{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:14:05Z","timestamp":1763468045185,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,10,17]],"date-time":"2011-10-17T00:00:00Z","timestamp":1318809600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,10,17]]},"DOI":"10.1145\/2046707.2046751","type":"proceedings-article","created":{"date-parts":[[2011,10,18]],"date-time":"2011-10-18T13:02:00Z","timestamp":1318942920000},"page":"363-374","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":63,"title":["Process out-grafting"],"prefix":"10.1145","author":[{"given":"Deepa","family":"Srinivasan","sequence":"first","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}]},{"given":"Zhi","family":"Wang","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}]},{"given":"Dongyan","family":"Xu","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]}],"member":"320","published-online":{"date-parts":[[2011,10,17]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"http:\/\/packetstormsecurity.org\/irc\/kaiten.c. {last accessed","author":"Kaiten","year":"2011","unstructured":"Kaiten . http:\/\/packetstormsecurity.org\/irc\/kaiten.c. {last accessed : May 2011 }. Kaiten. http:\/\/packetstormsecurity.org\/irc\/kaiten.c. {last accessed: May 2011}."},{"key":"e_1_3_2_1_2_1","volume-title":"http:\/\/www.linux-kvm.org. {last accessed","author":"Kernel Virtual Machine","year":"2011","unstructured":"Kernel Virtual Machine . http:\/\/www.linux-kvm.org. {last accessed : May 2011 }. Kernel Virtual Machine. http:\/\/www.linux-kvm.org. {last accessed: May 2011}."},{"key":"e_1_3_2_1_3_1","volume-title":"Fourth Quarter","author":"McAfee Threats Report","year":"2010","unstructured":"McAfee Threats Report : Fourth Quarter 2010 . http:\/\/www.mcafee.com\/us\/resources\/reports\/rp-quarterly-threat-q4--2010.pdf. {last accessed: May 2011}. McAfee Threats Report: Fourth Quarter 2010. http:\/\/www.mcafee.com\/us\/resources\/reports\/rp-quarterly-threat-q4--2010.pdf. {last accessed: May 2011}."},{"key":"e_1_3_2_1_4_1","volume-title":"http:\/\/www.qemu.org. {last accessed","author":"QEMU.","year":"2011","unstructured":"QEMU. http:\/\/www.qemu.org. {last accessed : May 2011 }. QEMU. http:\/\/www.qemu.org. {last accessed: May 2011}."},{"key":"e_1_3_2_1_5_1","unstructured":"UPX\n  : The Ultimate Packer for eXecutables. http:\/\/upx.sourceforge.net. {last accessed: May 2011}.  UPX: The Ultimate Packer for eXecutables. http:\/\/upx.sourceforge.net. {last accessed: May 2011}."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1168857.1168860"},{"key":"e_1_3_2_1_7_1","volume-title":"AMD-V Nested Paging. AMD White Paper","author":"AMD.","year":"2008","unstructured":"AMD. AMD-V Nested Paging. AMD White Paper ( 2008 ). AMD. AMD-V Nested Paging. AMD White Paper (2008)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.50"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 15th Annual Conference of the European Institute for Computer Antivirus Research","author":"Bayer U.","year":"2006","unstructured":"Bayer , U. , Kruegel , C. , and Kirda , E . TTAnalyze: A Tool for Analyzing Malware . In Proceedings of the 15th Annual Conference of the European Institute for Computer Antivirus Research ( 2006 ). Bayer, U., Kruegel, C., and Kirda, E. TTAnalyze: A Tool for Analyzing Malware. In Proceedings of the 15th Annual Conference of the European Institute for Computer Antivirus Research (2006)."},{"key":"e_1_3_2_1_10_1","volume-title":"BlackHat","author":"Chiueh T.","year":"2009","unstructured":"cker Chiueh , T. , Conover , M. , Lu , M. , and Montague , B . Stealthy Deployment and Execution of In-Guest Kernel Agents . In BlackHat 2009 . cker Chiueh, T., Conover, M., Lu, M., and Montague, B. Stealthy Deployment and Execution of In-Guest Kernel Agents. In BlackHat 2009."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.54"},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the 11th Annual Network and Distributed System Security Symposium","author":"Garfinkel T.","year":"2004","unstructured":"Garfinkel , T. , Pfaff , B. , and Rosenblum , M . Ostia: A Delegating Architecture for Secure System Call Interposition . In Proceedings of the 11th Annual Network and Distributed System Security Symposium ( 2004 ). Garfinkel, T., Pfaff, B., and Rosenblum, M. Ostia: A Delegating Architecture for Secure System Call Interposition. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (2004)."},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 10th Annual Network and Distributed Systems Security Symposium","author":"Garfinkel T.","year":"2003","unstructured":"Garfinkel , T. , and Rosenblum , M . A Virtual Machine Introspection Based Architecture for Intrusion Detection . In Proceedings of the 10th Annual Network and Distributed Systems Security Symposium ( 2003 ). Garfinkel, T., and Rosenblum, M. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the 10th Annual Network and Distributed Systems Security Symposium (2003)."},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the 6th USENIX Security Symposium","author":"Goldberg I.","year":"1996","unstructured":"Goldberg , I. , Wagner , D. , Thomas , R. , and Brewer , E. A . A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker . In Proceedings of the 6th USENIX Security Symposium ( 1996 ). Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A. A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker. In Proceedings of the 6th USENIX Security Symposium (1996)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_6"},{"key":"e_1_3_2_1_18_1","first-page":"3","volume":"10","author":"Intel","year":"2006","unstructured":"Intel . Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization. Intel(R) Technology Journal 10 , 3 ( 2006 ). Intel. Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization. Intel(R) Technology Journal 10, 3 (2006).","journal-title":"Technology Journal"},{"key":"e_1_3_2_1_19_1","first-page":"2","author":"Intel","year":"2010","unstructured":"Intel . Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3: System Programming Guide, Part 1 and Part 2 , ( 2010 ). Intel. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3: System Programming Guide, Part 1 and Part 2, (2010).","journal-title":"Part"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/1776434.1776450"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2011.26"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095820"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.15"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10772-6_14"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/191525.191541"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/844128.844162"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_32_1","volume-title":"N. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium","author":"Provos","year":"2003","unstructured":"Provos , N. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium ( 2003 ). Provos, N. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium (2003)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.38"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653720"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/47671.47673"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_3"},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 18th Annual Network and Distributed Systems Security Symposium","author":"Srivastava A.","year":"2011","unstructured":"Srivastava , A. , and Giffin , J . Efficient Monitoring of Untrusted Kernel-mode Execution . In Proceedings of the 18th Annual Network and Distributed Systems Security Symposium ( 2011 ). Srivastava, A., and Giffin, J. Efficient Monitoring of Untrusted Kernel-mode Execution. In Proceedings of the 18th Annual Network and Distributed Systems Security Symposium (2011)."},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the 7th Symposium on Operating Systems Design and Implementation","author":"Ta-Min R.","year":"2006","unstructured":"Ta-Min , R. , Litty , L. , and Lie , D . Splitting Interfaces: Making Trust between Applications and Operating Systems Configurable . In Proceedings of the 7th Symposium on Operating Systems Design and Implementation ( 2006 ). Ta-Min, R., Litty, L., and Lie, D. Splitting Interfaces: Making Trust between Applications and Operating Systems Configurable. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (2006)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.30"}],"event":{"name":"CCS'11: the ACM Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Chicago Illinois USA","acronym":"CCS'11"},"container-title":["Proceedings of the 18th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2046707.2046751","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2046707.2046751","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:48:42Z","timestamp":1750240122000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2046707.2046751"}},"subtitle":["an efficient \"out-of-VM\" approach for fine-grained process execution monitoring"],"short-title":[],"issued":{"date-parts":[[2011,10,17]]},"references-count":39,"alternative-id":["10.1145\/2046707.2046751","10.1145\/2046707"],"URL":"https:\/\/doi.org\/10.1145\/2046707.2046751","relation":{},"subject":[],"published":{"date-parts":[[2011,10,17]]},"assertion":[{"value":"2011-10-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}