{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T11:10:47Z","timestamp":1769598647786,"version":"3.49.0"},"reference-count":58,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2011,12,1]],"date-time":"2011-12-01T00:00:00Z","timestamp":1322697600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2011,12]]},"DOI":"10.1109\/tifs.2011.2159712","type":"journal-article","created":{"date-parts":[[2011,6,21]],"date-time":"2011-06-21T15:00:56Z","timestamp":1308668456000},"page":"1404-1417","source":"Crossref","is-referenced-by-count":33,"title":["Comprehensive and Efficient Protection of Kernel Control Data"],"prefix":"10.1109","volume":"6","author":[{"given":"Jinku","family":"Li","sequence":"first","affiliation":[]},{"given":"Zhi","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Tyler","family":"Bletsch","sequence":"additional","affiliation":[]},{"given":"Deepa","family":"Srinivasan","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Grace","sequence":"additional","affiliation":[]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","article-title":"StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks","author":"cowan","year":"1998","journal-title":"Proc 7th USENIX Security Symp"},{"key":"ref38","article-title":"Stealthy malware detection through VMM-based &#x201C;Out-of-the-Box&#x201D; semantic view reconstruction","author":"jiang","year":"2007","journal-title":"Proc ACM Conf Computer and Comm Security"},{"key":"ref33","article-title":"Copilot&#x2014;A coprocessor-based kernel runtime integrity monitor","author":"petroni","year":"2004","journal-title":"Proc 13th Usenix Security Symp"},{"key":"ref32","article-title":"Efficient monitoring of untrusted kernel-mode execution","author":"srivastava","year":"2011","journal-title":"Proc 10th Annu Netw Distrib Syst Security Symp"},{"key":"ref31","article-title":"Practical protection of kernel integrity for commodity OS from untrusted extensions","author":"xiong","year":"2011","journal-title":"Proc 10th Annu Netw Distrib Syst Security Symp"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/378795.378855"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2005.39"},{"key":"ref36","article-title":"A virtual machine introspection based architecture for intrusion detection","author":"garfinkel","year":"2003","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref35","article-title":"Automated detection of persistent kernel control-flow attacks","author":"petroni","year":"2007","journal-title":"Proc ACM Conf Computer and Comm Security"},{"key":"ref34","article-title":"An architecture for specification-based detection of semantic integrity violations in kernel dynamic data","author":"petroni","year":"2006","journal-title":"Proc 15th Usenix Security Symp"},{"key":"ref28","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-540-87403-4_2","article-title":"Countering persistent kernel rootkits through systematic hook discovery","author":"wang","year":"2008","journal-title":"Proc 2nd Int l Symp Recent Advances in Intrusion Detection"},{"key":"ref27","year":"0","journal-title":"LMbenchTools for Performance Analysis"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250767"},{"key":"ref2","year":"2010","journal-title":"Cooperation Grows in Fight Against Cybercrime"},{"key":"ref1","year":"2006","journal-title":"Rootkit Numbers Rocketing UP McAfee Says"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/945461.945462"},{"key":"ref22","year":"0","journal-title":"General FreeBSD Architecture and Design"},{"key":"ref21","year":"0","journal-title":"QEMU Open Source Processor Emulator"},{"key":"ref24","first-page":"149","article-title":"A comparison of publicly available tools for dynamic buffer overflow prevention","author":"wilander","year":"2003","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"ref26","year":"0","journal-title":"abApache HTTP Server Benchmarking Tool"},{"key":"ref25","year":"0","journal-title":"Apache HTTP Server Project"},{"key":"ref50","article-title":"Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors","author":"akritidis","year":"2009","journal-title":"Proc 10th Usenix Security Symp"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/1134285.1134309"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"},{"key":"ref57","article-title":"Vx32: Lightweight user-level sandboxing on the <ref_formula><tex Notation=\"TeX\">$\\times$<\/tex><\/ref_formula>86","author":"ford","year":"2008","journal-title":"Proc 2008 USENIX Ann Technical Conf"},{"key":"ref56","article-title":"Evaluating SFI for a CISC architecture","author":"mccamant","year":"2006","journal-title":"Proc 15th Usenix Security Symp"},{"key":"ref55","article-title":"MiSFIT: A tool for constructing safe extensible C++ systems","author":"small","year":"1997","journal-title":"Proc 3rd Conf USENIX Conf Object-Oriented Technologies"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"ref53","article-title":"Memory safety for low-level software\/hardware interactions","author":"criswell","year":"2009","journal-title":"Proc 10th Usenix Security Symp"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294295"},{"key":"ref10","article-title":"Control-flow integrity","author":"abadi","year":"2005","journal-title":"Proc ACM Conf Computer and Comm Security"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653728"},{"key":"ref40","year":"0","journal-title":"Stack Shield A Stack Smashing Technique Protection Tool for Linux"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.30"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1508293.1508311"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2004.1281665"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346278"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653729"},{"key":"ref19","year":"0","journal-title":"The LLVM Target-Independent Code Generator"},{"key":"ref4","year":"0","journal-title":"W^X"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455776"},{"key":"ref5","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-540-87403-4_1","article-title":"Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing","author":"riley","year":"2008","journal-title":"Proc 2nd Int l Symp Recent Advances in Intrusion Detection"},{"key":"ref8","article-title":"Return-oriented rootkits: Bypasssing kernel code integrity protection mechanisms","author":"hund","year":"2009","journal-title":"Proc 10th Usenix Security Symp"},{"key":"ref7","article-title":"The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the <ref_formula> <tex Notation=\"TeX\">$\\times$<\/tex><\/ref_formula>86)","author":"shacham","year":"2007","journal-title":"Proc ACM Conf Computer and Comm Security"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542504"},{"key":"ref9","article-title":"Secure execution via program shepherding","author":"kiriansky","year":"2002","journal-title":"Proc 11th Usenix Security Symp"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629581"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.30"},{"key":"ref48","article-title":"Cyclone: A safe dialect of C","author":"jim","year":"2002","journal-title":"Proc 2002 USENIX Ann Technical Conf"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/1065887.1065892"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/1755913.1755934"},{"key":"ref41","author":"etoh","year":"0","journal-title":"GCC Extension for Protecting Applications From Stack-Smashing Attacks"},{"key":"ref44","article-title":"XFI: Software guards for system address spaces","author":"erlingsson","year":"2006","journal-title":"Proc USENIX Symp Operating Systems Design and Implementation"},{"key":"ref43","article-title":"Securing software by enforcing data-flow integrity","author":"castro","year":"2006","journal-title":"Proc USENIX Symp Operating Systems Design and Implementation"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/10206\/6069499\/05887414.pdf?arnumber=5887414","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:53:29Z","timestamp":1642006409000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/5887414\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,12]]},"references-count":58,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2011.2159712","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,12]]}}}