{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,20]],"date-time":"2026-04-20T10:37:19Z","timestamp":1776681439640,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,12,3]],"date-time":"2018-12-03T00:00:00Z","timestamp":1543795200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,12,3]]},"DOI":"10.1145\/3274694.3274698","type":"proceedings-article","created":{"date-parts":[[2018,12,4]],"date-time":"2018-12-04T13:07:01Z","timestamp":1543928821000},"page":"407-417","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Hiding in the Shadows"],"prefix":"10.1145","author":[{"given":"Sergej","family":"Proskurin","sequence":"first","affiliation":[{"name":"Technical University of Munich"}]},{"given":"Tamas","family":"Lengyel","sequence":"additional","affiliation":[{"name":"The Honeynet Project"}]},{"given":"Marius","family":"Momeu","sequence":"additional","affiliation":[{"name":"Technical University of Munich"}]},{"given":"Claudia","family":"Eckert","sequence":"additional","affiliation":[{"name":"Technical University of Munich"}]},{"given":"Apostolis","family":"Zarras","sequence":"additional","affiliation":[{"name":"Maastricht University"}]}],"member":"320","published-online":{"date-parts":[[2018,12,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"ARM. 2017. ARM Architecture Reference Manual ARMv8 for ARMv8-A Architecture Profile (DDI 0487C.a).  ARM. 2017. ARM Architecture Reference Manual ARMv8 for ARMv8-A Architecture Profile (DDI 0487C.a)."},{"key":"e_1_3_2_1_2_1","volume-title":"Efficient Detection of Split Personalities in Malware. In ISOC Network and Distributed System Security Symposium (NDSS).","author":"Balzarotti Davide","year":"2010"},{"key":"e_1_3_2_1_3_1","unstructured":"Bitdefender. 2018. Bitdefender. http:\/\/www.bitdefender.com\/.  Bitdefender. 2018. Bitdefender. http:\/\/www.bitdefender.com\/."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Robert Buhren Julian Vetter and Jan Nordholz. 2016. The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture.  Robert Buhren Julian Vetter and Jan Nordholz. 2016. The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture.","DOI":"10.1007\/978-3-319-50011-9_29"},{"key":"e_1_3_2_1_5_1","volume-title":"When Virtual Is Better Than Real. In USENIX Workshop on Hot Topics in Operating Systems (HotOS).","author":"Peter"},{"key":"e_1_3_2_1_6_1","volume-title":"Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN).","author":"Chen Xu","year":"2008"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523675"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_9_1","unstructured":"Ferrie Peter. 2007. Attacks on More Virtual Machine Emulators. Symantec Technology Exchange (2007).  Ferrie Peter. 2007. Attacks on More Virtual Machine Emulators. Symantec Technology Exchange (2007)."},{"key":"e_1_3_2_1_10_1","unstructured":"FireEye. 2018. FireEye. https:\/\/www.fireeye.com\/.  FireEye. 2018. FireEye. https:\/\/www.fireeye.com\/."},{"key":"e_1_3_2_1_11_1","volume-title":"Compatibility Is Not Transparency: VMM Detection Myths and Realities. In USENIX Workshop on Hot Topics in Operating Systems (HotOS).","author":"Garfinkel Tal","year":"2007"},{"key":"e_1_3_2_1_12_1","volume-title":"ISOC Network and Distributed System Security Symposium (NDSS).","author":"Garfinkel Tal","year":"2003"},{"key":"e_1_3_2_1_13_1","volume-title":"SPROBES: Enforcing Kernel Code Integrity on the TrustZone Architecture. In IEEE Mobile Security Technologies Workshop (MoST).","author":"Ge Xinyang","year":"2014"},{"key":"e_1_3_2_1_14_1","unstructured":"Tamas K Lengyel. 2016. Stealthy Monitoring With Xen Altp2m. https:\/\/blog.xenproject.org\/2016\/04\/13\/stealthy-monitoring-with-xen-altp2m.  Tamas K Lengyel. 2016. Stealthy Monitoring With Xen Altp2m. https:\/\/blog.xenproject.org\/2016\/04\/13\/stealthy-monitoring-with-xen-altp2m."},{"key":"e_1_3_2_1_15_1","volume-title":"Virtual Machine Introspection With Xen on ARM. In Workshop on Security in highly connected IT systems (SHCIS).","author":"Lengyel Tamas K.","year":"2015"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/DEXA.2014.68"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664252"},{"key":"e_1_3_2_1_18_1","unstructured":"LibVMI. 2018. LibVMI Virtual Machine Introspection. http:\/\/libvmi.com.  LibVMI. 2018. LibVMI Virtual Machine Introspection. http:\/\/libvmi.com."},{"key":"e_1_3_2_1_19_1","unstructured":"Linux Foundation. 2018. Xen Project. https:\/\/www.xenproject.org\/.  Linux Foundation. 2018. Xen Project. https:\/\/www.xenproject.org\/."},{"key":"e_1_3_2_1_20_1","volume-title":"Hypervisor Support for Identifying Covertly Executing Binaries. In USENIX Security Symposium.","author":"Lagar-Cavilla Lionel"},{"key":"e_1_3_2_1_21_1","volume-title":"USENIX Security Symposium.","author":"Ning Zhenyu","year":"2017"},{"key":"e_1_3_2_1_22_1","unstructured":"PaX Project. 2018. Pageexec. http:\/\/pax.grsecurity.net\/docs\/pageexec.txt.  PaX Project. 2018. Pageexec. http:\/\/pax.grsecurity.net\/docs\/pageexec.txt."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_24_1","volume-title":"Nitro: Hardware-Based System Call Tracing for Virtual Machines. In International Workshop on Advances in Information and Computer Security (IWSEC).","author":"Pfoh Jonas","year":"2011"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Sergej Proskurin Julian Kirsch and Apostolis Zarras. 2018. Follow the WhiteRabbit: Towards Consolidation of On-the-Fly Virtualization and Virtual Machine Introspection. In IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC).  Sergej Proskurin Julian Kirsch and Apostolis Zarras. 2018. Follow the WhiteRabbit: Towards Consolidation of On-the-Fly Virtualization and Virtual Machine Introspection. In IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC).","DOI":"10.1007\/978-3-319-99828-2_19"},{"key":"e_1_3_2_1_26_1","unstructured":"Rekall Forensics. 2018. Advanced Forensic and Incident Response Framework. http:\/\/www.rekall-forensic.com\/.  Rekall Forensics. 2018. Advanced Forensic and Incident Response Framework. http:\/\/www.rekall-forensic.com\/."},{"key":"e_1_3_2_1_27_1","volume-title":"Cardinal Pill Testing of System Virtual Machines. In USENIX Security Symposium.","author":"Shi Hao","year":"2014"},{"key":"e_1_3_2_1_28_1","volume-title":"Shadow Walker: Raising the Bar for Rootkit Detection. Black Hat, Japan","author":"Sparks Sherri","year":"2005"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23145"},{"key":"e_1_3_2_1_30_1","unstructured":"The Linux Kernel. 2018. Ftrace -- Function Tracer. https:\/\/www.kernel.org\/doc\/Documentation\/trace\/ftrace.txt.  The Linux Kernel. 2018. Ftrace -- Function Tracer. https:\/\/www.kernel.org\/doc\/Documentation\/trace\/ftrace.txt."},{"key":"e_1_3_2_1_31_1","unstructured":"Jacob Torrey. 2014. MoRE Shadow Walker: TLB-splitting on Modern X86. Black Hat USA (2014).  Jacob Torrey. 2014. MoRE Shadow Walker: TLB-splitting on Modern X86. Black Hat USA (2014)."},{"key":"e_1_3_2_1_32_1","unstructured":"VMRay. 2018. VMRay GmbH. https:\/\/www.vmray.com.  VMRay. 2018. VMRay GmbH. https:\/\/www.vmray.com."},{"key":"e_1_3_2_1_33_1","volume-title":"X-Tier: Kernel Module Injection. In International Conference on Network and System Security (NSS).","author":"Vogl Sebastian","year":"2013"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.2"},{"key":"e_1_3_2_1_35_1","unstructured":"Xen Project. 2018. Xen Security Advisory 203. https:\/\/xenbits.xen.org\/xsa\/advisory-203.html.  Xen Project. 2018. Xen Security Advisory 203. https:\/\/xenbits.xen.org\/xsa\/advisory-203.html."},{"key":"e_1_3_2_1_36_1","unstructured":"Xen Project. 2018. Xen Security Advisory 204. https:\/\/xenbits.xen.org\/xsa\/advisory-204.html.  Xen Project. 2018. Xen Security Advisory 204. https:\/\/xenbits.xen.org\/xsa\/advisory-204.html."},{"key":"e_1_3_2_1_37_1","volume-title":"DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In USENIX Security Symposium.","author":"Yan Lok Kwong","year":"2012"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.11"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2013.6575343"}],"event":{"name":"ACSAC '18: 2018 Annual Computer Security Applications Conference","location":"San Juan PR USA","acronym":"ACSAC '18","sponsor":["ACSA Applied Computing Security Assoc"]},"container-title":["Proceedings of the 34th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3274694.3274698","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3274694.3274698","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:57:56Z","timestamp":1750208276000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3274694.3274698"}},"subtitle":["Empowering ARM for Stealthy Virtual Machine Introspection"],"short-title":[],"issued":{"date-parts":[[2018,12,3]]},"references-count":39,"alternative-id":["10.1145\/3274694.3274698","10.1145\/3274694"],"URL":"https:\/\/doi.org\/10.1145\/3274694.3274698","relation":{},"subject":[],"published":{"date-parts":[[2018,12,3]]},"assertion":[{"value":"2018-12-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}