{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,18]],"date-time":"2026-01-18T11:40:57Z","timestamp":1768736457125,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":78,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Natural Science Foundation of China","award":["62172308"],"award-info":[{"award-number":["62172308"]}]},{"name":"National Natural Science Foundation of China","award":["61972297"],"award-info":[{"award-number":["61972297"]}]},{"name":"National Natural Science Foundation of China","award":["U1626107"],"award-info":[{"award-number":["U1626107"]}]},{"name":"National Natural Science Foundation of China","award":["62172144"],"award-info":[{"award-number":["62172144"]}]},{"name":"National Science Foundation (NSF)","award":["CNS-2128703"],"award-info":[{"award-number":["CNS-2128703"]}]},{"name":"National Science Foundation (NSF)","award":["CNS-1850434"],"award-info":[{"award-number":["CNS-1850434"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484544","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"2858-2874","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Towards Transparent and Stealthy Android OS Sandboxing via Customizable Container-Based Virtualization"],"prefix":"10.1145","author":[{"given":"Wenna","family":"Song","sequence":"first","affiliation":[{"name":"Wuhan University, Wuhan, China"}]},{"given":"Jiang","family":"Ming","sequence":"additional","affiliation":[{"name":"University of Texas at Arlington, Arlington, TX, USA"}]},{"given":"Lin","family":"Jiang","sequence":"additional","affiliation":[{"name":"Independent Researcher, Xi'an, China"}]},{"given":"Yi","family":"Xiang","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}]},{"given":"Xuanchen","family":"Pan","sequence":"additional","affiliation":[{"name":"Wuhan Antiy Information Technology, Wuhan, China"}]},{"given":"Jianming","family":"Fu","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}]},{"given":"Guojun","family":"Peng","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23121"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/APNOMS.2015.7275379"},{"key":"e_1_3_2_2_3_1","volume-title":"Comput. Surveys","volume":"52","author":"Afianian Amir","year":"2019","unstructured":"Amir Afianian, Salman Niksefat, Babak Sadeghiyan, and David Baptiste. 2019. Malware Dynamic Analysis Evasion Techniques: A Survey. Comput. Surveys, Vol. 52, 6, Article 126 (November 2019), 28 pages."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99136-8_3"},{"key":"e_1_3_2_2_5_1","unstructured":"Android Developers. [online]. SafetyNet Attestation API. https:\/\/developer.android.com\/training\/safetynet\/attestation."},{"key":"e_1_3_2_2_6_1","unstructured":"Android Open Source Project. 2019. Low Memory Killer Daemon (lmkd). https:\/\/source.android.com\/devices\/tech\/perf\/lmkd."},{"key":"e_1_3_2_2_7_1","unstructured":"Android Open Source Project. [online] a. Supporting Multiple Users. https:\/\/source.android.com\/devices\/tech\/admin\/multi-user\/."},{"key":"e_1_3_2_2_8_1","unstructured":"Android Open Source Project. [online] b. Using Binder IPC. https:\/\/source.android.com\/devices\/architecture\/hidl\/binder-ipc."},{"key":"e_1_3_2_2_9_1","unstructured":"androidcentrol. 2018. G-Ware Virus. https:\/\/forums.androidcentral.com\/ask-question\/885223-g-ware-virus-app-not-deleting.html."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043574"},{"key":"e_1_3_2_2_11_1","unstructured":"asLody. 2015. VirtualApp. https:\/\/github.com\/asLody\/VirtualApp."},{"key":"e_1_3_2_2_12_1","volume-title":"Proceedings of the 24th USENIX Conference on Security Symposium (USENIX Security'15)","author":"Backes Michael","year":"2015","unstructured":"Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, and Philipp von Styp-Rekowsky. 2015. Boxify: Full-fledged App Sandboxing for Stock Android. In Proceedings of the 24th USENIX Conference on Security Symposium (USENIX Security'15)."},{"key":"e_1_3_2_2_13_1","volume-title":"Proceedings of the 6th International Conference on Ubiquitous Computing (UbiComp'04)","author":"Ballagas Rafael","year":"2004","unstructured":"Rafael Ballagas, Michael Rohs, Jennifer G Sheridan, and Jan Borchers. 2004. BYOD: Bring Your Own Device. In Proceedings of the 6th International Conference on Ubiquitous Computing (UbiComp'04)."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1899928.1899945"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134615"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66402-6_17"},{"key":"e_1_3_2_2_17_1","unstructured":"Cellrox ltd. [online]. Cellrox Mobile Virtualization. https:\/\/www.cellrox.com\/."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2018.09.007"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3203422.3203427"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3381991.3395608"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2541940.2541946"},{"key":"e_1_3_2_2_22_1","unstructured":"David Pierce. 2018. Your Smartphone Is the Best Computer You Own. The Wall Street Journal http:\/\/tiny.cc\/cqsnpz."},{"key":"e_1_3_2_2_23_1","unstructured":"Hitesh Dharmdasani. 2014. Android.HeHe: Malware Now Disconnects Phone Calls. https:\/\/www.fireeye.com\/blog\/threat-research\/2014\/01\/android-hehe-malware-now-disconnects-phone-calls.html."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939918.2939926"},{"key":"e_1_3_2_2_25_1","unstructured":"Echo Duan and Roland Sun. 2017. GhostClicker Adware: a Phantomlike Android Click Fraud. http:\/\/tiny.cc\/7w5ctz."},{"key":"e_1_3_2_2_26_1","volume-title":"Container-based Virtualization. In Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communications.","author":"Eder Michael","year":"2016","unstructured":"Michael Eder. 2016. Hypervisor- vs. Container-based Virtualization. In Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communications."},{"key":"e_1_3_2_2_27_1","volume-title":"Mobile vs. Desktop Usage","author":"Enge Eric","year":"2019","unstructured":"Eric Enge. 2019. Mobile vs. Desktop Usage in 2019. https:\/\/www.perficient.com\/insights\/research-hub\/mobile-vs-desktop-usage-study."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2015.7095802"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.30"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799979.2800004"},{"key":"e_1_3_2_2_31_1","volume-title":"Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems (HOTOS'07)","author":"Garfinkel Tal","year":"2007","unstructured":"Tal Garfinkel, Keith Adams, Andrew Warfield, and Jason Franklin. 2007. Compatibility is Not Transparency: VMM Detection Myths and Realities. In Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems (HOTOS'07)."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897886"},{"key":"e_1_3_2_2_33_1","unstructured":"John H\u00f8egh-Omdal. 2020. StrandHogg 2.0 - The `evil twin' New Android Vulnerability Even More Dangerous With Attacks More Difficult to Detect Than Predecessor. https:\/\/promon.co\/strandhogg-2-0\/."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664250"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2994459.2994470"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3140368.3140371"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3344341.3368810"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380355"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076790"},{"key":"e_1_3_2_2_40_1","unstructured":"Mohit Kumar. 2019. New Android Malware Apps Use Motion Sensor to Evade Detection. https:\/\/thehackernews.com\/2019\/01\/android-malware-play-store.html."},{"key":"e_1_3_2_2_41_1","unstructured":"Patrik Lantz. 2015. Dynamic Analysis of Android Apps. https:\/\/github.com\/pjlantz\/droidbox."},{"key":"e_1_3_2_2_42_1","unstructured":"LBE Tech. [online]. Parallel Space: Run Multiple Social and Game Accounts in Your Phone Simultaneously. http:\/\/parallel-app.com\/."},{"key":"e_1_3_2_2_43_1","volume-title":"Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security.","author":"Lindorfer Martina","unstructured":"Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, and Christian Platzer. 2014. ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security."},{"key":"e_1_3_2_2_44_1","unstructured":"Linux Containers. [online]. Infrastructure for Container Projects. https:\/\/linuxcontainers.org\/."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2014.12"},{"key":"e_1_3_2_2_46_1","unstructured":"Iliyan Malchev. 2017. Here comes Treble: A modular base for Android. https:\/\/android-developers.googleblog.com\/2017\/05\/here-comes-treble-modular-base-for.html."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.42"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818036"},{"key":"e_1_3_2_2_49_1","unstructured":"Junjiro R. Okajima. [online]. Advanced Multi Layered Unification Filesystem. http:\/\/aufs.sourceforge.net\/."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2592791.2592796"},{"key":"e_1_3_2_2_51_1","unstructured":"Qihoo360. 2015. DroidPlugin. https:\/\/github.com\/DroidPluginTeam\/DroidPlugin."},{"key":"e_1_3_2_2_52_1","volume-title":"Proceedings of the Mobile Security Technologies (MOST'14)","author":"Ratazzi Paul","year":"2014","unstructured":"Paul Ratazzi, Yousra Aafer, Amit Ahlawat, Hao Hao, Yifei Wang, and Wenliang Du. 2014. A Systematic Security Evaluation of Android's Multi-User Framework. In Proceedings of the Mobile Security Technologies (MOST'14)."},{"key":"e_1_3_2_2_53_1","unstructured":"Idan Revivo and Ofer Caspi. 2016. CuckooDroid - Automated Android Malware Analysis. https:\/\/github.com\/idanr1986\/cuckoo-droid."},{"key":"e_1_3_2_2_54_1","unstructured":"rovo89. [online]. Xposed Module Repository. https:\/\/repo.xposed.info\/."},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_1"},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307334.3326072"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423341"},{"key":"e_1_3_2_2_58_1","unstructured":"Tatyana Shishkova and Lev Pikman. 2018. The Rotexy Mobile Trojan ---- Banker and Ransomware. https:\/\/securelist.com\/the-rotexy-mobile-trojan-banker-and-ransomware\/88893\/."},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897164"},{"key":"e_1_3_2_2_60_1","unstructured":"shumei. [online]. ishumei Android Device Security Threat Detection SDK. https:\/\/www.ishumei.com\/product\/bs-post-sdk.html."},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/1272996.1273025"},{"key":"e_1_3_2_2_62_1","unstructured":"SophosLabs. 2017. Android Malware Anti-emulation Techniques. http:\/\/tiny.cc\/s416tz."},{"key":"e_1_3_2_2_63_1","unstructured":"Lukas Stefanko. 2019. Tracking down the developer of Android adware affecting millions of users. https:\/\/www.welivesecurity.com\/2019\/10\/24\/tracking-down-developer-android-adware\/."},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23145"},{"key":"e_1_3_2_2_65_1","unstructured":"The kernel development community. [online]. Kernel Samepage Merging. https:\/\/www.kernel.org\/doc\/html\/latest\/admin-guide\/mm\/ksm.html."},{"key":"e_1_3_2_2_66_1","unstructured":"Roman Unuchek. 2013. The most sophisticated Android Trojan. https:\/\/securelist.com\/the-most-sophisticated-android-trojan\/35929\/."},{"key":"e_1_3_2_2_67_1","unstructured":"Roman Unuchek. 2017. Ztorg: money for infecting your smartphone. https:\/\/securelist.com\/ztorg-money-for-infecting-your-smartphone\/78325\/."},{"key":"e_1_3_2_2_68_1","volume-title":"Computer","volume":"42","author":"Vaughan-Nichols Steven J.","year":"2009","unstructured":"Steven J. Vaughan-Nichols. 2009. Will Mobile Computing's Future Be Location, Location, Location? Computer, Vol. 42, 2 (2009)."},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590325"},{"key":"e_1_3_2_2_70_1","volume-title":"Proceedings of the 5th USENIX Conference on Offensive Technologies (WOOT'11)","author":"Vidas Timothy","year":"2011","unstructured":"Timothy Vidas, Daniel Votipka, and Nicolas Christin. 2011. All Your Droid Are Belong to Us: A Survey of Current Android Attacks. In Proceedings of the 5th USENIX Conference on Offensive Technologies (WOOT'11)."},{"key":"e_1_3_2_2_71_1","unstructured":"VMOS Inc. [online]. Virtual Android on Android. http:\/\/www.vmos.com\/."},{"key":"e_1_3_2_2_72_1","volume-title":"Proceedings of the 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.","author":"Xavier Miguel G.","unstructured":"Miguel G. Xavier, Marcelo V. Neves, Fabio D. Rossi, Tiago C. Ferreto, Timoteo Lange, and Cesar A. F. De Rose. 2013. Performance Evaluation of Container-Based Virtualization for High Performance Computing Environments. In Proceedings of the 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing."},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/MobileCloud.2015.9"},{"key":"e_1_3_2_2_74_1","unstructured":"XxsqManage. 2019. The Best Tool to Change Android Phone's Configuration. http:\/\/www.javaer.xyz\/XxsqManager\/html\/index.html."},{"key":"e_1_3_2_2_75_1","volume-title":"Proceedings of the 21st USENIX Conference on Security Symposium.","author":"Yan Lok Kwong","year":"2012","unstructured":"Lok Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In Proceedings of the 21st USENIX Conference on Security Symposium."},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23091"},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3309697.3331517"},{"key":"e_1_3_2_2_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/3203422.3203425"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484544","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484544","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:51:53Z","timestamp":1763499113000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484544"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":78,"alternative-id":["10.1145\/3460120.3484544","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484544","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}