When Virtual Is Better Than Real, USENIX Workshop on Hot Topics in Operating Systems (HotOS), 2001. ,
A Virtual Machine Introspection Based Architecture for Intrusion Detection, ISOC Network and Distributed System Security Symposium (NDSS), 2003. ,
Ether: Malware Analysis via Hardware Virtualization Extensions, ACM Conference on Computer and Communications Security (CCS), 2008. ,
, Process Implanting: A New Active Introspection Framework for Virtualization, 2012.
, International Conference on Network and System Security (NSS), 2013.
Kiayias, Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System, Annual Computer Security Applications Conference (ACSAC), 2014. ,
, Hypervisor Support for Identifying Covertly Executing Binaries, 2008.
Code Validation for Modern OS Kernels, Workshop on Malware Memory Forensics (MMF), 2014. ,
, Spectre Attacks: Exploiting Speculative Execution
,
Using VisorFlow to Control Information Flow without Modifying the Operating System Kernel or its Userspace, International Workshop on Managing Insider Security Threats, 2017. ,
SPIDER: Stealthy Binary Program Instrumentation and Debugging via Hardware Virtualization, Annual Computer Security Applications Conference (ACSAC), 2013. ,
Formal Requirements for Virtualizable Third Generation Architectures, Communications of the ACM, vol.17, issue.7, pp.412-421, 1974. ,
, International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2014.
A Formal Model for Virtual Machine Introspection, Workshop on Virtual Machine Security, 2009. ,
Nitro: Hardware-Based System Call Tracing for Virtual Machines, Advances in Information and Computer Security, 2011. ,
Cardinal Pill Testing of System Virtual Machines, USENIX Security Symposium, 2014. ,
, Compatibility Is Not Transparency: VMM Detection Myths and Realities, 2007.
Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2008. ,
Spotless sandboxes: Evading malware analysis systems using wear-and-tear artifacts, IEEE Symposium on Security and Privacy (S&P), 2017. ,
DOI : 10.1109/sp.2017.42
Breaking the x86 ISA ,
, SoK: Introspections on Trust and the Semantic Gap, 2014.
DOI : 10.1109/sp.2014.45
URL : http://www.cs.stonybrook.edu/~porter/pubs/sok14.pdf
, SubVirt: Implementing Malware With Virtual Machines, 2006.
DOI : 10.1109/sp.2006.38
Subverting VistaTM Kernel for Fun and Profit ,
Hardware Virtualization Rootkits ,
,
, Cloaker: Hardware Supported Rootkit Concealment, 2008.
DOI : 10.1109/sp.2008.8
CacheKit: Evading Memory Introspection using Cache Incoherence, IEEE Symposium on Security and Privacy (S&P), 2016. ,
DOI : 10.1109/eurosp.2016.34
The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture, International Conference on Information and Communications Security (ICICS), 2016. ,
Live and Trustworthy Forensic Analysis of Commodity Production Systems, International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2010. ,