{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T01:33:59Z","timestamp":1725845639482},"publisher-location":"Cham","reference-count":20,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319276588"},{"type":"electronic","value":"9783319276595"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-27659-5_1","type":"book-chapter","created":{"date-parts":[[2015,12,29]],"date-time":"2015-12-29T12:33:52Z","timestamp":1451392432000},"page":"3-19","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Integrity Checking of Function Pointers in\u00a0Kernel Pools via Virtual Machine Introspection"],"prefix":"10.1007","author":[{"given":"Irfan","family":"Ahmed","sequence":"first","affiliation":[]},{"suffix":"III","given":"Golden G.","family":"Richard","sequence":"additional","affiliation":[]},{"given":"Aleksandar","family":"Zoranic","sequence":"additional","affiliation":[]},{"given":"Vassil","family":"Roussev","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,30]]},"reference":[{"key":"1_CR1","volume-title":"Rootkits: Subverting the Windows Kernel","author":"G Hoglund","year":"2005","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel, 1st edn. Addison-Wesley Professional, Upper Saddle River (2005)","edition":"1"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-14215-4_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"H Yin","year":"2010","unstructured":"Yin, H., Poosankam, P., Hanna, S., Song, D.: HookScout: proactive binary-centric hook detection. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 1\u201320. Springer, Heidelberg (2010)"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Nick, J., Petroni, L., Hicks, M.: Automated detection of persistent kernel control flow attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, VA, USA, pp. 103\u2013115 (2007)","DOI":"10.1145\/1315245.1315260"},{"key":"1_CR4","doi-asserted-by":"crossref","unstructured":"Baliga, A., Ganapathy, V., Iftode, L.: Automatic inference and enforcement of kernel data structure invariants. In: Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, California, USA, pp. 77\u201386 (2008)","DOI":"10.1109\/ACSAC.2008.29"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping kernel objects to enable systematic integrity checking. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA, pp. 555\u2013565 (2009)","DOI":"10.1145\/1653662.1653729"},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X., Cui, W., Ning, P.: Countering kernel rootkits with lightweight hook protection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA, pp. 545\u2013554 (2009)","DOI":"10.1145\/1653662.1653728"},{"key":"1_CR7","unstructured":"TEMU. \n http:\/\/bitblaze.cs.berkeley.edu\/temu.html"},{"key":"1_CR8","volume-title":"Windows Internals: Including Windows Server 2008 and Windows Vista","author":"M Russinovich","year":"2009","unstructured":"Russinovich, M., Solomon, D.: Windows Internals: Including Windows Server 2008 and Windows Vista, 5th edn. Microsoft Press, Redmond (2009)","edition":"5"},{"key":"1_CR9","unstructured":"Butler, J., Hoglund, G.: VICECatch the Hookers!, In: Black Hat USA, July 2004. \n http:\/\/www.blackhat.com\/presentations\/bh-usa-04\/bh-us-04-butler\/bh-us-04-butler.pdf"},{"key":"1_CR10","unstructured":"Rutkowska, J.: System virginity verifier: defining the roadmap for malware detection on windows systems. In: Hack in the Box Security Conference, September 2005"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Ahmed, I., Zoranic, A., Javaid, S., Richard, G.G. III.: Mod-checker: kernel module integrity checking in the cloud environment. In: 4th International Workshop on Security in Cloud Computing (CloudSec 2012), pp. 306\u2013313 (2012)","DOI":"10.1109\/ICPPW.2012.46"},{"key":"1_CR12","unstructured":"IceSword. \n http:\/\/www.antirootkit.com\/software\/IceSword.htm"},{"key":"1_CR13","unstructured":"LibVMI. \n https:\/\/code.google.com\/p\/vmitools\/"},{"key":"1_CR14","unstructured":"SSDT Volatility. \n https:\/\/code.google.com\/p\/volatility\/source\/browse\/trunk\/volatility\/plugins\/ssdt.py?r=3158"},{"key":"1_CR15","unstructured":"Mandt, T.: Kernel Pool Exploitation on Windows 7. \n http:\/\/www.mista.nu\/research\/MANDT-kernelpool-PAPER.pdf"},{"key":"1_CR16","unstructured":"mxatone and ivanlef0u.: Stealth hooking: Another way to subvert the Windows kernel. \n http:\/\/www.phrack.com\/issues.html?issue=65&id=4"},{"key":"1_CR17","unstructured":"Kortchinsky, K.: Real World Kernel Pool Exploitation. \n http:\/\/sebug.net\/paper\/Meeting-Documents\/syscanhk\/KernelPool.pdf"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Riley, R., Jiang, X., Xu, D.: Multi-aspect proling of kernel rootkit behavior. In: The Proceedings of the 4th ACM European Conference on Computer Systems (EuroSys 2009), Nuremberg, Germany, pp. 47\u201360 (2009)","DOI":"10.1145\/1519065.1519072"},{"key":"1_CR19","unstructured":"Yin, H., Liang, Z., Song, D.: HookFinder: identifying and understanding malware hooking behaviors. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008), February 2008"},{"key":"1_CR20","unstructured":"PCMark 7. \n http:\/\/www.futuremark.com\/benchmarks\/pcmark7"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-27659-5_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,29]],"date-time":"2020-01-29T17:44:32Z","timestamp":1580319872000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-27659-5_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319276588","9783319276595"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-27659-5_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"30 December 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}