vista, 5th edn. Microsoft Press (2009)"},{"key":"2_CR26","unstructured":"Rutkowska, J.: Red Pill... or how to detect VMM using (almost) one CPU instruction. Internet Archive (November 2004), \n                    \n                      http:\/\/web.archive.org\/web\/20110726182809\/\n                    \n                    \n                  , \n                    \n                      http:\/\/invisiblethings.org\/papers\/redpill.html"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Sang, F., Lacombe, E., Nicomette, V., Deswarte, Y.: Exploiting an I\/OMMU vulnerability. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 7\u201314 (October 2010)","DOI":"10.1109\/MALWARE.2010.5665798"},{"key":"2_CR28","unstructured":"Tereshkin, A., Wojtczuk, R.: Introducing Ring -3 Rootkits. Black hat (July 2009), \n                    \n                      http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/TERESHKIN\/BHUSA09-Tereshkin-Ring3Rootkit-SLIDES.pdf"},{"key":"2_CR29","volume-title":"PC Hardware in a Nutshell","author":"R.B. Thompson","year":"2003","unstructured":"Thompson, R.B., Thompson, B.F.: PC Hardware in a Nutshell, 3rd edn. O\u2019Reilly & Associates, Inc., Sebastopol (2003)","edition":"3"},{"key":"2_CR30","unstructured":"Triulzi, A.: Project Maux Mk.II. The Alchemist Owl (2008), \n                    \n                      http:\/\/www.alchemistowl.org\/arrigo\/Papers\/Arrigo-Triulzi-PACSEC08-Project-Maux-II.pdf"},{"key":"2_CR31","unstructured":"Triulzi, A.: The Jedi Packet Trick takes over the Deathstar. The Alchemist Owl (March 2010), \n                    \n                      http:\/\/www.alchemistowl.org\/arrigo\/Papers\/Arrigo-Triulzi-CANSEC10-Project-Maux-III.pdf"},{"key":"2_CR32","unstructured":"Trusted Computing Group: TCG PC Client Specific Impementation Specification for Conventional BIOS. TCG (July 2005), \n                    \n                      http:\/\/www.trustedcomputinggroup.org\/files\/temp\/64505409-1D09-3519-AD5C611FAD3F799B\/PCClientImplementationforBIOS.pdf"},{"key":"2_CR33","unstructured":"Wojtczuk, R., Rutkowska, J.: Attacking Intel TXT via SINIT code execution hijacking. ITL (November 2011), \n                    \n                      http:\/\/www.invisiblethingslab.com\/resources\/2011\/Attacking_Intel_TXT_via_SINIT_hijacking.pdf"},{"key":"2_CR34","unstructured":"Wojtczuk, R., Rutkowska, J.: Following the White Rabbit: Software attacks against Intel VT-d technology. ITL (April 2011), \n                    \n                      http:\/\/www.invisiblethingslab.com\/resources\/2011\/Software%20Attacks%20on%20Intel%20VT-d.pdf"},{"key":"2_CR35","unstructured":"Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Another Way to Circumvent Intel(R) Trusted Execution Technology. ITL (December 2009), \n                    \n                      http:\/\/invisiblethingslab.com\/resources\/misc09\/Another%20TXT%20Attack.pdf"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-37300-8_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,11]],"date-time":"2019-05-11T14:47:40Z","timestamp":1557586060000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-37300-8_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642372995","9783642373008"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-37300-8_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}