{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:15:18Z","timestamp":1763468118756,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,10,14]],"date-time":"2012-10-14T00:00:00Z","timestamp":1350172800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1.02E+13"],"award-info":[{"award-number":["1.02E+13"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,10,14]]},"DOI":"10.1145\/2391229.2391234","type":"proceedings-article","created":{"date-parts":[[2012,11,13]],"date-time":"2012-11-13T15:04:07Z","timestamp":1352819047000},"page":"1-13","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["OS-Sommelier"],"prefix":"10.1145","author":[{"given":"Yufei","family":"Gu","sequence":"first","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX"}]},{"given":"Yangchun","family":"Fu","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX"}]},{"given":"Aravind","family":"Prakash","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX"}]},{"given":"Heng","family":"Yin","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY"}]}],"member":"320","published-online":{"date-parts":[[2012,10,14]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"QEMU\n  : an open source processor emulator. http:\/\/www.qemu.org\/.  QEMU: an open source processor emulator. http:\/\/www.qemu.org\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Xed: X86 encoder decoder. http:\/\/www.pintool.org\/docs\/24110\/Xed\/html\/.  Xed: X86 encoder decoder. http:\/\/www.pintool.org\/docs\/24110\/Xed\/html\/."},{"key":"e_1_3_2_1_3_1","volume-title":"July","author":"Arkin O.","year":"2003","unstructured":"O. Arkin , F. Yarochkin , and M. Kydyraliev . The present and future of xprobe2: The next generation of active operating system fingerprinting. sys-security group , July 2003 . O. Arkin, F. Yarochkin, and M. Kydyraliev. The present and future of xprobe2: The next generation of active operating system fingerprinting. sys-security group, July 2003."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866313"},{"key":"e_1_3_2_1_5_1","first-page":"105","volume-title":"Proceedings of the 12th USENIX Security Symposium","author":"Bhatkar E.","year":"2003","unstructured":"E. Bhatkar , D. C. Duvarney , and R. Sekar . Address obfuscation: an efficient approach to combat a broad range of memory error exploits . In Proceedings of the 12th USENIX Security Symposium , pages 105 -- 120 , 2003 . E. Bhatkar, D. C. Duvarney, and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105--120, 2003."},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of the 14th Conference on USENIX Security Symposium","author":"Bhatkar S.","year":"2005","unstructured":"S. Bhatkar , R. Sekar , and D. C. DuVarney . Efficient techniques for comprehensive protection from memory error exploits . In Proceedings of the 14th Conference on USENIX Security Symposium , Baltimore, MD , 2005 . USENIX Association. S. Bhatkar, R. Sekar, and D. C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In Proceedings of the 14th Conference on USENIX Security Symposium, Baltimore, MD, 2005. USENIX Association."},{"key":"e_1_3_2_1_7_1","volume-title":"Understanding The Linux Kernel","author":"Bovet D.","year":"2005","unstructured":"D. Bovet and M. Cesati . Understanding The Linux Kernel . Oreilly & Associates Inc ., 2005 . D. Bovet and M. Cesati. Understanding The Linux Kernel. Oreilly & Associates Inc., 2005."},{"key":"e_1_3_2_1_8_1","first-page":"133","volume-title":"Proceedings of the Eighth Workshop on Hot Topics in Operating Systems","author":"Chen P. M.","unstructured":"P. M. Chen and B. D. Noble . When virtual is better than real . In Proceedings of the Eighth Workshop on Hot Topics in Operating Systems , pages 133 --, 2001. P. M. Chen and B. D. Noble. When virtual is better than real. In Proceedings of the Eighth Workshop on Hot Topics in Operating Systems, pages 133--, 2001."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346284"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655022"},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the USENIX","author":"Comer D. E.","year":"1994","unstructured":"D. E. Comer and J. C. Lin . Probing tcp implementations . In Proceedings of the USENIX Summer 1994 Technical Conference, Boston, Massachusetts , 1994. D. E. Comer and J. C. Lin. Probing tcp implementations. In Proceedings of the USENIX Summer 1994 Technical Conference, Boston, Massachusetts, 1994."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.05.002"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653730"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"volume-title":"January","year":"2007","key":"e_1_3_2_1_15_1","unstructured":"Fyodor. Remote os detection via TCP\/IP fingerprinting (2nd generation). insecure.org , January 2007 . http:\/\/insecure.org\/nmap\/osdetect\/. Fyodor. Remote os detection via TCP\/IP fingerprinting (2nd generation). insecure.org, January 2007. http:\/\/insecure.org\/nmap\/osdetect\/."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/1323276.1323282"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.05.014"},{"key":"e_1_3_2_1_18_1","unstructured":"Intel-64 and IA-32 Architectures Software Developer's Manual Combined Volumes 3A 3B and 3C: System Programming Guide Parts 1 and 2: 11--28.  Intel-64 and IA-32 Architectures Software Developer's Manual Combined Volumes 3A 3B and 3C: System Programming Guide Parts 1 and 2: 11--28."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_20_1","unstructured":"R. W. Jones and M. Booth. Virt-inspector - display operating system version and other information about a virtual machine. http:\/\/libguestfs.org\/virt-inspector.1.html.  R. W. Jones and M. Booth. Virt-inspector - display operating system version and other information about a virtual machine. http:\/\/libguestfs.org\/virt-inspector.1.html."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1137\/0206024"},{"key":"e_1_3_2_1_22_1","volume-title":"Proceedings of the 13th conference on USENIX Security Symposium -","volume":"13","author":"Kruegel C.","year":"2004","unstructured":"C. Kruegel , W. Robertson , F. Valeur , and G. Vigna . Static disassembly of obfuscated binaries . In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 , San Diego, CA , 2004 . C. Kruegel, W. Robertson, F. Valeur, and G. Vigna. Static disassembly of obfuscated binaries. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, San Diego, CA, 2004."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11)","author":"Lin Z.","year":"2011","unstructured":"Z. Lin , J. Rhee , X. Zhang , D. Xu , and X. Jiang . Siggraph: Brute force scanning of kernel data structure instances using graph-based signatures . In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11) , San Diego, CA , February 2011 . Z. Lin, J. Rhee, X. Zhang, D. Xu, and X. Jiang. Siggraph: Brute force scanning of kernel data structure instances using graph-based signatures. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11), San Diego, CA, February 2011."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.17"},{"key":"e_1_3_2_1_25_1","unstructured":"Hot Patching and Detouring http:\/\/www.ragestorm.net\/blogs\/?p=17.  Hot Patching and Detouring http:\/\/www.ragestorm.net\/blogs\/?p=17."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/263105.263160"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-009-0134-4"},{"key":"e_1_3_2_1_30_1","volume-title":"Operating system fingerprinting for virtual machines","author":"Quynh N. A.","year":"2010","unstructured":"N. A. Quynh . Operating system fingerprinting for virtual machines , 2010 . In DEFCON 18. N. A. Quynh. Operating system fingerprinting for virtual machines, 2010. In DEFCON 18."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/882506.885138"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_31"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251306.1251323"},{"key":"e_1_3_2_1_35_1","volume-title":"Honeynet Project","author":"Smith C.","year":"2002","unstructured":"C. Smith and P. Grundl . Know your enemy: Passive fingerprinting. identifying remote hosts without them knowing. Technical report , Honeynet Project , 2002 . C. Smith and P. Grundl. Know your enemy: Passive fingerprinting. identifying remote hosts without them knowing. Technical report, Honeynet Project, 2002."},{"key":"e_1_3_2_1_36_1","volume-title":"Black Hat Technical Security Conf.","author":"Sotirov A.","year":"2006","unstructured":"A. Sotirov . Hotpatching and the rise of third-party patches . In Black Hat Technical Security Conf. , Las Vegas, Nevada , August 2006 . A. Sotirov. Hotpatching and the rise of third-party patches. In Black Hat Technical Security Conf., Las Vegas, Nevada, August 2006."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046751"},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the Canada Security West Conference (CanSecWest '04)","author":"Taleck G.","year":"2004","unstructured":"G. Taleck . Synscan : Towards complete tcp\/ip fingerprinting . In Proceedings of the Canada Security West Conference (CanSecWest '04) , Vancouver B.C., Canada , 2004 . G. Taleck. Synscan: Towards complete tcp\/ip fingerprinting. In Proceedings of the Canada Security West Conference (CanSecWest '04), Vancouver B.C., Canada, 2004."},{"key":"e_1_3_2_1_39_1","unstructured":"P. Team. Pax address space layout randomization (aslr). http:\/\/pax.grsecurity.net\/docs\/aslr.txt.  P. Team. Pax address space layout randomization (aslr). http:\/\/pax.grsecurity.net\/docs\/aslr.txt."},{"key":"e_1_3_2_1_40_1","unstructured":"A. Walters. The volatility framework: Volatile memory artifact extraction utility framework. https:\/\/www.volatilesystems.com\/default\/volatility.  A. Walters. The volatility framework: Volatile memory artifact extraction utility framework. https:\/\/www.volatilesystems.com\/default\/volatility."},{"key":"e_1_3_2_1_41_1","first-page":"260","volume-title":"Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS'03)","author":"Xu J.","year":"2003","unstructured":"J. Xu , Z. Kalbarczyk , and R. K. Iyer . Transparent runtime randomization for security . In Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS'03) , pages 260 -- 269 . IEEE Computer Society , 2003 . J. Xu, Z. Kalbarczyk, and R. K. Iyer. Transparent runtime randomization for security. In Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS'03), pages 260--269. IEEE Computer Society, 2003."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2009.5270338"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043576"}],"event":{"name":"SOCC '12: ACM Symposium on Cloud Computing","sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGOPS ACM Special Interest Group on Operating Systems"],"location":"San Jose California","acronym":"SOCC '12"},"container-title":["Proceedings of the Third ACM Symposium on Cloud Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2391229.2391234","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2391229.2391234","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:34:32Z","timestamp":1750239272000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2391229.2391234"}},"subtitle":["memory-only operating system fingerprinting in the cloud"],"short-title":[],"issued":{"date-parts":[[2012,10,14]]},"references-count":43,"alternative-id":["10.1145\/2391229.2391234","10.1145\/2391229"],"URL":"https:\/\/doi.org\/10.1145\/2391229.2391234","relation":{},"subject":[],"published":{"date-parts":[[2012,10,14]]},"assertion":[{"value":"2012-10-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}