{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T10:14:15Z","timestamp":1730283255638,"version":"3.28.0"},"reference-count":42,"publisher":"IEEE","license":[{"start":{"date-parts":[[2019,11,1]],"date-time":"2019-11-01T00:00:00Z","timestamp":1572566400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,11,1]],"date-time":"2019-11-01T00:00:00Z","timestamp":1572566400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,11,1]],"date-time":"2019-11-01T00:00:00Z","timestamp":1572566400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,11]]},"DOI":"10.1109\/milcom47813.2019.9020783","type":"proceedings-article","created":{"date-parts":[[2020,3,6]],"date-time":"2020-03-06T15:00:21Z","timestamp":1583506821000},"page":"1-6","source":"Crossref","is-referenced-by-count":5,"title":["Runtime Detection of Userspace Implants"],"prefix":"10.1109","author":[{"given":"J. Aaron","family":"Pendergrass","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nathan","family":"Hull","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Clemens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sarah C.","family":"Helble","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mark","family":"Thober","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kathleen","family":"McGill","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Machon","family":"Gregory","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peter","family":"Loscocco","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"journal-title":"Syscan'14 singapore Linux memory forensics a real life case study by georg wicherski","year":"2014","author":"wicherski","key":"ref39"},{"journal-title":"Pure linux threads demo","year":"2015","author":"wellons","key":"ref38"},{"journal-title":"Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification Version 1 2","year":"1995","key":"ref33"},{"journal-title":"The horse pill rootkit vs forcepoint threat protection for linux","year":"2016","author":"tappert","key":"ref32"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2010.187"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/1519144.1519145"},{"key":"ref37","first-page":"2:1","article-title":"Exploiting concurrency vulnerabilities in system call wrappers","author":"watson","year":"2007","journal-title":"Proceedings of the First USENIX Workshop on Offensive Technologies"},{"journal-title":"The Art of Memory Forensics Detecting Malware and Threats in Windows Linux and Mac Memory","year":"2014","author":"walters","key":"ref36"},{"key":"ref35","article-title":"A survey of isolation techniques","author":"viswanathan","year":"2009","journal-title":"Draft Copy Information Sciences Institute"},{"key":"ref34","article-title":"Tnc architecture for interoperability version 1.5, revision 3","volume":"1","author":"tnc","year":"2012","journal-title":"TCG Specification"},{"journal-title":"Samson - secure authentication modules","year":"2015","author":"fisher","key":"ref10"},{"journal-title":"Move over apts - the ram-based advanced volatile threat is spinning up fast","year":"2013","author":"wilson","key":"ref40"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-008-0086-0"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133958"},{"journal-title":"Horse Pill","year":"2016","author":"leibowitz","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1314354.1314362"},{"key":"ref15","doi-asserted-by":"crossref","first-page":"1332","DOI":"10.1007\/978-1-4419-5906-5_796","article-title":"Trusted platform module","author":"morris","year":"2011","journal-title":"Encyclopedia of Cryptography and Security"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.98"},{"journal-title":"Address space layout randomization","year":"2003","key":"ref17"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2018.8599735"},{"journal-title":"A toolkit for runtime detection of userspace implants","year":"2019","author":"pendergrass","key":"ref19"},{"key":"ref28","first-page":"11","article-title":"The flask security architecture: System support for diverse security policies","author":"spencer","year":"1999","journal-title":"Proceedings of the 8th conference on USENIX Security Symposium - Volume 8 SSYM'99"},{"journal-title":"Using chroot securely","year":"2007","author":"chuvakin","key":"ref4"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1272996.1273025"},{"key":"ref3","first-page":"385","article-title":"ROP is still dangerous: Breaking modern defenses","author":"carlini","year":"2014","journal-title":"23rd USENIX Security Symposium (USENIX Security 14)"},{"journal-title":"W^X - the mechanism","year":"2006","author":"de raadt","key":"ref6"},{"journal-title":"Advanced Programming in the UNIX Environment","year":"2013","author":"stevens","key":"ref29"},{"journal-title":"Crowdstrike releases annual cyber intrusion services casebook","year":"2017","key":"ref5"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E.2014.41"},{"journal-title":"Trusted boot (tboot)","year":"2015","key":"ref7"},{"key":"ref2","article-title":"Unix and linux based rootkits techniques and countermeasures","author":"bunten","year":"2004","journal-title":"16th Annual FIRST Conference on Computer Security Incident Handling"},{"journal-title":"Modern userland exec","year":"2014","author":"edinger","key":"ref9"},{"journal-title":"Cb protection","year":"2018","key":"ref1"},{"key":"ref20","article-title":"An architecture for specification-based detection of semantic integrity violations in kernel dynamic data","author":"petroni","year":"2006","journal-title":"Usenix Security"},{"journal-title":"Introducing Stealth Malware Taxonomy","year":"2006","author":"rutkowska","key":"ref22"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45572-3_7"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"},{"journal-title":"Hiddenwasp malware stings targeted linux systems","year":"2019","author":"sanmillan","key":"ref24"},{"key":"ref41","article-title":"Internet security threat report: Living off the land and fileless attack techniques","author":"wueest","year":"2017","journal-title":"An ISTR Special Report"},{"key":"ref23","first-page":"16","article-title":"Design and implementation of a tcg-based integrity measurement architecture","author":"sailer","year":"2004","journal-title":"Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 SSYM'04"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660309"}],"event":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","start":{"date-parts":[[2019,11,12]]},"location":"Norfolk, VA, USA","end":{"date-parts":[[2019,11,14]]}},"container-title":["MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8993674\/9020712\/09020783.pdf?arnumber=9020783","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,17]],"date-time":"2022-07-17T21:52:09Z","timestamp":1658094729000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9020783\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11]]},"references-count":42,"URL":"https:\/\/doi.org\/10.1109\/milcom47813.2019.9020783","relation":{},"subject":[],"published":{"date-parts":[[2019,11]]}}}