{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:09:33Z","timestamp":1750306173687,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,10,24]],"date-time":"2016-10-24T00:00:00Z","timestamp":1477267200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["Discovery Grant"],"award-info":[{"award-number":["Discovery Grant"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978372","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T12:46:35Z","timestamp":1477399595000},"page":"945-957","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Hypnoguard"],"prefix":"10.1145","author":[{"given":"Lianying","family":"Zhao","sequence":"first","affiliation":[{"name":"Concordia University, Montreal, PQ, Canada"}]},{"given":"Mohammad","family":"Mannan","sequence":"additional","affiliation":[{"name":"Concordia University, Montreal, PQ, Canada"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"volume-title":"Advanced configuration and power interface specification. Revision 5.0a (Nov. 13","year":"2013","key":"e_1_3_2_1_1_1"},{"volume-title":"System programming. Technical article (May","year":"2013","author":"AMD.","key":"e_1_3_2_1_2_1"},{"volume-title":"Israel","year":"2013","author":"Anati I.","key":"e_1_3_2_1_3_1"},{"volume-title":"Microsoft may have your encryption key","year":"2015","author":"ArsTechnica","key":"e_1_3_2_1_4_1"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420961"},{"volume-title":"EFS and BitLocker. Secure Business Austria Research Lab. Technical report (Aug. 13","year":"2009","author":"B\u00f6ck B.","key":"e_1_3_2_1_6_1"},{"volume-title":"Hit by a bus: Physical access attacks with Firewire. Ruxcon","year":"2006","author":"Boileau A.","key":"e_1_3_2_1_7_1"},{"volume-title":"OpenSSL. Online article (Feb. 23","year":"2016","author":"Calomel","key":"e_1_3_2_1_8_1"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/IISWC.2009.5306782"},{"volume-title":"USENIX Security Symposium","year":"2005","author":"Chow J.","key":"e_1_3_2_1_10_1"},{"volume-title":"USA","year":"2008","author":"Clark J.","key":"e_1_3_2_1_11_1"},{"volume-title":"USA","year":"2008","author":"Czeskis A.","key":"e_1_3_2_1_12_1"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1824795.1824797"},{"key":"e_1_3_2_1_14_1","unstructured":"Elcomsoft.com. Elcomsoft forensic disk decryptor: Forensic access to encrypted BitLocker PGP and TrueCrypt disks and containers. https:\/\/www.elcomsoft.com\/efdd.html.  Elcomsoft.com. Elcomsoft forensic disk decryptor: Forensic access to encrypted BitLocker PGP and TrueCrypt disks and containers. https:\/\/www.elcomsoft.com\/efdd.html."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2011.5958202"},{"key":"e_1_3_2_1_16_1","unstructured":"Forensicswiki.org. Tools:memory imaging. http:\/\/www.forensicswiki.org\/wiki\/Tools:Memory_Imaging.  Forensicswiki.org. Tools:memory imaging. http:\/\/www.forensicswiki.org\/wiki\/Tools:Memory_Imaging."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2225048"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523656"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966445.1966447"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663348"},{"key":"e_1_3_2_1_21_1","unstructured":"Gov1.info. NSA ANT product catalog. https:\/\/nsa.gov1.info\/dni\/nsa-ant-catalog\/.  Gov1.info. NSA ANT product catalog. https:\/\/nsa.gov1.info\/dni\/nsa-ant-catalog\/."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2013.52"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23125"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.8"},{"volume-title":"USENIX Security Symp.","year":"2008","author":"Halderman J. A.","key":"e_1_3_2_1_25_1"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516717"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2566673"},{"key":"e_1_3_2_1_28_1","unstructured":"Horvath A. and Slocum J. M. Memory bandwidth benchmark. Open source project. https:\/\/github.com\/raas\/mbw.  Horvath A. and Slocum J. M. Memory bandwidth benchmark. Open source project. https:\/\/github.com\/raas\/mbw."},{"volume-title":"Workshop on Cryptographic Hardware and Embedded Systems (CHES'02)","year":"2002","author":"Huang A.","key":"e_1_3_2_1_29_1"},{"volume-title":"Intel Trusted Execution Technology (Intel TXT): Measured launched environment developer's guide. Technical article (July","year":"2015","author":"Intel","key":"e_1_3_2_1_30_1"},{"key":"e_1_3_2_1_31_1","unstructured":"Intel. Trusted boot (tboot). Version: 1.8.0. http:\/\/tboot.sourceforge.net\/.  Intel. Trusted boot (tboot). Version: 1.8.0. http:\/\/tboot.sourceforge.net\/."},{"volume-title":"May","year":"1997","author":"Intel","key":"e_1_3_2_1_32_1"},{"volume-title":"Technical details of the S3 resume boot script vulnerability. Technical report (July","year":"2015","author":"IntelSecurity","key":"e_1_3_2_1_33_1"},{"key":"e_1_3_2_1_34_1","unstructured":"iSECPartners. YoNTMA (you'll never take me alive!). https:\/\/github.com\/iSECPartners\/yontma.  iSECPartners. YoNTMA (you'll never take me alive!). https:\/\/github.com\/iSECPartners\/yontma."},{"volume-title":"Method and apparatus to re-create trust model after sleep state","year":"2011","author":"Kumar A.","key":"e_1_3_2_1_35_1"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/378993.379237"},{"key":"e_1_3_2_1_37_1","unstructured":"Maartmann-Moe C. Inception. PCI-based DMA attack tool. https:\/\/github.com\/carmaa\/inception.  Maartmann-Moe C. Inception. PCI-based DMA attack tool. https:\/\/github.com\/carmaa\/inception."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046712"},{"volume-title":"Switching between battery and external power sources","year":"2002","author":"Maximintegrated","key":"e_1_3_2_1_39_1"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352625"},{"volume-title":"BitLocker frequently asked questions (FAQ). Online article (June 10","year":"2014","author":"Microsoft","key":"e_1_3_2_1_41_1"},{"key":"e_1_3_2_1_42_1","unstructured":"Microsoft.com. ProtectKeyWithTPM method of the Win32_EncryptableVolume class. Online reference. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa376470(v=vs.85).aspx.  Microsoft.com. ProtectKeyWithTPM method of the Win32_EncryptableVolume class. Online reference. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa376470(v=vs.85).aspx."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1752046.1752053"},{"key":"e_1_3_2_1_44_1","first-page":"5","article-title":"A systematic assessment of the security of full disk encryption","volume":"12","author":"M\u00fcller T.","year":"2015","journal-title":"IEEE TDSC"},{"volume-title":"USENIX Security Symposium","year":"2011","author":"M\u00fcller T.","key":"e_1_3_2_1_45_1"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31284-7_5"},{"volume-title":"December","year":"2012","author":"Pancoast E. T.","key":"e_1_3_2_1_47_1"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/2060078"},{"volume-title":"A survey of computer power modes usage in a university population","year":"2014","author":"Pixley J. E.","key":"e_1_3_2_1_49_1"},{"volume-title":"System and method for providing secure authentication of devices awakened from powered sleep state","year":"2008","author":"Rodriguez F.","key":"e_1_3_2_1_51_1"},{"volume-title":"Intel AESNI sample library. Source code (May 11","year":"2011","author":"Rott J.","key":"e_1_3_2_1_52_1"},{"volume-title":"Black Hat USA","year":"2013","author":"Sevinsky R.","key":"e_1_3_2_1_53_1"},{"volume-title":"Black Hat USA","year":"2016","author":"Sharkey J.","key":"e_1_3_2_1_54_1"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2007.1010"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076743"},{"volume-title":"USA","year":"2012","author":"Tang Y.","key":"e_1_3_2_1_58_1"},{"volume-title":"Black Hat DC","year":"2010","author":"Tarnovsky C.","key":"e_1_3_2_1_59_1"},{"volume-title":"Level 2 Revision 116 (March 1","year":"2011","author":"Trusted Computing Group","key":"e_1_3_2_1_60_1"},{"volume-title":"Firmware Specification (June 27","year":"2001","author":"Usb","key":"e_1_3_2_1_61_1"},{"volume-title":"The effectiveness of remote wipe as a valid defense for enterprises implementing a BYOD policy. Master's thesis","year":"2014","author":"Uz A. S.","key":"e_1_3_2_1_62_1"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660316"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.36"},{"key":"e_1_3_2_1_65_1","unstructured":"Vidas T. AfterLife: USB based memory acquisition tool targeting \"warm boot\" machines with 4GB of RAM or less. http:\/\/sourceforge.net\/projects\/aftrlife\/.  Vidas T. AfterLife: USB based memory acquisition tool targeting \"warm boot\" machines with 4GB of RAM or less. http:\/\/sourceforge.net\/projects\/aftrlife\/."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2010.439"},{"volume-title":"Attacking UEFI boot script","year":"2014","author":"Wojtczuk R.","key":"e_1_3_2_1_67_1"},{"volume-title":"Another way to circumvent Intel Trusted Execution Technology: Tricking SENTER into misconfiguring VT-d via SINIT bug exploitation. Technical article (Dec","year":"2009","author":"Wojtczuk R.","key":"e_1_3_2_1_68_1"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2741948.2741977"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23258"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Vienna Austria","acronym":"CCS'16"},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978372","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978372","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:40:14Z","timestamp":1750218014000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978372"}},"subtitle":["Protecting Secrets across Sleep-wake Cycles"],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":68,"alternative-id":["10.1145\/2976749.2978372","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978372","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}