{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:51:21Z","timestamp":1763459481240,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,3,9]],"date-time":"2017-03-09T00:00:00Z","timestamp":1489017600000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF","award":["1453011"],"award-info":[{"award-number":["1453011"]}]},{"name":"NSA","award":["H98230-15-1-0271"],"award-info":[{"award-number":["H98230-15-1-0271"]}]},{"name":"AFOSR","award":["FA9550-14-1-0119"],"award-info":[{"award-number":["FA9550-14-1-0119"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,3,9]]},"DOI":"10.1145\/2857705.2857707","type":"proceedings-article","created":{"date-parts":[[2016,3,4]],"date-time":"2016-03-04T15:57:50Z","timestamp":1457107070000},"page":"62-72","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics"],"prefix":"10.1145","author":[{"given":"Yufei","family":"Gu","sequence":"first","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Richardson, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2016,3,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Elf file format. http:\/\/www.skyfree.org\/linux\/references\/ELF\\_Format.pdf."},{"key":"e_1_3_2_1_2_1","unstructured":"Microsoft security intelligence report. http:\/\/www.microsoft.com\/security\/sir\/strategy\/default. aspx\\#!section\\_3\\_3."},{"key":"e_1_3_2_1_3_1","unstructured":"Smp alternatives. http:\/\/lwn.net\/Articles\/164121\/."},{"key":"e_1_3_2_1_4_1","volume-title":"June","author":"Os","year":"2012","unstructured":"Os x mountain lion core technologies overview. http:\/\/movies.apple.com\/media\/us\/osx\/2012\/docs \/OSX\\_MountainLion\\_Core\\_Technologies\\_Overview.pdf, June 2012."},{"key":"e_1_3_2_1_5_1","volume-title":"Mar","author":"Linux","year":"2014","unstructured":"Linux 3.14. http:\/\/kernelnewbies.org\/Linux\\_3.14, Mar 2014."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699104"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2013.6575344"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.22"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455776"},{"key":"e_1_3_2_1_10_1","unstructured":"S. Designer. \"return-to-libc\" attack. Bugtraq August 1997."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653730"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786810"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523664"},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. Network and Distributed Systems Security Sym. (NDSS'03)","author":"Garfinkel T.","year":"2003","unstructured":"T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proc. Network and Distributed Systems Security Sym. (NDSS'03), February 2003."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2391229.2391234"},{"key":"e_1_3_2_1_16_1","author":"Gu Y.","year":"2014","unstructured":"Y. Gu, Y. Fu, A. Prakash, Z. Lin, and H. Yin. Multi-aspect, robust, and memory exclusive guest os fingerprinting. IEEE Transactions on Cloud Computing, 2014.","journal-title":"Multi-aspect, robust, and memory exclusive guest os fingerprinting. IEEE Transactions on Cloud Computing"},{"key":"e_1_3_2_1_17_1","volume-title":"Malware Memory Forensics Workshop (MMF)","author":"Kittel T.","year":"2014","unstructured":"T. Kittel, S. Vogl, T. K. Lengyel, J. Pfoh, and C. Eckert. Code validation for modern os kernels. In Malware Memory Forensics Workshop (MMF), December 2014."},{"key":"e_1_3_2_1_18_1","volume-title":"Proc. 18th Annual Network and Distributed System Security Sym. (NDSS'11)","author":"Lin Z.","year":"2011","unstructured":"Z. Lin, J. Rhee, X. Zhang, D. Xu, and X. Jiang. Siggraph: Brute force scanning of kernel data structure instances using graph-based signatures. In Proc. 18th Annual Network and Distributed System Security Sym. (NDSS'11), San Diego, CA, February 2011."},{"volume-title":"The advanced return-into-lib(c) exploits: Pax case study. Phrack, 10(58)","year":"2001","key":"e_1_3_2_1_19_1","unstructured":"Nergal. The advanced return-into-lib(c) exploits: Pax case study. Phrack, 10(58), 2001."},{"key":"e_1_3_2_1_20_1","volume-title":"Operating system fingerprinting for virtual machines","author":"Quynh N. A.","year":"2010","unstructured":"N. A. Quynh. Operating system fingerprinting for virtual machines, 2010. In DEFCON 18."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.16"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15506-2_15"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.05.013"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"e_1_3_2_1_27_1","unstructured":"P. Team. Pax address space layout randomization (aslr). http:\/\/pax.grsecurity.net\/docs\/aslr.txt."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11212-1_14"},{"key":"e_1_3_2_1_29_1","unstructured":"A. Walters. The volatility framework: Volatile memory artifact extraction utility framework. https:\/\/www.volatilesystems.com\/default\/volatility."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_25"}],"event":{"name":"CODASPY'16: Sixth ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"New Orleans Louisiana USA","acronym":"CODASPY'16"},"container-title":["Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2857705.2857707","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2857705.2857707","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2857705.2857707","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:47:03Z","timestamp":1763459223000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2857705.2857707"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,3,9]]},"references-count":30,"alternative-id":["10.1145\/2857705.2857707","10.1145\/2857705"],"URL":"https:\/\/doi.org\/10.1145\/2857705.2857707","relation":{},"subject":[],"published":{"date-parts":[[2016,3,9]]},"assertion":[{"value":"2016-03-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}