{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T20:46:22Z","timestamp":1775249182795,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2009,11,9]],"date-time":"2009-11-09T00:00:00Z","timestamp":1257724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2009,11,9]]},"DOI":"10.1145\/1653662.1653729","type":"proceedings-article","created":{"date-parts":[[2009,11,11]],"date-time":"2009-11-11T13:02:08Z","timestamp":1257944528000},"page":"555-565","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":83,"title":["Mapping kernel objects to enable systematic integrity checking"],"prefix":"10.1145","author":[{"given":"Martim","family":"Carbone","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Weidong","family":"Cui","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA, USA"}]},{"given":"Long","family":"Lu","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Marcus","family":"Peinado","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA, USA"}]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}]}],"member":"320","published-online":{"date-parts":[[2009,11,9]]},"reference":[{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062520"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.29"},{"key":"e_1_3_2_1_4_1","unstructured":"Microsoft Corporation. Windows Research Kernel.http:\/\/www.microsoft.com\/resources\/sharedsource\/windowsacademic\/researchkernelkit.mspx.  Microsoft Corporation. Windows Research Kernel.http:\/\/www.microsoft.com\/resources\/sharedsource\/windowsacademic\/researchkernelkit.mspx."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation","author":"Cozzie A.","year":"2008","unstructured":"A. Cozzie , F. Stratton , H. Xue , and S. T. King . Digging for Data Structures . In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation , 2008 . A. Cozzie, F. Stratton, H. Xue, and S. T. King. Digging for Data Structures. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2008."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/349299.349309"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653730"},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the Tenth ISOC Symposium on Network and Distributed Systems Security (NDSS)","author":"Garfinkel T.","year":"2003","unstructured":"T. Garfinkel and M. Rosenblum . A Virtual Machine Introspection Based Architecture for Intrusion Detection . In Proceedings of the Tenth ISOC Symposium on Network and Distributed Systems Security (NDSS) , February 2003 . T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Tenth ISOC Symposium on Network and Distributed Systems Security (NDSS), February 2003."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250767"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/378795.378855"},{"key":"e_1_3_2_1_11_1","volume-title":"Rootkits: Subverting the Windows Kernel","author":"Hoglund G.","year":"2005","unstructured":"G. Hoglund and J. Butler . Rootkits: Subverting the Windows Kernel . Addison-Wesley Professional , 2005 . G. Hoglund and J. Butler. Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, 2005."},{"key":"e_1_3_2_1_12_1","unstructured":"S. Hultquist. Rootkits: The Next Big Enterprise Threat?http:\/\/www.infoworld.com\/article\/07\/04\/30\/18FErootkit_1.html.  S. Hultquist. Rootkits: The Next Big Enterprise Threat?http:\/\/www.infoworld.com\/article\/07\/04\/30\/18FErootkit_1.html."},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 17th USENIX Security Symposium","author":"Litty L.","year":"2008","unstructured":"L. Litty , H. A. Lagar-Cavilla , and D. Lie . Hypervisor Support for Identifying Covertly Executing Binaries . In Proceedings of the 17th USENIX Security Symposium , 2008 . L. Litty, H. A. Lagar-Cavilla, and D. Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of the 17th USENIX Security Symposium, 2008."},{"key":"e_1_3_2_1_14_1","unstructured":"Microsoft Corporation. Debugger engine and extensions api. http:\/\/msdn.microsoft.com\/en-us\/library\/cc267863.aspx.  Microsoft Corporation. Debugger engine and extensions api. http:\/\/msdn.microsoft.com\/en-us\/library\/cc267863.aspx."},{"key":"e_1_3_2_1_15_1","volume-title":"Overview of Memory Dump File Options for Windows Server","author":"Microsoft Corporation","year":"2003","unstructured":"Microsoft Corporation . Overview of Memory Dump File Options for Windows Server 2003 , Windows XP, and Windows 2000. http:\/\/support.microsoft.com\/kb\/254649. Microsoft Corporation. Overview of Memory Dump File Options for Windows Server 2003, Windows XP, and Windows 2000. http:\/\/support.microsoft.com\/kb\/254649."},{"key":"e_1_3_2_1_16_1","unstructured":"Microsoft Corporation. Phoenix compiler framework. http:\/\/connect.microsoft.com\/Phoenix.  Microsoft Corporation. Phoenix compiler framework. http:\/\/connect.microsoft.com\/Phoenix."},{"key":"e_1_3_2_1_17_1","unstructured":"Offensive Computing. Public malware database. http:\/\/www.offensivecomputing.net.  Offensive Computing. Public malware database. http:\/\/www.offensivecomputing.net."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/996821.996835"},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the 13th USENIX Security Symposium","author":"Petroni N. L.","year":"2004","unstructured":"N. L. Petroni Jr ., T. Fraser , J. Molina , and W. A. Arbaugh . Copilot -- a Coprocessor-based Kernel Runtime Integrity Monitor . In Proceedings of the 13th USENIX Security Symposium , 2004 . N. L. Petroni Jr., T. Fraser, J. Molina, and W. A. Arbaugh. Copilot -- a Coprocessor-based Kernel Runtime Integrity Monitor. In Proceedings of the 13th USENIX Security Symposium, 2004."},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 15th USENIX Security Symposium","author":"Petroni N. L.","year":"2006","unstructured":"N. L. Petroni Jr ., T. Fraser , A. Walters , and W. A. Arbaugh . An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data . In Proceedings of the 15th USENIX Security Symposium , 2006 . N. L. Petroni Jr., T. Fraser, A. Walters, and W. A. Arbaugh. An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In Proceedings of the 15th USENIX Security Symposium, 2006."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315260"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190225"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/1433006.1433008"},{"key":"e_1_3_2_1_25_1","unstructured":"Rootkit.com. http:\/\/www.rootkit.com.  Rootkit.com. http:\/\/www.rootkit.com."},{"key":"e_1_3_2_1_26_1","unstructured":"M. Russinovich. WinObj v2.15. http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896657.aspx.  M. Russinovich. WinObj v2.15. http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896657.aspx."},{"key":"e_1_3_2_1_27_1","volume-title":"Microsoft Windows Internals","author":"Russinovich M. E.","year":"2005","unstructured":"M. E. Russinovich and D. A. Solomon . Microsoft Windows Internals ( 4 th Edition). Microsoft Press , 2005 . M. E. Russinovich and D. A. Solomon. Microsoft Windows Internals (4th Edition). Microsoft Press, 2005.","edition":"4"},{"key":"e_1_3_2_1_28_1","unstructured":"J. Rutkowska. klister. http:\/\/www.rootkit.com\/board_project_fused.php?did=proj14.  J. Rutkowska. klister. http:\/\/www.rootkit.com\/board_project_fused.php?did=proj14."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/237721.237727"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/207110.207111"}],"event":{"name":"CCS '09: 16th ACM Conference on Computer and Communications Security 2009","location":"Chicago Illinois USA","acronym":"CCS '09","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 16th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1653662.1653729","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1653662.1653729","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:38:53Z","timestamp":1750253933000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1653662.1653729"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,11,9]]},"references-count":30,"alternative-id":["10.1145\/1653662.1653729","10.1145\/1653662"],"URL":"https:\/\/doi.org\/10.1145\/1653662.1653729","relation":{},"subject":[],"published":{"date-parts":[[2009,11,9]]},"assertion":[{"value":"2009-11-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}