{"id":"https://openalex.org/W1972453671","doi":"https://doi.org/10.1145/2523649.2523664","title":"Subverting system authentication with context-aware, reactive virtual machine introspection","display_name":"Subverting system authentication with context-aware, reactive virtual machine introspection","publication_year":2013,"publication_date":"2013-12-09","ids":{"openalex":"https://openalex.org/W1972453671","doi":"https://doi.org/10.1145/2523649.2523664","mag":"1972453671"},"language":"en","primary_location":{"id":"doi:10.1145/2523649.2523664","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2523649.2523664","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059583347","display_name":"Yangchun Fu","orcid":null},"institutions":[{"id":"https://openalex.org/I162577319","display_name":"The University of Texas at Dallas","ror":"https://ror.org/049emcs32","country_code":"US","type":"education","lineage":["https://openalex.org/I162577319"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yangchun Fu","raw_affiliation_strings":["The University of Texas at Dallas, Richardson, TX"],"affiliations":[{"raw_affiliation_string":"The University of Texas at Dallas, Richardson, TX","institution_ids":["https://openalex.org/I162577319"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026864098","display_name":"Zhiqiang Lin","orcid":"https://orcid.org/0000-0001-6527-5994"},"institutions":[{"id":"https://openalex.org/I162577319","display_name":"The University of Texas at Dallas","ror":"https://ror.org/049emcs32","country_code":"US","type":"education","lineage":["https://openalex.org/I162577319"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhiqiang Lin","raw_affiliation_strings":["The University of Texas at Dallas, Richardson, TX"],"affiliations":[{"raw_affiliation_string":"The University of Texas at Dallas, Richardson, TX","institution_ids":["https://openalex.org/I162577319"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5051312448","display_name":"Kevin W. Hamlen","orcid":"https://orcid.org/0000-0003-0479-6280"},"institutions":[{"id":"https://openalex.org/I162577319","display_name":"The University of Texas at Dallas","ror":"https://ror.org/049emcs32","country_code":"US","type":"education","lineage":["https://openalex.org/I162577319"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kevin W. Hamlen","raw_affiliation_strings":["The University of Texas at Dallas, Richardson, TX"],"affiliations":[{"raw_affiliation_string":"The University of Texas at Dallas, Richardson, TX","institution_ids":["https://openalex.org/I162577319"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5059583347"],"corresponding_institution_ids":["https://openalex.org/I162577319"],"apc_list":null,"apc_paid":null,"fwci":0.9647,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.73439031,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"229","last_page":"238"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8286948204040527},{"id":"https://openalex.org/keywords/semantic-gap","display_name":"Semantic gap","score":0.6276952028274536},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.5084375739097595},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4836922287940979},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.47128644585609436},{"id":"https://openalex.org/keywords/bridging","display_name":"Bridging (networking)","score":0.45512861013412476},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4488990306854248},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.43439921736717224},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.4257805645465851},{"id":"https://openalex.org/keywords/keystroke-logging","display_name":"Keystroke logging","score":0.4109993577003479},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.1619499921798706},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.13968926668167114},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.12812849879264832}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8286948204040527},{"id":"https://openalex.org/C86034646","wikidata":"https://www.wikidata.org/wiki/Q474311","display_name":"Semantic gap","level":4,"score":0.6276952028274536},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.5084375739097595},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4836922287940979},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.47128644585609436},{"id":"https://openalex.org/C174348530","wikidata":"https://www.wikidata.org/wiki/Q188635","display_name":"Bridging (networking)","level":2,"score":0.45512861013412476},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4488990306854248},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.43439921736717224},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.4257805645465851},{"id":"https://openalex.org/C161615301","wikidata":"https://www.wikidata.org/wiki/Q309396","display_name":"Keystroke logging","level":2,"score":0.4109993577003479},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.1619499921798706},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.13968926668167114},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.12812849879264832},{"id":"https://openalex.org/C1667742","wikidata":"https://www.wikidata.org/wiki/Q10927554","display_name":"Image retrieval","level":3,"score":0.0},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2523649.2523664","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2523649.2523664","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.637.7090","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.637.7090","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.utdallas.edu/~kxh060100/fu13acsac.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.8299999833106995}],"awards":[{"id":"https://openalex.org/G5517596624","display_name":null,"funder_award_id":"1054629","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W17417926","https://openalex.org/W73598622","https://openalex.org/W161931246","https://openalex.org/W1541663547","https://openalex.org/W1583484179","https://openalex.org/W1641762327","https://openalex.org/W1735165166","https://openalex.org/W1813040609","https://openalex.org/W1829813581","https://openalex.org/W2006267758","https://openalex.org/W2017573886","https://openalex.org/W2043501224","https://openalex.org/W2048997531","https://openalex.org/W2112731379","https://openalex.org/W2117882778","https://openalex.org/W2119982986","https://openalex.org/W2120215974","https://openalex.org/W2126059122","https://openalex.org/W2135162105","https://openalex.org/W2138580357","https://openalex.org/W2140807364","https://openalex.org/W2144006591","https://openalex.org/W2154081981","https://openalex.org/W2155750598","https://openalex.org/W2159265516","https://openalex.org/W2166004296","https://openalex.org/W2167332015","https://openalex.org/W2168468057","https://openalex.org/W2168760272","https://openalex.org/W2170961388","https://openalex.org/W2401156470","https://openalex.org/W2412686421","https://openalex.org/W2504609973","https://openalex.org/W2912060910","https://openalex.org/W2914982603","https://openalex.org/W4206796831","https://openalex.org/W4232895233","https://openalex.org/W4237206111","https://openalex.org/W6606533738"],"related_works":["https://openalex.org/W2320589413","https://openalex.org/W2065920179","https://openalex.org/W2886761711","https://openalex.org/W2889672494","https://openalex.org/W2277743221","https://openalex.org/W2890662459","https://openalex.org/W2278696264","https://openalex.org/W2019731328","https://openalex.org/W3129147562","https://openalex.org/W1903860135"],"abstract_inverted_index":{"Recent":[0],"advances":[1],"in":[2,108],"bridging":[3,64],"the":[4,53,65,68,84,91,96,101],"semantic":[5,66],"gap":[6],"between":[7],"virtual":[8],"machines":[9],"(VMs)":[10],"and":[11,25,31,48,59,133,136,142,148],"their":[12],"guest":[13],"processes":[14],"have":[15],"a":[16,39,122],"dark":[17],"side:":[18],"They":[19],"can":[20,88],"be":[21],"abused":[22],"to":[23,50,72,93],"subvert":[24],"compromise":[26],"VM":[27,42,134],"file":[28],"system":[29],"images":[30],"process":[32],"images.":[33],"To":[34],"demonstrate":[35],"this":[36],"alarming":[37],"capability,":[38],"context-aware,":[40],"reactive":[41],"Introspection":[43],"(VMI)":[44],"instrument":[45],"is":[46,70,118],"presented":[47],"leveraged":[49],"automatically":[51,73],"break":[52],"authentication":[54,79,110,126],"mechanisms":[55],"of":[56,100,125,145],"both":[57,139],"Linux":[58],"Windows":[60],"operating":[61],"systems.":[62],"By":[63],"gap,":[67],"attack":[69],"able":[71],"identify":[74],"critical":[75],"decision":[76],"points":[77],"where":[78],"succeeds":[80],"or":[81,98,114],"fails":[82],"at":[83,104],"binary":[85],"level.":[86],"It":[87],"then":[89],"leverage":[90],"VMI":[92],"transparently":[94],"corrupt":[95],"control-flow":[97],"data-flow":[99],"victim":[102],"OS":[103],"that":[105],"point,":[106],"resulting":[107],"successful":[109],"without":[111],"any":[112],"password-guessing":[113],"encryption-cracking.":[115],"The":[116],"approach":[117],"highly":[119],"flexible":[120],"(threatening":[121],"broad":[123],"class":[124],"implementations),":[127],"practical":[128],"(realizable":[129],"against":[130],"real-world":[131],"OSes":[132],"images),":[135],"useful":[137],"for":[138],"malicious":[140],"attacks":[141],"forensics":[143],"analysis":[144],"virtualized":[146],"systems":[147],"software.":[149]},"counts_by_year":[{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":2}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}