{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,19]],"date-time":"2025-09-19T11:01:06Z","timestamp":1758279666433,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,17]],"date-time":"2020-10-17T00:00:00Z","timestamp":1602892800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,17]]},"DOI":"10.1145\/3458903.3458909","type":"proceedings-article","created":{"date-parts":[[2021,10,23]],"date-time":"2021-10-23T16:06:02Z","timestamp":1635005162000},"page":"1-9","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks"],"prefix":"10.1145","author":[{"given":"Guangyuan","family":"Hu","sequence":"first","affiliation":[{"name":"Princeton University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tianwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruby B.","family":"Lee","sequence":"additional","affiliation":[{"name":"Princeton University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,10,23]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. Amazon Inspector. https:\/\/aws.amazon.com\/inspector\/.  [n.d.]. Amazon Inspector. https:\/\/aws.amazon.com\/inspector\/."},{"key":"e_1_3_2_1_2_1","unstructured":"[n.d.]. ARM926EJ-S Technical Reference Manual: Control Register c1. https:\/\/developer.arm.com\/documentation\/ddi0198\/e\/programmer-s-model\/register-descriptions\/control-register-c1.  [n.d.]. ARM926EJ-S Technical Reference Manual: Control Register c1. https:\/\/developer.arm.com\/documentation\/ddi0198\/e\/programmer-s-model\/register-descriptions\/control-register-c1."},{"key":"e_1_3_2_1_3_1","unstructured":"[n.d.]. Common Vulnerabilities and Exposures. https:\/\/cve.mitre.org\/.  [n.d.]. Common Vulnerabilities and Exposures. https:\/\/cve.mitre.org\/."},{"key":"e_1_3_2_1_4_1","unstructured":"[n.d.]. Explorations with adore-ng. http:\/\/ab-rtfm.blogspot.com\/2007\/07\/explorations-with-adore-ng.html.  [n.d.]. Explorations with adore-ng. http:\/\/ab-rtfm.blogspot.com\/2007\/07\/explorations-with-adore-ng.html."},{"key":"e_1_3_2_1_5_1","unstructured":"[n.d.]. The httperf HTTP load generator. https:\/\/github.com\/httperf\/httperf.  [n.d.]. The httperf HTTP load generator. https:\/\/github.com\/httperf\/httperf."},{"key":"e_1_3_2_1_6_1","unstructured":"[n.d.]. Klister - Windows Kernel Level Rootkit Detector. https:\/\/securiteam.com\/tools\/5gp0315ffw\/.  [n.d.]. Klister - Windows Kernel Level Rootkit Detector. https:\/\/securiteam.com\/tools\/5gp0315ffw\/."},{"key":"e_1_3_2_1_7_1","unstructured":"[n.d.]. Libbdvmi. https:\/\/github.com\/razvan-cojocaru\/libbdvmi.  [n.d.]. Libbdvmi. https:\/\/github.com\/razvan-cojocaru\/libbdvmi."},{"key":"e_1_3_2_1_8_1","unstructured":"[n.d.]. LibVMI.  [n.d.]. LibVMI."},{"key":"e_1_3_2_1_9_1","unstructured":"[n.d.]. Linux Hook IDT. https:\/\/github.com\/majdi\/deadlands\/tree\/master\/srcs\/linux\/module\/HOOK\/IDT.  [n.d.]. Linux Hook IDT. https:\/\/github.com\/majdi\/deadlands\/tree\/master\/srcs\/linux\/module\/HOOK\/IDT."},{"key":"e_1_3_2_1_10_1","unstructured":"[n.d.]. Magento Commerce. http:\/\/www.magento.com\/.  [n.d.]. Magento Commerce. http:\/\/www.magento.com\/."},{"key":"e_1_3_2_1_11_1","unstructured":"[n.d.]. Microsoft Antimalware for Azure Cloud Services and Virtual Machines. https:\/\/docs.microsoft.com\/en-us\/azure\/security\/azure-security-antimalware.  [n.d.]. Microsoft Antimalware for Azure Cloud Services and Virtual Machines. https:\/\/docs.microsoft.com\/en-us\/azure\/security\/azure-security-antimalware."},{"key":"e_1_3_2_1_12_1","unstructured":"[n.d.]. xingyiquan - simple linux kernel rootkit for kernel 3.x and kernel 2.6.x. https:\/\/sw0rdm4n.wordpress.com\/2014\/11\/03\/xingyiquan-simple-linux-kernel-rootkit-for-kernel-3-x-and-kernel-2-6-x\/.  [n.d.]. xingyiquan - simple linux kernel rootkit for kernel 3.x and kernel 2.6.x. https:\/\/sw0rdm4n.wordpress.com\/2014\/11\/03\/xingyiquan-simple-linux-kernel-rootkit-for-kernel-3-x-and-kernel-2-6-x\/."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2245276.2232005"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"e_1_3_2_1_15_1","unstructured":"Bitdefender. [n.d.]. Hypervisor Introspection. http:\/\/www.bitdefender.com\/business\/hypervisor-introspection.html.  Bitdefender. [n.d.]. Hypervisor Introspection. http:\/\/www.bitdefender.com\/business\/hypervisor-introspection.html."},{"volume-title":"Raide: Rootkit analysis identification elimination. Black Hat USA 47(2006).","year":"2006","author":"Butler Jamie","key":"e_1_3_2_1_16_1"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_2"},{"key":"e_1_3_2_1_18_1","unstructured":"Silvio Cesare. [n.d.]. Syscall Redirection Without Modifying the Syscall Table. http:\/\/www.ouah.org\/stealth-syscall.txt.  Silvio Cesare. [n.d.]. Syscall Redirection Without Modifying the Syscall Table. http:\/\/www.ouah.org\/stealth-syscall.txt."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1948352.1948384"},{"key":"e_1_3_2_1_20_1","unstructured":"Bryce Cogswell and Mark Russinovich. 2006. Rootkitrevealer v1. 71. Rootkit detection tool by Microsoft(2006).  Bryce Cogswell and Mark Russinovich. 2006. Rootkitrevealer v1. 71. Rootkit detection tool by Microsoft(2006)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.8"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"volume-title":"Network and Distribution Security Symposium.","year":"2003","author":"Garfinkel Tal","key":"e_1_3_2_1_25_1"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855768.1855792"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346269"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.38"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664252"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/3277203.3277276"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2487726.2488368"},{"volume-title":"Secure and Flexible Monitoring of Virtual Machines. In Annual Computer Security Applications Conference.","author":"Payne D.","key":"e_1_3_2_1_34_1"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2484402.2484406"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251375.1251388"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251353.1251369"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1244002.1244070"},{"volume-title":"Introducing blue pill. The official blog of the invisiblethings. org 22","year":"2006","author":"Rutkowska Joanna","key":"e_1_3_2_1_40_1"},{"volume-title":"Proceedings of BlackHat DC 2007","year":"2007","author":"Rutkowska Joanna","key":"e_1_3_2_1_41_1"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052999"},{"key":"e_1_3_2_1_43_1","first-page":"504","article-title":"Shadow walker: Raising the bar for rootkit detection","volume":"11","author":"Sparks Sherri","year":"2005","journal-title":"Black Hat Japan"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046751"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.5555\/3154690.3154752"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.5555\/1521747.1521783"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2463209.2488831"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590300"}],"event":{"name":"HASP '20: Hardware and Architectural Support for Security and Privacy","acronym":"HASP '20","location":"Virtual Greece"},"container-title":["Hardware and Architectural Support for Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3458903.3458909","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3458903.3458909","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:55Z","timestamp":1750195495000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3458903.3458909"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,17]]},"references-count":48,"alternative-id":["10.1145\/3458903.3458909","10.1145\/3458903"],"URL":"https:\/\/doi.org\/10.1145\/3458903.3458909","relation":{},"subject":[],"published":{"date-parts":[[2020,10,17]]},"assertion":[{"value":"2021-10-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}