{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T14:35:41Z","timestamp":1775054141383,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2013,3,16]],"date-time":"2013-03-16T00:00:00Z","timestamp":1363392000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2013,3,16]]},"DOI":"10.1145\/2451512.2451534","type":"proceedings-article","created":{"date-parts":[[2013,3,19]],"date-time":"2013-03-19T09:34:53Z","timestamp":1363685693000},"page":"97-110","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["EXTERIOR"],"prefix":"10.1145","author":[{"given":"Yangchun","family":"Fu","sequence":"first","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2013,3,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"QEMU\n  : an open source processor emulator. http:\/\/www.qemu.org\/.  QEMU: an open source processor emulator. http:\/\/www.qemu.org\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Vprobe toolkit. https:\/\/github.com\/vmware\/vprobe-toolkit.  Vprobe toolkit. https:\/\/github.com\/vmware\/vprobe-toolkit."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2010.39"},{"key":"e_1_3_2_1_4_1","first-page":"105","volume-title":"Proceedings of the 12th USENIX Security Symposium","author":"Bhatkar E.","year":"2003","unstructured":"E. Bhatkar , D. C. Duvarney , and R. Sekar . Address obfuscation: an efficient approach to combat a broad range of memory error exploits . In Proceedings of the 12th USENIX Security Symposium , pages 105 -- 120 , 2003 . E. Bhatkar, D. C. Duvarney, and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105--120, 2003."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the annual conference on USENIX Annual Technical Conference","author":"Brown A. B.","year":"2003","unstructured":"A. B. Brown and D. A. Patterson . Undo for operators: building an undoable e-mail store . In Proceedings of the annual conference on USENIX Annual Technical Conference , San Antonio, Texas , 2003 . A. B. Brown and D. A. Patterson. Undo for operators: building an undoable e-mail store. In Proceedings of the annual conference on USENIX Annual Technical Conference, San Antonio, Texas, 2003."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043567"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/874075.876409"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346284"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 13th USENIX Security Symposium","author":"Chow J.","year":"2004","unstructured":"J. Chow , B. Pfaff , K. Christopher , and M. Rosenblum . Understanding data lifetime via whole-system simulation . In Proceedings of the 13th USENIX Security Symposium , 2004 . J. Chow, B. Pfaff, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole-system simulation. In Proceedings of the 13th USENIX Security Symposium, 2004."},{"key":"e_1_3_2_1_10_1","first-page":"273","volume-title":"Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation -","volume":"2","author":"Clark C.","year":"2005","unstructured":"C. Clark , K. Fraser , S. Hand , J. G. Hansen , E. Jul , C. Limpach , I. Pratt , and A. Warfield . Live migration of virtual machines . In Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2 , NSDI'05, pages 273 -- 286 . USENIX Association , 2005 . C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Warfield. Live migration of virtual machines. In Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2, NSDI'05, pages 273--286. USENIX Association, 2005."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653730"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings Network and Distributed Systems Security Symposium (NDSS'03)","author":"Garfinkel T.","year":"2003","unstructured":"T. Garfinkel and M. Rosenblum . A virtual machine introspection based architecture for intrusion detection . In Proceedings Network and Distributed Systems Security Symposium (NDSS'03) , February 2003 . T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proceedings Network and Distributed Systems Security Symposium (NDSS'03), February 2003."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945464"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS-XI)","author":"Garfinkel T.","year":"2007","unstructured":"T. Garfinkel , K. Adams , A. Warfield , and J. Franklin . Compatibility is Not Transparency: VMM Detection Myths and Realities . In Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS-XI) , May 2007 . T. Garfinkel, K. Adams, A. Warfield, and J. Franklin. Compatibility is Not Transparency: VMM Detection Myths and Realities. In Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS-XI), May 2007."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.1974.6323581"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2391229.2391234"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2011.26"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950398"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.16"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the annual conference on USENIX '06 Annual Technical Conference","author":"Jones S. T.","year":"2006","unstructured":"S. T. Jones , A. C. Arpaci-Dusseau , and R. H. Arpaci-Dusseau . Antfarm: tracking processes in a virtual machine environment . In Proceedings of the annual conference on USENIX '06 Annual Technical Conference , Boston, MA , 2006 . USENIX Association. S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau. Antfarm: tracking processes in a virtual machine environment. In Proceedings of the annual conference on USENIX '06 Annual Technical Conference, Boston, MA, 2006. USENIX Association."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346269"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095820"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.38"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.19"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 2009 Network and Distributed System Security Symposium","author":"Lanzi A.","year":"2009","unstructured":"A. Lanzi , M. I. Sharif , and W. Lee . K-tracer: A system for extracting kernel malware behavior . In Proceedings of the 2009 Network and Distributed System Security Symposium , San Diego, California, USA ,, 2009 . A. Lanzi, M. I. Sharif, and W. Lee. K-tracer: A system for extracting kernel malware behavior. In Proceedings of the 2009 Network and Distributed System Security Symposium, San Diego, California, USA,, 2009."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)","author":"Lin Z.","year":"2008","unstructured":"Z. Lin , X. Jiang , D. Xu , and X. Zhang . Automatic protocol format reverse engineering through context-aware monitored execution . In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08) , San Diego, CA , February 2008 . Z. Lin, X. Jiang, D. Xu, and X. Zhang. Automatic protocol format reverse engineering through context-aware monitored execution. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02918-9_7"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11)","author":"Lin Z.","year":"2011","unstructured":"Z. Lin , J. Rhee , X. Zhang , D. Xu , and X. Jiang . Siggraph: Brute force scanning of kernel data structure instances using graph-based signatures . In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11) , San Diego, CA , February 2011 . Z. Lin, J. Rhee, X. Zhang, D. Xu, and X. Jiang. Siggraph: Brute force scanning of kernel data structure instances using graph-based signatures. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11), San Diego, CA, February 2011."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1181309.1181311"},{"key":"e_1_3_2_1_35_1","first-page":"95","volume-title":"In Proceedings of Network and Distributed Systems Security Symposium","author":"Locasto M. E.","year":"2006","unstructured":"M. E. Locasto , S. Sidiroglou , and A. D. Keromytis . Software selfhealing using collaborative application communities . In In Proceedings of Network and Distributed Systems Security Symposium , pages 95 -- 106 , 2006 . M. E. Locasto, S. Sidiroglou, and A. D. Keromytis. Software selfhealing using collaborative application communities. In In Proceedings of Network and Distributed Systems Security Symposium, pages 95--106, 2006."},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS'05)","author":"Newsome J.","year":"2005","unstructured":"J. Newsome and D. Song . Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software . In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS'05) , San Diego, CA , February 2005 . J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS'05), San Diego, CA, February 2005."},{"key":"e_1_3_2_1_37_1","first-page":"5555","volume-title":"Proceedings of the 19th USENIX conference on Security, USENIX Security'10","author":"Paleari R.","year":"2010","unstructured":"R. Paleari , L. Martignoni , E. Passerini , D. Davidson , M. Fredrikson , J. Giffin , and S. Jha . Automatic generation of remediation procedures for malware infections . In Proceedings of the 19th USENIX conference on Security, USENIX Security'10 , Washington, DC , 2010 . ISBN 888-7-6666- 5555 - 5554 . R. Paleari, L. Martignoni, E. Passerini, D. Davidson, M. Fredrikson, J. Giffin, and S. Jha. Automatic generation of remediation procedures for malware infections. In Proceedings of the 19th USENIX conference on Security, USENIX Security'10, Washington, DC, 2010. ISBN 888-7-6666-5555-4."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_40_1","first-page":"179","volume-title":"Proceedings of the 13th USENIX Security Symposium","author":"Petroni N. L.","year":"2004","unstructured":"N. L. Petroni , Jr., T. Fraser , J. Molina , and W. A. Arbaugh . Copilot - A coprocessor-based kernel runtime integrity monitor . In Proceedings of the 13th USENIX Security Symposium , pages 179 -- 194 , San Diego, CA , August 2004 . N. L. Petroni, Jr., T. Fraser, J. Molina, and W. A. Arbaugh. Copilot - A coprocessor-based kernel runtime integrity monitor. In Proceedings of the 13th USENIX Security Symposium, pages 179--194, San Diego, CA, August 2004."},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 15th USENIX Security Symposium","author":"Petroni N. L.","year":"2006","unstructured":"N. L. Petroni , Jr., T. Fraser , A. Walters , and W. A. Arbaugh . An architecture for specification-based detection of semantic integrity violations in kernel dynamic data . In Proceedings of the 15th USENIX Security Symposium , Vancouver, B.C., Canada , August 2006 . USENIX Association. N. L. Petroni, Jr., T. Fraser, A. Walters, and W. A. Arbaugh. An architecture for specification-based detection of semantic integrity violations in kernel dynamic data. In Proceedings of the 15th USENIX Security Symposium, Vancouver, B.C., Canada, August 2006. USENIX Association."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315260"},{"key":"e_1_3_2_1_43_1","volume-title":"Operating system fingerprinting for virtual machines","author":"Quynh N. A.","year":"2010","unstructured":"N. A. Quynh . Operating system fingerprinting for virtual machines , 2010 . In DEFCON 18. N. A. Quynh. Operating system fingerprinting for virtual machines, 2010. In DEFCON 18."},{"key":"e_1_3_2_1_44_1","volume-title":"June","author":"Rutkowska J.","year":"2006","unstructured":"J. Rutkowska . Introducing blue pill , June 2006 . http:\/\/theinvisiblethings.blogspot.com\/2006\/06\/introducing-bluepill.html. J. Rutkowska. Introducing blue pill, June 2006. http:\/\/theinvisiblethings.blogspot.com\/2006\/06\/introducing-bluepill.html."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1508244.1508250"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653728"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.5555\/1060289.1060308"},{"key":"e_1_3_2_1_48_1","first-page":"260","volume-title":"Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS'03)","author":"Xu J.","year":"2003","unstructured":"J. Xu , Z. Kalbarczyk , and R. K. Iyer . Transparent runtime randomization for security . In Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS'03) , pages 260 -- 269 . IEEE Computer Society , 2003 . J. Xu, Z. Kalbarczyk, and R. K. Iyer. Transparent runtime randomization for security. In Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS'03), pages 260--269. IEEE Computer Society, 2003."},{"key":"e_1_3_2_1_49_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium","author":"Yin H.","year":"2008","unstructured":"H. Yin , Z. Liang , and D. Song . Hookfinder: Identifying and understanding malware hooking behaviors . In Proceedings of the Network and Distributed System Security Symposium , 2008 . H. Yin, Z. Liang, and D. Song. Hookfinder: Identifying and understanding malware hooking behaviors. In Proceedings of the Network and Distributed System Security Symposium, 2008."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043576"}],"event":{"name":"VEE '13: ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments","location":"Houston Texas USA","acronym":"VEE '13","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 9th ACM SIGPLAN\/SIGOPS international conference on Virtual execution environments"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2451512.2451534","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2451512.2451534","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:35:18Z","timestamp":1750221318000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2451512.2451534"}},"subtitle":["using a dual-VM based external shell for guest-OS introspection, configuration, and recovery"],"short-title":[],"issued":{"date-parts":[[2013,3,16]]},"references-count":49,"alternative-id":["10.1145\/2451512.2451534","10.1145\/2451512"],"URL":"https:\/\/doi.org\/10.1145\/2451512.2451534","relation":{"is-identical-to":[{"id-type":"doi","id":"10.1145\/2517326.2451534","asserted-by":"object"}]},"subject":[],"published":{"date-parts":[[2013,3,16]]},"assertion":[{"value":"2013-03-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}