{"id":"https://openalex.org/W2117882778","doi":"https://doi.org/10.1109/sp.2006.38","title":"SubVirt: implementing malware with virtual machines","display_name":"SubVirt: implementing malware with virtual machines","publication_year":2006,"publication_date":"2006-01-01","ids":{"openalex":"https://openalex.org/W2117882778","doi":"https://doi.org/10.1109/sp.2006.38","mag":"2117882778"},"language":"en","primary_location":{"id":"doi:10.1109/sp.2006.38","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp.2006.38","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2006 IEEE Symposium on Security and Privacy (S&P'06)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5112039412","display_name":"Samuel T. King","orcid":null},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"S.T. King","raw_affiliation_strings":["University of Michigan","Michigan, University"],"affiliations":[{"raw_affiliation_string":"University of Michigan","institution_ids":["https://openalex.org/I27837315"]},{"raw_affiliation_string":"Michigan, University","institution_ids":["https://openalex.org/I27837315"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079543886","display_name":"P.M. Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"P.M. Chen","raw_affiliation_strings":["University of Michigan","Michigan, University"],"affiliations":[{"raw_affiliation_string":"University of Michigan","institution_ids":["https://openalex.org/I27837315"]},{"raw_affiliation_string":"Michigan, University","institution_ids":["https://openalex.org/I27837315"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5112039412"],"corresponding_institution_ids":["https://openalex.org/I27837315"],"apc_list":null,"apc_paid":null,"fwci":54.2175,"has_fulltext":false,"cited_by_count":423,"citation_normalized_percentile":{"value":0.99922375,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"14 pp.","last_page":"327"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.9745801687240601},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8876943588256836},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7849628925323486},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6987314820289612},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.6380469799041748},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.5930148959159851},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.5895160436630249},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5159321427345276},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.4499897360801697},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.43653008341789246},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.4242938756942749},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.24210640788078308},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.1567443311214447}],"concepts":[{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.9745801687240601},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8876943588256836},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7849628925323486},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6987314820289612},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.6380469799041748},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.5930148959159851},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.5895160436630249},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5159321427345276},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.4499897360801697},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.43653008341789246},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.4242938756942749},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.24210640788078308},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.1567443311214447}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp.2006.38","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp.2006.38","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2006 IEEE Symposium on Security and Privacy (S&P'06)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7699999809265137,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W124732759","https://openalex.org/W161166442","https://openalex.org/W198543417","https://openalex.org/W1492832459","https://openalex.org/W1495241705","https://openalex.org/W1500546894","https://openalex.org/W1510508184","https://openalex.org/W1604148906","https://openalex.org/W1641762327","https://openalex.org/W1742385376","https://openalex.org/W1813040609","https://openalex.org/W1829813581","https://openalex.org/W2054481902","https://openalex.org/W2094224023","https://openalex.org/W2096165352","https://openalex.org/W2100673955","https://openalex.org/W2111015674","https://openalex.org/W2112190615","https://openalex.org/W2121542813","https://openalex.org/W2125895608","https://openalex.org/W2131629422","https://openalex.org/W2131726714","https://openalex.org/W2141253292","https://openalex.org/W2142892618","https://openalex.org/W2149886445","https://openalex.org/W2151182669","https://openalex.org/W2154081981","https://openalex.org/W2155750598","https://openalex.org/W2166004296","https://openalex.org/W4231945399","https://openalex.org/W4232895233","https://openalex.org/W4241912528","https://openalex.org/W4243947286","https://openalex.org/W4246164361","https://openalex.org/W4250874986","https://openalex.org/W4254817417","https://openalex.org/W4256483320","https://openalex.org/W6605099366","https://openalex.org/W6608064460","https://openalex.org/W6629612567","https://openalex.org/W6630179916","https://openalex.org/W6630637722","https://openalex.org/W6637110787","https://openalex.org/W6638823182","https://openalex.org/W6674507979","https://openalex.org/W7064809758"],"related_works":["https://openalex.org/W2393767428","https://openalex.org/W1979469929","https://openalex.org/W2550565492","https://openalex.org/W2150403335","https://openalex.org/W2354398839","https://openalex.org/W1546317334","https://openalex.org/W2065751263","https://openalex.org/W2765965862","https://openalex.org/W2516239820","https://openalex.org/W4385750663"],"abstract_inverted_index":{"Attackers":[0],"and":[1,21,47,60,110,127,185,189,225,228],"defenders":[2,22,58],"of":[3,37,70,77,91],"computer":[4],"systems":[5,237],"both":[6,19],"strive":[7],"to":[8,25,43,56,125,152,181,210,213,223],"gain":[9],"complete":[10],"control":[11,84],"over":[12,85],"the":[13,35,38,63,112,139,163,197],"system.":[14,87,141,165],"To":[15],"maximize":[16],"their":[17,130],"control,":[18],"attackers":[20],"have":[23],"migrated":[24],"low-level,":[26],"operating":[27,108,114,157],"system":[28,109,115,158],"code.":[29],"In":[30],"this":[31,52,168,216,239],"paper,":[32],"we":[33,54,94,190,201,204,229],"assume":[34],"perspective":[36],"attacker,":[39],"who":[40],"is":[41,160],"trying":[42],"run":[44,153],"malicious":[45,78,146,194],"software":[46,79,136],"avoid":[48],"detection.":[49],"By":[50],"assuming":[51],"perspective,":[53],"hope":[55],"help":[57],"understand":[59],"defend":[61,214],"against":[62,215,238],"threat":[64,170,240],"posed":[65],"by":[66,135,148,171],"a":[67,74,86,96,102,117,155,231],"new":[68,75,89,169,217],"class":[69],"rootkits.":[71],"We":[72,166,176,219],"evaluate":[73,167],"type":[76,90],"that":[80,159],"gains":[81],"qualitatively":[82],"more":[83],"This":[88],"malware,":[92],"which":[93],"call":[95],"virtual-machine":[97,103],"based":[98,121],"rootkit":[99],"(VMBR),":[100],"installs":[101],"monitor":[104],"underneath":[105],"an":[106],"existing":[107],"hoists":[111],"original":[113],"into":[116],"virtual":[118],"machine.":[119],"Virtual-machine":[120],"rootkits":[122],"are":[123],"hard":[124],"detect":[126,224],"remove":[128],"because":[129],"state":[131],"cannot":[132],"be":[133],"accessed":[134],"running":[137],"in":[138,154],"target":[140,164,187],"Further,":[142],"VMBRs":[143,180,209],"support":[144],"general-purpose":[145],"services":[147,151,195],"allowing":[149],"such":[150],"separate":[156],"protected":[161],"from":[162,206],"implementing":[172],"two":[173],"proof-of-concept":[174,179,208],"VMBRs.":[175],"use":[177,202],"our":[178,207],"subvert":[182],"Windows":[183],"XP":[184],"Linux":[186],"systems,":[188],"implement":[191,230],"four":[192],"example":[193],"using":[196],"VMBR":[198],"platform.":[199],"Last,":[200],"what":[203],"learn":[205],"explore":[211],"ways":[212,222],"threat.":[218],"discuss":[220],"possible":[221],"prevent":[226],"VMBRs,":[227],"defense":[232],"strategy":[233],"suitable":[234],"for":[235],"protecting":[236]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":11},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":16},{"year":2018,"cited_by_count":17},{"year":2017,"cited_by_count":19},{"year":2016,"cited_by_count":27},{"year":2015,"cited_by_count":21},{"year":2014,"cited_by_count":28},{"year":2013,"cited_by_count":36},{"year":2012,"cited_by_count":40}],"updated_date":"2026-02-25T23:00:34.991745","created_date":"2025-10-10T00:00:00"}