{"id":"https://openalex.org/W2774602685","doi":"https://doi.org/10.1145/3134600.3134622","title":"Co-processor-based Behavior Monitoring","display_name":"Co-processor-based Behavior Monitoring","publication_year":2017,"publication_date":"2017-12-04","ids":{"openalex":"https://openalex.org/W2774602685","doi":"https://doi.org/10.1145/3134600.3134622","mag":"2774602685"},"language":"en","primary_location":{"id":"doi:10.1145/3134600.3134622","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3134600.3134622","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1803.02700","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051495407","display_name":"Ronny Chevalier","orcid":"https://orcid.org/0000-0002-7479-4988"},"institutions":[{"id":"https://openalex.org/I1324840837","display_name":"Hewlett-Packard (United States)","ror":"https://ror.org/059rn9488","country_code":"US","type":"company","lineage":["https://openalex.org/I1324840837"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ronny Chevalier","raw_affiliation_strings":["HP Labs"],"affiliations":[{"raw_affiliation_string":"HP Labs","institution_ids":["https://openalex.org/I1324840837"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056367729","display_name":"Maugan Villatel","orcid":null},"institutions":[{"id":"https://openalex.org/I1324840837","display_name":"Hewlett-Packard (United States)","ror":"https://ror.org/059rn9488","country_code":"US","type":"company","lineage":["https://openalex.org/I1324840837"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Maugan Villatel","raw_affiliation_strings":["HP Labs"],"affiliations":[{"raw_affiliation_string":"HP Labs","institution_ids":["https://openalex.org/I1324840837"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078241470","display_name":"David Plaquin","orcid":null},"institutions":[{"id":"https://openalex.org/I1324840837","display_name":"Hewlett-Packard (United States)","ror":"https://ror.org/059rn9488","country_code":"US","type":"company","lineage":["https://openalex.org/I1324840837"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David Plaquin","raw_affiliation_strings":["HP Labs"],"affiliations":[{"raw_affiliation_string":"HP Labs","institution_ids":["https://openalex.org/I1324840837"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026667916","display_name":"Guillaume Hiet","orcid":"https://orcid.org/0000-0002-7176-9760"},"institutions":[{"id":"https://openalex.org/I4210107720","display_name":"CentraleSup\u00e9lec","ror":"https://ror.org/019tcpt25","country_code":"FR","type":"facility","lineage":["https://openalex.org/I277688954","https://openalex.org/I4210107720"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Guillaume Hiet","raw_affiliation_strings":["CentraleSup\u00e9lec"],"affiliations":[{"raw_affiliation_string":"CentraleSup\u00e9lec","institution_ids":["https://openalex.org/I4210107720"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5051495407"],"corresponding_institution_ids":["https://openalex.org/I1324840837"],"apc_list":null,"apc_paid":null,"fwci":1.0373,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.83806644,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"399","last_page":"411"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9886000156402588,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8342837691307068},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.7533438205718994},{"id":"https://openalex.org/keywords/x86","display_name":"x86","score":0.7195454835891724},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.5560283660888672},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5410195589065552},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5228676795959473},{"id":"https://openalex.org/keywords/arm-architecture","display_name":"ARM architecture","score":0.47314512729644775},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.434776246547699},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.42398643493652344},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4153573215007782},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.40130144357681274},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11523240804672241},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.09448283910751343}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8342837691307068},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.7533438205718994},{"id":"https://openalex.org/C170723468","wikidata":"https://www.wikidata.org/wiki/Q182933","display_name":"x86","level":3,"score":0.7195454835891724},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.5560283660888672},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5410195589065552},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5228676795959473},{"id":"https://openalex.org/C26771161","wikidata":"https://www.wikidata.org/wiki/Q16980","display_name":"ARM architecture","level":2,"score":0.47314512729644775},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.434776246547699},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.42398643493652344},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4153573215007782},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.40130144357681274},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11523240804672241},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.09448283910751343},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3134600.3134622","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3134600.3134622","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1803.02700","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1803.02700","pdf_url":"https://arxiv.org/pdf/1803.02700","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:HAL:hal-01634566v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-01634566","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://www.acsac.org/","raw_type":"Conference papers"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1803.02700","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1803.02700","pdf_url":"https://arxiv.org/pdf/1803.02700","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7799999713897705}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W94181602","https://openalex.org/W161166442","https://openalex.org/W1429241971","https://openalex.org/W1522250664","https://openalex.org/W1598700299","https://openalex.org/W1631846088","https://openalex.org/W1816718056","https://openalex.org/W1823377586","https://openalex.org/W1877037860","https://openalex.org/W1969501726","https://openalex.org/W1992891694","https://openalex.org/W1993736952","https://openalex.org/W1996931407","https://openalex.org/W2004456327","https://openalex.org/W2013892605","https://openalex.org/W2019776007","https://openalex.org/W2030660170","https://openalex.org/W2048229966","https://openalex.org/W2054840305","https://openalex.org/W2072102701","https://openalex.org/W2088272026","https://openalex.org/W2089448621","https://openalex.org/W2101889913","https://openalex.org/W2109219878","https://openalex.org/W2129355354","https://openalex.org/W2133592286","https://openalex.org/W2140697712","https://openalex.org/W2144642151","https://openalex.org/W2147657366","https://openalex.org/W2151849720","https://openalex.org/W2153185479","https://openalex.org/W2156182786","https://openalex.org/W2165779143","https://openalex.org/W2171929398","https://openalex.org/W2258876169","https://openalex.org/W2294454994","https://openalex.org/W2405102949","https://openalex.org/W2560221416","https://openalex.org/W2626912599","https://openalex.org/W3023860284","https://openalex.org/W6739611706"],"related_works":["https://openalex.org/W2369102298","https://openalex.org/W2021362805","https://openalex.org/W3175617817","https://openalex.org/W2090939166","https://openalex.org/W2544369712","https://openalex.org/W2121788702","https://openalex.org/W2278496197","https://openalex.org/W2356741398","https://openalex.org/W2008450998","https://openalex.org/W2357231070"],"abstract_inverted_index":{"Highly":[0],"privileged":[1,114],"software,":[2],"such":[3,26,40],"as":[4],"firmware,":[5],"is":[6],"an":[7,31,44,52,169,174],"attractive":[8],"target":[9],"for":[10],"attackers.":[11],"Thus,":[12],"BIOS":[13],"vendors":[14],"use":[15],"cryptographic":[16],"signatures":[17],"to":[18,64,70,76,103,158],"ensure":[19],"firmware":[20,119,145],"integrity":[21],"at":[22,36,121],"boot":[23],"time.":[24],"Nevertheless,":[25],"protection":[27],"does":[28,84],"not":[29,85],"prevent":[30],"attacker":[32],"from":[33,187],"exploiting":[34],"vulnerabilities":[35],"runtime.":[37,122],"To":[38],"detect":[39,104,159],"attacks,":[41],"we":[42],"propose":[43],"event-based":[45],"behavior":[46,69,93,126],"monitoring":[47],"approach":[48,83,102,157],"that":[49,182],"relies":[50],"on":[51,60,87,95],"isolated":[53],"co-processor.":[54,178],"We":[55,99,123,141,151],"instrument":[56,142],"the":[57,61,71,78,92,107,125,153,188,191,206,209,214],"code":[58,120],"executed":[59],"main":[62],"CPU":[63,136],"send":[65],"information":[66,74],"about":[67],"its":[68,132,163],"monitor.":[72],"This":[73],"helps":[75],"resolve":[77],"semantic":[79],"gap":[80],"issue.":[81],"Our":[82],"depend":[86],"a":[88,96,112],"specific":[89,97],"model":[90,124],"of":[91,127,131,155,190,202,208],"nor":[94],"target.":[98],"apply":[100],"this":[101],"attacks":[105,161],"targeting":[106],"System":[108],"Management":[109],"Mode":[110],"(SMM),":[111],"highly":[113],"x86":[115,170],"execution":[116,165],"mode":[117],"executing":[118],"SMM":[128,210],"using":[129],"invariants":[130],"control-flow":[133],"and":[134,139,149,162],"relevant":[135],"registers":[137],"(CR3":[138],"SMBASE).":[140],"two":[143],"open-source":[144],"implementations:":[146],"EDK":[147],"II":[148],"coreboot.":[150],"evaluate":[152],"ability":[154],"our":[156,183],"state-of-the-art":[160],"runtime":[164],"overhead":[166,204],"by":[167,219],"simulating":[168],"system":[171],"coupled":[172],"with":[173],"ARM":[175],"Cortex":[176],"A5":[177],"The":[179],"results":[180],"show":[181],"solution":[184],"detects":[185],"intrusions":[186],"state":[189],"art,":[192],"without":[193],"any":[194],"false":[195],"positives,":[196],"while":[197],"remaining":[198],"acceptable":[199],"in":[200,205],"terms":[201],"performance":[203],"context":[207],"(i.e.,":[211],"less":[212],"than":[213],"150":[215],"$\\mu$s":[216],"threshold":[217],"defined":[218],"Intel).":[220]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2017-12-22T00:00:00"}