{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:16:13Z","timestamp":1763468173039,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2013,12,9]],"date-time":"2013-12-09T00:00:00Z","timestamp":1386547200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"VMware, Inc."},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1054629"],"award-info":[{"award-number":["1054629"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2013,12,9]]},"DOI":"10.1145\/2523649.2523664","type":"proceedings-article","created":{"date-parts":[[2014,1,6]],"date-time":"2014-01-06T20:44:07Z","timestamp":1389041047000},"page":"229-238","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Subverting system authentication with context-aware, reactive virtual machine introspection"],"prefix":"10.1145","author":[{"given":"Yangchun","family":"Fu","sequence":"first","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX"}]},{"given":"Kevin W.","family":"Hamlen","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX"}]}],"member":"320","published-online":{"date-parts":[[2013,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Amit N.","year":"2011","unstructured":"N. Amit , M. Ben-Yehuda , D. Tsafrir , and A. Schuster . vIOMMU: Efficient IOMMU emulation . In Proceedings of the USENIX Annual Technical Conference , 2011 . N. Amit, M. Ben-Yehuda, D. Tsafrir, and A. Schuster. vIOMMU: Efficient IOMMU emulation. In Proceedings of the USENIX Annual Technical Conference, 2011."},{"key":"e_1_3_2_1_2_1","unstructured":"Apache. Apache HTTP server benchmarking tool. http:\/\/httpd.apache.org\/docs\/2.2\/programs\/ab.html.  Apache. Apache HTTP server benchmarking tool. http:\/\/httpd.apache.org\/docs\/2.2\/programs\/ab.html."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2010.39"},{"key":"e_1_3_2_1_4_1","volume-title":"Ruxcon","author":"Boileau A.","year":"2006","unstructured":"A. Boileau . Hit by a bus: Physical access attacks with firewire . Ruxcon , 2006 . A. Boileau. Hit by a bus: Physical access attacks with firewire. Ruxcon, 2006."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/874075.876409"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/52.43044"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Defense Science Board. Report of the Defense Science Board Task Force on High Performance Microchip Supply. http:\/\/www.acq.osd.mil\/dsb\/reports\/ADA435563.pdf February 2005.  Defense Science Board. Report of the Defense Science Board Task Force on High Performance Microchip Supply. http:\/\/www.acq.osd.mil\/dsb\/reports\/ADA435563.pdf February 2005.","DOI":"10.21236\/ADA459527"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/829515.830554"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451512.2451534"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 10th Annual Network & Distributed System Security Symposium (NDSS)","author":"Garfinkel T.","year":"2003","unstructured":"T. Garfinkel and M. Rosenblum . A virtual machine introspection based architecture for intrusion detection . In Proceedings of the 10th Annual Network & Distributed System Security Symposium (NDSS) , 2003 . T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proceedings of the 10th Annual Network & Distributed System Security Symposium (NDSS), 2003."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945464"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_6"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 17th USENIX Security Symposium","author":"Halderman J. A.","year":"2008","unstructured":"J. A. Halderman , S. D. Schoen , N. Heninger , W. Clarkson , W. Paul , J. A. Calandrino , A. J. Feldman , J. Appelbaum , and E. W. Felten . Lest we remember: Cold-boot attacks on encryption keys . In Proceedings of the 17th USENIX Security Symposium , 2008 . J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold-boot attacks on encryption keys. In Proceedings of the 17th USENIX Security Symposium, 2008."},{"key":"e_1_3_2_1_18_1","unstructured":"Help Net Security. Encrypt and protect virtual machine images. http:\/\/www.net-security.org\/secworld.php?id=11825 2011.  Help Net Security. Encrypt and protect virtual machine images. http:\/\/www.net-security.org\/secworld.php?id=11825 2011."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.41"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Jones S. T.","year":"2006","unstructured":"S. T. Jones , A. C. Arpaci-Dusseau , and R. H. Arpaci-Dusseau . Antfarm: Tracking processes in a virtual machine environment . In Proceedings of the USENIX Annual Technical Conference , 2006 . S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau. Antfarm: Tracking processes in a virtual machine environment. In Proceedings of the USENIX Annual Technical Conference, 2006."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346269"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095820"},{"key":"e_1_3_2_1_24_1","first-page":"178","volume-title":"Proceedings of the 4th Virus Bulletin International Conference","author":"Kephart J.","year":"1994","unstructured":"J. Kephart and W. Arnold . Automatic extraction of computer virus signatures . In Proceedings of the 4th Virus Bulletin International Conference , pages 178 -- 184 , 1994 . J. Kephart and W. Arnold. Automatic extraction of computer virus signatures. In Proceedings of the 4th Virus Bulletin International Conference, pages 178--184, 1994."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/191177.191183"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.38"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/1387709.1387714"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 17th Annual Network & Distributed System Security Symposium (NDSS)","author":"Lin Z.","year":"2010","unstructured":"Z. Lin , X. Zhang , and D. Xu . Automatic reverse engineering of data structures from binary execution . In Proceedings of the 17th Annual Network & Distributed System Security Symposium (NDSS) , 2010 . Z. Lin, X. Zhang, and D. Xu. Automatic reverse engineering of data structures from binary execution. In Proceedings of the 17th Annual Network & Distributed System Security Symposium (NDSS), 2010."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1181309.1181311"},{"key":"e_1_3_2_1_30_1","unstructured":"Memcached. Memcached: a distributed memory object caching system. http:\/\/memcached.org.  Memcached. Memcached: a distributed memory object caching system. http:\/\/memcached.org."},{"key":"e_1_3_2_1_31_1","volume-title":"BitLocker drive encryption technical overview","author":"TechNet Microsoft","year":"2008","unstructured":"Microsoft TechNet . BitLocker drive encryption technical overview , 2008 . http:\/\/technet.microsoft.com\/en-us\/library\/cc732774.aspx. Microsoft TechNet. BitLocker drive encryption technical overview, 2008. http:\/\/technet.microsoft.com\/en-us\/library\/cc732774.aspx."},{"key":"e_1_3_2_1_32_1","volume-title":"Is full disk encryption without pre-boot secure? https:\/\/securosis.com\/blog\/firestarter-is-full-disk-encryption-without-pre-boot-secure","author":"Mogull R.","year":"2010","unstructured":"R. Mogull . FireStarter : Is full disk encryption without pre-boot secure? https:\/\/securosis.com\/blog\/firestarter-is-full-disk-encryption-without-pre-boot-secure , 2010 . R. Mogull. FireStarter: Is full disk encryption without pre-boot secure? https:\/\/securosis.com\/blog\/firestarter-is-full-disk-encryption-without-pre-boot-secure, 2010."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.5555\/2075658.2075669"},{"key":"e_1_3_2_1_36_1","volume-title":"The case of missing and lost laptops. Technical report","author":"Ponemon L.","year":"2008","unstructured":"L. Ponemon . Airport insecurity : The case of missing and lost laptops. Technical report , Ponemon Institute , 2008 . L. Ponemon. Airport insecurity: The case of missing and lost laptops. Technical report, Ponemon Institute, 2008."},{"key":"e_1_3_2_1_37_1","volume-title":"June","author":"Rutkowska J.","year":"2006","unstructured":"J. Rutkowska . Introducing Blue Pill , June 2006 . http:\/\/theinvisiblethings.blogspot.com\/2006\/06\/introducing-blue-pill.html. J. Rutkowska. Introducing Blue Pill, June 2006. http:\/\/theinvisiblethings.blogspot.com\/2006\/06\/introducing-blue-pill.html."},{"key":"e_1_3_2_1_38_1","unstructured":"Seagate. Maxtor basics personal storage 3200 (PS 3200) virus. http:\/\/knowledge.seagate.com\/articles\/en_US\/FAQ\/205131en.  Seagate. Maxtor basics personal storage 3200 (PS 3200) virus. http:\/\/knowledge.seagate.com\/articles\/en_US\/FAQ\/205131en."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653720"},{"key":"e_1_3_2_1_40_1","volume-title":"Proc. of USENIX Annual Technical Conference","author":"Sugerman J.","year":"2001","unstructured":"J. Sugerman , G. Venkitachalam , and B.-H. Lim . Virtualizing I\/O devices on VMware workstation's hosted virtual machine monitor . In Proc. of USENIX Annual Technical Conference , 2001 . J. Sugerman, G. Venkitachalam, and B.-H. Lim. Virtualizing I\/O devices on VMware workstation's hosted virtual machine monitor. In Proc. of USENIX Annual Technical Conference, 2001."},{"key":"e_1_3_2_1_41_1","unstructured":"TrueCrypt. TrueCrypt: Free open-source on-the-fly encryption. http:\/\/www.truecrypt.org 2012.  TrueCrypt. TrueCrypt: Free open-source on-the-fly encryption. http:\/\/www.truecrypt.org 2012."},{"key":"e_1_3_2_1_42_1","unstructured":"VMware. VMware vCenter converter. http:\/\/www.vmware.com\/products\/converter 2013.  VMware. VMware vCenter converter. http:\/\/www.vmware.com\/products\/converter 2013."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 5th European Workshop on System Security (EuroSec)","author":"Vogl S.","year":"2012","unstructured":"S. Vogl and C. Eckert . Using hardware performance events for instruction-level monitoring on the x86 architecture . In Proceedings of the 5th European Workshop on System Security (EuroSec) , 2012 . S. Vogl and C. Eckert. Using hardware performance events for instruction-level monitoring on the x86 architecture. In Proceedings of the 5th European Workshop on System Security (EuroSec), 2012."},{"key":"e_1_3_2_1_44_1","volume-title":"Black Hat Technical Security Conference","author":"Wojtczuk R.","year":"2008","unstructured":"R. Wojtczuk . Subverting the Xen hypervisor . In Black Hat Technical Security Conference , 2008 . R. Wojtczuk. Subverting the Xen hypervisor. In Black Hat Technical Security Conference, 2008."},{"key":"e_1_3_2_1_45_1","volume-title":"Proceedings of the 14th USENIX Security Symposium","author":"Yegneswaran V.","year":"2005","unstructured":"V. Yegneswaran , J. T. Giffin , P. Barford , and S. Jha . An architecture for generating semantics-aware signatures . In Proceedings of the 14th USENIX Security Symposium , 2005 . V. Yegneswaran, J. T. Giffin, P. Barford, and S. Jha. An architecture for generating semantics-aware signatures. In Proceedings of the 14th USENIX Security Symposium, 2005."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043576"},{"key":"e_1_3_2_1_47_1","volume-title":"July","author":"Zov D. A. D.","year":"2006","unstructured":"D. A. D. Zov . Hardware virtualization rootkits , July 2006 . http:\/\/www.theta44.org\/software\/HVM_Rootkits_ddz_bh-usa-06.pdf. D. A. D. Zov. Hardware virtualization rootkits, July 2006. http:\/\/www.theta44.org\/software\/HVM_Rootkits_ddz_bh-usa-06.pdf."}],"event":{"name":"ACSAC '13: Annual Computer Security Applications Conference","sponsor":["ACSA Applied Computing Security Assoc"],"location":"New Orleans Louisiana USA","acronym":"ACSAC '13"},"container-title":["Proceedings of the 29th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2523649.2523664","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2523649.2523664","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T07:34:03Z","timestamp":1750232043000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2523649.2523664"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,12,9]]},"references-count":46,"alternative-id":["10.1145\/2523649.2523664","10.1145\/2523649"],"URL":"https:\/\/doi.org\/10.1145\/2523649.2523664","relation":{},"subject":[],"published":{"date-parts":[[2013,12,9]]},"assertion":[{"value":"2013-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}