{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:08:26Z","timestamp":1750306106633,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1464121"],"award-info":[{"award-number":["CNS-1464121"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3139923.3139924","type":"proceedings-article","created":{"date-parts":[[2017,10,31]],"date-time":"2017-10-31T14:58:58Z","timestamp":1509461938000},"page":"13-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Using VisorFlow to Control Information Flow without Modifying the Operating System Kernel or its Userspace"],"prefix":"10.1145","author":[{"given":"Matt","family":"Shockley","sequence":"first","affiliation":[{"name":"United States Military Academy, West Point, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chris","family":"Maixner","sequence":"additional","affiliation":[{"name":"United States Military Academy, West Point, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ryan","family":"Johnson","sequence":"additional","affiliation":[{"name":"United States Army Cyber School, Fort Gordon, GA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mitch","family":"DeRidder","sequence":"additional","affiliation":[{"name":"United States Military Academy, West Point, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"W. Michael","family":"Petullo","sequence":"additional","affiliation":[{"name":"United States Military Academy, West Point, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Dr. Memory. http:\/\/drmemory.org\/ [Accessed May 8 2017].  Dr. Memory. http:\/\/drmemory.org\/ [Accessed May 8 2017]."},{"key":"e_1_3_2_1_2_1","unstructured":"The netfilter.org project. https:\/\/www.netfilter.org\/ [Accessed May 24 2017].  The netfilter.org project. https:\/\/www.netfilter.org\/ [Accessed May 24 2017]."},{"key":"e_1_3_2_1_3_1","unstructured":"perlsec. http:\/\/perldoc.perl.org\/perlsec.html [Accessed Jul 4 2016].  perlsec. http:\/\/perldoc.perl.org\/perlsec.html [Accessed Jul 4 2016]."},{"key":"e_1_3_2_1_4_1","unstructured":"ReactOS project. https:\/\/www.reactos.org\/ [Accessed Apr 20 2017].  ReactOS project. https:\/\/www.reactos.org\/ [Accessed Apr 20 2017]."},{"volume-title":"Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET 2009)","year":"2009","author":"Adams W. J.","key":"e_1_3_2_1_5_1"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_3_2_1_7_1","first-page":"2003","author":"Bellovin S.","year":"2016","journal-title":"Accessed"},{"key":"e_1_3_2_1_8_1","unstructured":"shape Chappell G. http:\/\/www.geoffchappell.com\/studies\/windows\/win32\/ntdll\/structs\/teb\/index.htm [Accessed May 8 2017].  shape Chappell G. http:\/\/www.geoffchappell.com\/studies\/windows\/win32\/ntdll\/structs\/teb\/index.htm [Accessed May 8 2017]."},{"key":"e_1_3_2_1_9_1","first-page":"2013","author":"Cisco Systems","year":"2016","journal-title":"Accessed"},{"key":"e_1_3_2_1_10_1","unstructured":"shape Cohen M. Stuettgen J. Sanchez J. Bushkov M. Metz J. and Sindelar A. Rekall memory forensic framework. http:\/\/www.rekall-forensic.com\/ [Accessed Apr 20 2017].  shape Cohen M. Stuettgen J. Sanchez J. Bushkov M. Metz J. and Sindelar A. Rekall memory forensic framework. http:\/\/www.rekall-forensic.com\/ [Accessed Apr 20 2017]."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523675"},{"key":"e_1_3_2_1_12_1","unstructured":"shape Designer S. NT syscalls insecurity. http:\/\/insecure.org\/sploits\/NT.syscalls.vulnerability.html [Accessed May 8 2017].  shape Designer S. NT syscalls insecurity. http:\/\/insecure.org\/sploits\/NT.syscalls.vulnerability.html [Accessed May 8 2017]."},{"volume-title":"Proc. Network and Distributed Systems Security Symposium (February","year":"2003","author":"Garfinkel T.","key":"e_1_3_2_1_13_1"},{"volume-title":"Proc. of the Symp. on Network and Distributed Systems Security (NDSS) (Feb.","year":"2003","author":"Garfinkel T.","key":"e_1_3_2_1_14_1"},{"volume-title":"Proc. of the USENIX Security Symposium","year":"1996","author":"Goldberg I.","key":"e_1_3_2_1_15_1"},{"key":"e_1_3_2_1_16_1","series-title":"NATO Science for Peace and Security Series - D: Information and Communication Security","first-page":"319","volume-title":"Software Safety and Security - Tools for Analysis and Verification","author":"Hedin D.","year":"2012"},{"key":"e_1_3_2_1_17_1","unstructured":"shape Huber R. Syscall auditing at scale.  shape Huber R. Syscall auditing at scale."},{"key":"e_1_3_2_1_18_1","first-page":"2009","author":"Johns M. S.","year":"2016","journal-title":"Accessed"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2995959.2995960"},{"key":"e_1_3_2_1_20_1","first-page":"1991","author":"Kent S.","year":"2016","journal-title":"Accessed"},{"key":"e_1_3_2_1_21_1","first-page":"225","volume-title":"Ottawa Linux Symposium (OLS)","author":"Kivity A.","year":"2007"},{"key":"e_1_3_2_1_22_1","unstructured":"shape Lengyel T. K. Stealthy monitoring with Xen altp2m.  shape Lengyel T. K. Stealthy monitoring with Xen altp2m."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664252"},{"volume-title":"Wiley Publishing","year":"2014","author":"Ligh M. H.","key":"e_1_3_2_1_24_1"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/647054.715771"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.4380220805"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.111"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/363516.363526"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.2172\/1055635"},{"volume-title":"Proceedings of the 2016 USENIX Workshop on Advances in Security Education","year":"2016","author":"Petullo W. M.","key":"e_1_3_2_1_30_1"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/244804.244807"},{"key":"e_1_3_2_1_32_1","first-page":"1","volume":"22","author":"Russinovich M.","year":"1997","journal-title":"Dr. Dobb\u00bbs Journal of Software Tools"},{"volume-title":"Microsoft Press","year":"2012","author":"Russinovich M. E.","key":"e_1_3_2_1_33_1"},{"volume-title":"Proc. Ottawa Linux Symposium","year":"2008","author":"Schaufler C.","key":"e_1_3_2_1_34_1"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2002.1173063"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2856126"},{"volume-title":"Proc. of the USENIX Security Symposium","year":"2014","author":"Stock B.","key":"e_1_3_2_1_37_1"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-06608-0_23"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2002.993768"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267308.1267327"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Dallas Texas USA","acronym":"CCS '17"},"container-title":["Proceedings of the 2017 International Workshop on Managing Insider Security Threats"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3139923.3139924","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3139923.3139924","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3139923.3139924","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:39Z","timestamp":1750217439000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3139923.3139924"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":41,"alternative-id":["10.1145\/3139923.3139924","10.1145\/3139923"],"URL":"https:\/\/doi.org\/10.1145\/3139923.3139924","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}