{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:27:27Z","timestamp":1750220847650,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":75,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359792","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"762-775","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Survivor"],"prefix":"10.1145","author":[{"given":"Ronny","family":"Chevalier","sequence":"first","affiliation":[{"name":"Inria, CNRS, IRISA"}]},{"given":"David","family":"Plaquin","sequence":"additional","affiliation":[{"name":"HP Labs"}]},{"given":"Chris","family":"Dalton","sequence":"additional","affiliation":[{"name":"HP Labs"}]},{"given":"Guillaume","family":"Hiet","sequence":"additional","affiliation":[{"name":"Inria, CNRS, IRISA"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1539-6924.2008.01030.x"},{"volume-title":"Retrieved","year":"2019","key":"e_1_3_2_1_2_1","unstructured":"apache 2019 . Apache HTTP Server . Retrieved September 20, 2019 from https:\/\/httpd.apache.org\/ apache 2019. Apache HTTP Server. Retrieved September 20, 2019 from https:\/\/httpd.apache.org\/"},{"volume-title":"Retrieved","year":"2019","key":"e_1_3_2_1_3_1","unstructured":"audit 2019 . The Linux Audit Project . Retrieved September 20, 2019 from https:\/\/github.com\/linux-audit\/ audit 2019. The Linux Audit Project. Retrieved September 20, 2019 from https:\/\/github.com\/linux-audit\/"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660350"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45248-5_8"},{"key":"e_1_3_2_1_6_1","unstructured":"Sean Barnum. 2014. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX).  Sean Barnum. 2014. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX)."},{"volume-title":"Retrieved","year":"2019","key":"e_1_3_2_1_7_1","unstructured":"beanstalkd 2019 . beanstalkd . Retrieved September 20, 2019 from https:\/\/kr.github.io\/beanstalkd\/ beanstalkd 2019. beanstalkd. Retrieved September 20, 2019 from https:\/\/kr.github.io\/beanstalkd\/"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2008.4630086"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134622"},{"key":"e_1_3_2_1_10_1","volume-title":"Seccomp and sandboxing. LWN (13","author":"Corbet Jonathan","year":"2009","unstructured":"Jonathan Corbet . 2009. Seccomp and sandboxing. LWN (13 May 2009 ). https:\/\/lwn.net\/Articles\/332974\/ Jonathan Corbet. 2009. Seccomp and sandboxing. LWN (13 May 2009). https:\/\/lwn.net\/Articles\/332974\/"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00054"},{"key":"e_1_3_2_1_12_1","volume-title":"Retrieved","author":"CRIU","year":"2018","unstructured":"CRIU 2018 . CRIU . Retrieved September 20, 2019 from https:\/\/criu.org\/ CRIU 2018. CRIU. Retrieved September 20, 2019 from https:\/\/criu.org\/"},{"key":"e_1_3_2_1_13_1","volume-title":"Retrieved","author":"LLC.","year":"2019","unstructured":"CryptoDrop, LLC. 2019 . CryptoDrop . Retrieved September 20, 2019 from https:\/\/www.cryptodrop.org\/ CryptoDrop, LLC. 2019. CryptoDrop. Retrieved September 20, 2019 from https:\/\/www.cryptodrop.org\/"},{"volume-title":"Retrieved","year":"2019","key":"e_1_3_2_1_14_1","unstructured":"dbus 2019 . D-Bus . Retrieved September 20, 2019 from https:\/\/www.freedesktop.org\/wiki\/Software\/dbus\/ dbus 2019. D-Bus. Retrieved September 20, 2019 from https:\/\/www.freedesktop.org\/wiki\/Software\/dbus\/"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2011.06.018"},{"key":"e_1_3_2_1_16_1","volume-title":"Retrieved","author":"Web Dr.","year":"2015","unstructured":"Dr. Web . 2015 . Linux.Encoder.1 . Retrieved September 20, 2019 from https:\/\/vms.drweb.com\/virus\/?i=7703983 Dr. Web. 2015. Linux.Encoder.1. Retrieved September 20, 2019 from https:\/\/vms.drweb.com\/virus\/?i=7703983"},{"key":"e_1_3_2_1_17_1","volume-title":"Retrieved","author":"Web Dr.","year":"2016","unstructured":"Dr. Web . 2016 . Linux.Rex.1 . Retrieved September 20, 2019 from https:\/\/vms.drweb.com\/virus\/?i=8436299 Dr. Web. 2016. Linux.Rex.1. Retrieved September 20, 2019 from https:\/\/vms.drweb.com\/virus\/?i=8436299"},{"key":"e_1_3_2_1_18_1","volume-title":"Retrieved","author":"Web Dr.","year":"2018","unstructured":"Dr. Web . 2018 . Linux.BackDoor.Fgt.1430 . Retrieved September 20, 2019 from https:\/\/vms.drweb.com\/virus\/?i=17573534 Dr. Web. 2018. Linux.BackDoor.Fgt.1430. Retrieved September 20, 2019 from https:\/\/vms.drweb.com\/virus\/?i=17573534"},{"key":"e_1_3_2_1_19_1","volume-title":"Retrieved","author":"Foundation Eclipse","year":"2019","unstructured":"Eclipse Foundation . 2019 . Mosquitto . Retrieved September 20, 2019 from https:\/\/mosquitto.org\/ Eclipse Foundation. 2019. Mosquitto. Retrieved September 20, 2019 from https:\/\/mosquitto.org\/"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2005.17"},{"volume-title":"Retrieved","year":"2019","key":"e_1_3_2_1_21_1","unstructured":"gitea 2019 . Gitea . Retrieved September 20, 2019 from https:\/\/gitea.io\/ gitea 2019. Gitea. Retrieved September 20, 2019 from https:\/\/gitea.io\/"},{"key":"e_1_3_2_1_22_1","volume-title":"Retrieved","author":"Inc.","year":"2019","unstructured":"GitHub, Inc. 2019 . GitHub . Retrieved September 20, 2019 from https:\/\/github.com\/ GitHub, Inc. 2019. GitHub. Retrieved September 20, 2019 from https:\/\/github.com\/"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"e_1_3_2_1_24_1","volume-title":"Retrieved","author":"Heo Tejun","year":"2015","unstructured":"Tejun Heo . 2015 . Control Group v2 . Retrieved September 20, 2019 from https:\/\/www.kernel.org\/doc\/Documentation\/cgroup-v2.txt Tejun Heo. 2015. Control Group v2. Retrieved September 20, 2019 from https:\/\/www.kernel.org\/doc\/Documentation\/cgroup-v2.txt"},{"key":"e_1_3_2_1_25_1","volume-title":"Retrieved","author":"Hodson Daniel","year":"2017","unstructured":"Daniel Hodson . 2017 . Remote LD_PRELOAD Exploitation . Retrieved September 20, 2019 from https:\/\/www.elttam.com.au\/blog\/goahead\/ Daniel Hodson. 2017. Remote LD_PRELOAD Exploitation. Retrieved September 20, 2019 from https:\/\/www.elttam.com.au\/blog\/goahead\/"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.16"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.43"},{"key":"e_1_3_2_1_29_1","first-page":"185","article-title":"System Auditing. In Red Hat Enterprise Linux 7 Security Guide","volume":"6","author":"Jahoda Mirek","year":"2017","unstructured":"Mirek Jahoda , Ioanna Gkioka , Robert Kr\u00e1tk\u00fd , Martin Prpi\u010d , Tom\u00e1\u0161 \u010capek , Stephen Wadeley , Yoana Ruseva , and Miroslav Svoboda . 2017 . System Auditing. In Red Hat Enterprise Linux 7 Security Guide . Chapter 6 , 185 -- 204 . Mirek Jahoda, Ioanna Gkioka, Robert Kr\u00e1tk\u00fd, Martin Prpi\u010d, Tom\u00e1\u0161 \u010capek, Stephen Wadeley, Yoana Ruseva, and Miroslav Svoboda. 2017. System Auditing. In Red Hat Enterprise Linux 7 Security Guide. Chapter 6, 185--204.","journal-title":"Chapter"},{"key":"e_1_3_2_1_30_1","volume-title":"Postmark: A new file system benchmark. Technical Report 3022. Network Appliance.","author":"Katcher Jeffrey","year":"1997","unstructured":"Jeffrey Katcher . 1997 . Postmark: A new file system benchmark. Technical Report 3022. Network Appliance. Jeffrey Katcher. 1997. Postmark: A new file system benchmark. Technical Report 3022. Network Appliance."},{"key":"e_1_3_2_1_31_1","volume-title":"Namespaces in operation, part 1: namespaces overview. LWN (4","author":"Kerrisk Michael","year":"2013","unstructured":"Michael Kerrisk . 2013. Namespaces in operation, part 1: namespaces overview. LWN (4 Jan. 2013 ). https:\/\/lwn.net\/Articles\/531114\/ Michael Kerrisk. 2013. Namespaces in operation, part 1: namespaces overview. LWN (4 Jan. 2013). https:\/\/lwn.net\/Articles\/531114\/"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_1"},{"key":"e_1_3_2_1_33_1","volume-title":"Cost Evaluation for Intrusion Response Using Dependency Graphs. In International Conference on Network and Service Security.","author":"Kheir Nizar","year":"2009","unstructured":"Nizar Kheir , Herv\u00e9 Debar , Nora Cuppens-Boulahia , Fr\u00e9d\u00e9ric Cuppens , and Jouni Viinikka . 2009 . Cost Evaluation for Intrusion Response Using Dependency Graphs. In International Conference on Network and Service Security. Nizar Kheir, Herv\u00e9 Debar, Nora Cuppens-Boulahia, Fr\u00e9d\u00e9ric Cuppens, and Jouni Viinikka. 2009. Cost Evaluation for Intrusion Response Using Dependency Graphs. In International Conference on Network and Service Security."},{"volume-title":"Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI'10)","author":"Kim Taesoo","key":"e_1_3_2_1_34_1","unstructured":"Taesoo Kim , Xi Wang , Nickolai Zeldovich , and M. Frans Kaashoek . 2010. Intrusion Recovery Using Selective Re-execution . In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI'10) . USENIX Association, 89--104. Taesoo Kim, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. 2010. Intrusion Recovery Using Selective Re-execution. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI'10). USENIX Association, 89--104."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2014.6853210"},{"key":"e_1_3_2_1_36_1","unstructured":"Ivan Kirillov Desiree Beck Penny Chase and Robert Martin. 2011. Malware Attribute Enumeration and Characterization.  Ivan Kirillov Desiree Beck Penny Chase and Robert Martin. 2011. Malware Attribute Enumeration and Characterization."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2003.1194874"},{"key":"e_1_3_2_1_38_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19)","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher , Jann Horn , Anders Fogh , Daniel Genkin , Daniel Gruss , Werner Haas , Mike Hamburg , Moritz Lipp , Stefan Mangard , Thomas Prescher , Michael Schwarz , and Yuval Yarom . 2019 . Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19) . Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.27"},{"key":"e_1_3_2_1_40_1","volume-title":"Retrieved","author":"Larabel Michael","year":"2019","unstructured":"Michael Larabel and Matthew Tippett . 2019 . Phoronix Test Suite . Retrieved September 20, 2019 from https:\/\/www.phoronix-test-suite.com\/ Michael Larabel and Matthew Tippett. 2019. Phoronix Test Suite. Retrieved September 20, 2019 from https:\/\/www.phoronix-test-suite.com\/"},{"key":"e_1_3_2_1_41_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp , Michael Schwarz , Daniel Gruss , Thomas Prescher , Werner Haas , Anders Fogh , Jann Horn , Stefan Mangard , Paul Kocher , Daniel Genkin , Yuval Yarom , and Mike Hamburg . 2018 . Meltdown: Reading Kernel Memory from User Space . In 27th USENIX Security Symposium (USENIX Security 18) . USENIX Association, Baltimore, MD, 973--990. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 973--990."},{"volume-title":"Retrieved","year":"2019","key":"e_1_3_2_1_42_1","unstructured":"mariadb 2019 . mariadb . Retrieved September 20, 2019 from https:\/\/mariadb.org\/ mariadb 2019. mariadb. Retrieved September 20, 2019 from https:\/\/mariadb.org\/"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00158-003-0368-6"},{"key":"e_1_3_2_1_44_1","volume-title":"Retrieved","author":"Mason Chris","year":"2008","unstructured":"Chris Mason . 2008 . Compilebench . Retrieved September 20, 2019 from https:\/\/oss.oracle.com\/~mason\/compilebench\/ Chris Mason. 2008. Compilebench. Retrieved September 20, 2019 from https:\/\/oss.oracle.com\/~mason\/compilebench\/"},{"volume-title":"Retrieved","year":"2017","key":"e_1_3_2_1_45_1","unstructured":"Microsoft. 2017 . Windows Integrity Mechanism Design . Retrieved September 20, 2019 from https:\/\/msdn.microsoft.com\/en-us\/library\/bb625963.aspx Microsoft. 2017. Windows Integrity Mechanism Design. Retrieved September 20, 2019 from https:\/\/msdn.microsoft.com\/en-us\/library\/bb625963.aspx"},{"volume-title":"Retrieved","year":"2018","key":"e_1_3_2_1_46_1","unstructured":"Microsoft. 2018 . Job Objects . Retrieved September 20, 2019 from https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms684161(v=vs.85).aspx MSDN. Microsoft. 2018. Job Objects. Retrieved September 20, 2019 from https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms684161(v=vs.85).aspx MSDN."},{"volume-title":"Retrieved","year":"2018","key":"e_1_3_2_1_47_1","unstructured":"Microsoft. 2018 . Protect important folders with controlled folder access . Retrieved September 20, 2019 from https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-exploit-guard\/controlled-folders-exploit-guard?ocid=cx-blog-mmpc Microsoft. 2018. Protect important folders with controlled folder access. Retrieved September 20, 2019 from https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-exploit-guard\/controlled-folders-exploit-guard?ocid=cx-blog-mmpc"},{"volume-title":"Retrieved","year":"2018","key":"e_1_3_2_1_48_1","unstructured":"Microsoft. 2018 . Restricted Tokens . Retrieved September 20, 2019 from https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa379316(v=vs.85).aspx Microsoft. 2018. Restricted Tokens. Retrieved September 20, 2019 from https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa379316(v=vs.85).aspx"},{"key":"e_1_3_2_1_49_1","volume-title":"Retrieved","author":"MITRE.","year":"2014","unstructured":"MITRE. 2014 . Malware Capabilities . Retrieved September 20, 2019 from https:\/\/github.com\/MAECProject\/schemas\/wiki\/Malware-Capabilities MITRE. 2014. Malware Capabilities. Retrieved September 20, 2019 from https:\/\/github.com\/MAECProject\/schemas\/wiki\/Malware-Capabilities"},{"key":"e_1_3_2_1_50_1","volume-title":"Retrieved","author":"MITRE.","year":"2019","unstructured":"MITRE. 2019 . ATT&CK . Retrieved September 20, 2019 from https:\/\/attack.mitre.org\/ MITRE. 2019. ATT&CK. Retrieved September 20, 2019 from https:\/\/attack.mitre.org\/"},{"key":"e_1_3_2_1_51_1","volume-title":"Encyclopedia of Malware Attributes. Retrieved","author":"MITRE.","year":"2019","unstructured":"MITRE. 2019. Encyclopedia of Malware Attributes. Retrieved September 20, 2019 from https:\/\/collaborate.mitre.org\/ema\/ MITRE. 2019. Encyclopedia of Malware Attributes. Retrieved September 20, 2019 from https:\/\/collaborate.mitre.org\/ema\/"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13635-017-0063-6"},{"volume-title":"Retrieved","year":"2019","key":"e_1_3_2_1_53_1","unstructured":"nginx 2019 . nginx . Retrieved September 20, 2019 from https:\/\/nginx.org\/ nginx 2019. nginx. Retrieved September 20, 2019 from https:\/\/nginx.org\/"},{"key":"e_1_3_2_1_54_1","volume-title":"Retrieved","author":"Nigam Ruchna","year":"2018","unstructured":"Ruchna Nigam . 2018 . Unit 42 Finds New Mirai and Gafgyt IoT\/Linux Botnet Campaigns . Retrieved September 20, 2019 from https:\/\/researchcenter.paloaltonetworks.com\/2018\/07\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/ Ruchna Nigam. 2018. Unit 42 Finds New Mirai and Gafgyt IoT\/Linux Botnet Campaigns. Retrieved September 20, 2019 from https:\/\/researchcenter.paloaltonetworks.com\/2018\/07\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/"},{"key":"e_1_3_2_1_55_1","volume-title":"Retrieved","author":"Red Hat NSA","year":"2019","unstructured":"NSA and Red Hat . 2019 . SELinux . Retrieved September 20, 2019 from https:\/\/selinuxproject.org\/ NSA and Red Hat. 2019. SELinux. Retrieved September 20, 2019 from https:\/\/selinuxproject.org\/"},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the 3rd USENIX Conference on Offensive Technologies (WOOT'09)","author":"Paleari Roberto","year":"2009","unstructured":"Roberto Paleari , Lorenzo Martignoni , Giampaolo Fresi Roglia , and Danilo Bruschi . 2009 . A Fistful of Red-pills: How to Automatically Generate Procedures to Detect CPU Emulators . In Proceedings of the 3rd USENIX Conference on Offensive Technologies (WOOT'09) . USENIX Association, 7. Roberto Paleari, Lorenzo Martignoni, Giampaolo Fresi Roglia, and Danilo Bruschi. 2009. A Fistful of Red-pills: How to Automatically Generate Procedures to Detect CPU Emulators. In Proceedings of the 3rd USENIX Conference on Offensive Technologies (WOOT'09). USENIX Association, 7."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501620.2501623"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4302-6572-6_6"},{"volume-title":"Part 2 (6 ed.)","author":"Russinovich Mark E.","key":"e_1_3_2_1_59_1","unstructured":"Mark E. Russinovich , David A. Solomon , and Alex Ionescu . 2012. Windows Internals , Part 2 (6 ed.) . Microsoft Press . Mark E. Russinovich, David A. Solomon, and Alex Ionescu. 2012. Windows Internals, Part 2 (6 ed.). Microsoft Press."},{"key":"e_1_3_2_1_60_1","unstructured":"Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. https:\/\/googleprojectzero.blogspot.com\/2015\/03\/exploiting-dram-rowhammer-bug-to-gain.html.  Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. https:\/\/googleprojectzero.blogspot.com\/2015\/03\/exploiting-dram-rowhammer-bug-to-gain.html."},{"key":"e_1_3_2_1_61_1","volume-title":"Retrieved","author":"Senart Tom\u00e1s","year":"2019","unstructured":"Tom\u00e1s Senart . 2019 . Vegeta . Retrieved September 20, 2019 from https:\/\/github.com\/tsenart\/vegeta Tom\u00e1s Senart. 2019. Vegeta. Retrieved September 20, 2019 from https:\/\/github.com\/tsenart\/vegeta"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2615622"},{"volume-title":"Retrieved","year":"2018","key":"e_1_3_2_1_63_1","unstructured":"snapper 2018 . snapper . Retrieved September 20, 2019 from http:\/\/snapper.io\/ snapper 2018. snapper. Retrieved September 20, 2019 from http:\/\/snapper.io\/"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23218"},{"volume-title":"Retrieved","year":"2019","key":"e_1_3_2_1_65_1","unstructured":"systemd 2019 . systemd System and Service Manager . Retrieved September 20, 2019 from https:\/\/www.freedesktop.org\/wiki\/Software\/systemd\/ systemd 2019. systemd System and Service Manager. Retrieved September 20, 2019 from https:\/\/www.freedesktop.org\/wiki\/Software\/systemd\/"},{"key":"e_1_3_2_1_66_1","volume-title":"Retrieved","author":"Szurek Kacper","year":"2018","unstructured":"Kacper Szurek . 2018 . Gitea 1.4.0 Unauthenticated Remote Code Execution . Retrieved September 20, 2019 from https:\/\/security.szurek.pl\/gitea-1-4-0-unauthenticated-rce.html Kacper Szurek. 2018. Gitea 1.4.0 Unauthenticated Remote Code Execution. Retrieved September 20, 2019 from https:\/\/security.szurek.pl\/gitea-1-4-0-unauthenticated-rce.html"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2002.1176302"},{"key":"e_1_3_2_1_68_1","volume-title":"Targets Linux Servers. Retrieved","author":"Cyber Safety Solutions Team Trend Micro","year":"2018","unstructured":"Trend Micro Cyber Safety Solutions Team . 2018 . Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability , Targets Linux Servers. Retrieved September 20, 2019 from https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/cryptocurrency-miner-distributed-via-php-weathermap-vulnerability-targets-linux-servers\/ Trend Micro Cyber Safety Solutions Team. 2018. Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers. Retrieved September 20, 2019 from https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/cryptocurrency-miner-distributed-via-php-weathermap-vulnerability-targets-linux-servers\/"},{"key":"e_1_3_2_1_69_1","unstructured":"UEFI Forum. 2019. Unified Extensible Firmware Interface Specification. https:\/\/uefi.org\/sites\/default\/files\/resources\/UEFI_Spec_2_8_final.pdf Version 2.8.  UEFI Forum. 2019. Unified Extensible Firmware Interface Specification. https:\/\/uefi.org\/sites\/default\/files\/resources\/UEFI_Spec_2_8_final.pdf Version 2.8."},{"volume-title":"SELinux Cookbook","author":"Vermeulen Sven","key":"e_1_3_2_1_70_1","unstructured":"Sven Vermeulen . 2014. Handling SELinux-aware Applications . In SELinux Cookbook . Packt Publishing , Chapter 10. Sven Vermeulen. 2014. Handling SELinux-aware Applications. In SELinux Cookbook. Packt Publishing, Chapter 10."},{"key":"e_1_3_2_1_71_1","volume-title":"Proceedings of the 27th USENIX Security Symposium. USENIX Association","author":"Webster Ashton","year":"2018","unstructured":"Ashton Webster , Ryan Eckenrod , and James Purtilo . 2018 . Fast and Service-preserving Recovery from Malware Infections Using CRIU . In Proceedings of the 27th USENIX Security Symposium. USENIX Association , Baltimore, MD, 1199--1211. Ashton Webster, Ryan Eckenrod, and James Purtilo. 2018. Fast and Service-preserving Recovery from Malware Infections Using CRIU. In Proceedings of the 27th USENIX Security Symposium. USENIX Association, Baltimore, MD, 1199--1211."},{"key":"e_1_3_2_1_72_1","volume-title":"Security risk management: Building an information security risk management program from the Ground Up","author":"Wheeler Evan","unstructured":"Evan Wheeler . 2011. Risky Business . In Security risk management: Building an information security risk management program from the Ground Up ( 1 st ed.). Syngress Publishing , Chapter 2, 37--40. Evan Wheeler. 2011. Risky Business. In Security risk management: Building an information security risk management program from the Ground Up (1st ed.). Syngress Publishing, Chapter 2, 37--40.","edition":"1"},{"key":"e_1_3_2_1_73_1","volume-title":"Retrieved","author":"Wheeler Ric","year":"2016","unstructured":"Ric Wheeler . 2016 . fs-mark . Retrieved September 20, 2019 from https:\/\/sourceforge.net\/projects\/fsmark\/ Ric Wheeler. 2016. fs-mark. Retrieved September 20, 2019 from https:\/\/sourceforge.net\/projects\/fsmark\/"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.52"},{"key":"e_1_3_2_1_75_1","volume-title":"Zimmer","author":"Yao Jiewen","year":"2015","unstructured":"Jiewen Yao and Vincent J . Zimmer . 2015 . A Tour Beyond BIOS Supporting an SMM Resource Monitor using the EFI Developer Kit II. Technical Report. Intel . https:\/\/firmware.intel.com\/sites\/default\/files\/resources\/A_Tour_Beyond_BIOS_Supporting_SMM_Resource_Monitor_using_the_EFI_Developer_Kit_II.pdf Jiewen Yao and Vincent J. Zimmer. 2015. A Tour Beyond BIOS Supporting an SMM Resource Monitor using the EFI Developer Kit II. Technical Report. Intel. https:\/\/firmware.intel.com\/sites\/default\/files\/resources\/A_Tour_Beyond_BIOS_Supporting_SMM_Resource_Monitor_using_the_EFI_Developer_Kit_II.pdf"},{"key":"e_1_3_2_1_76_1","volume-title":"Zimmer","author":"Yao Jiewen","year":"2017","unstructured":"Jiewen Yao and Vincent J . Zimmer . 2017 . A Tour Beyond BIOS - Memory Protection in UEFI BIOS. Technical Report. Intel . https:\/\/edk2-docs.gitbooks.io\/a-tour-beyond-bios-memory-protection-in-uefi-bios\/content\/ Jiewen Yao and Vincent J. Zimmer. 2017. A Tour Beyond BIOS - Memory Protection in UEFI BIOS. Technical Report. Intel. https:\/\/edk2-docs.gitbooks.io\/a-tour-beyond-bios-memory-protection-in-uefi-bios\/content\/"}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","acronym":"ACSAC '19","location":"San Juan Puerto Rico USA"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359792","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359792","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:23:06Z","timestamp":1750202586000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359792"}},"subtitle":["a fine-grained intrusion response and recovery approach for commodity operating systems"],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":75,"alternative-id":["10.1145\/3359789.3359792","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359792","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}