Compiler Collection. https://gcc.gnu.org/. [Online; accessed 31, 2017. ,
https://www.google.com/gmail/. [Online; accessed 31, 2017. ,
https://appengine.google.com/. [Online; accessed 31, 2017. ,
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki [Online; accessed 31, 2017. ,
https://www.hex-rays.com/products, 2017. ,
http://lxr.free-electrons.com/. [Online; accessed 31, 2017. ,
https://msdn.microsoft.com/fr-fr/library/mt169373 [Online; accessed 31, 2017. ,
https://www.visualstudio.com/. [Online; accessed 31, 2017. ,
http://www.vmware.com/fr/products/esxi-and-esx.html. [Online; accessed 31, 2017. ,
A comparison of software and hardware techniques for x86 virtualization, ACM SIGOPS Operating Systems Review, vol.40, issue.5, pp.2-13, 2006. ,
DOI : 10.1145/1168917.1168860
Efficient Checkpointing of Virtual Machines Using Virtual Machine Introspection, 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp.414-423, 2014. ,
DOI : 10.1109/CCGrid.2014.72
Robust Fingerprinting for Relocatable Code, Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY '15, pp.219-229, 2015. ,
DOI : 10.1007/978-3-642-15506-2_15
An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries, USENIX Security Symposium, 2016. ,
Compiler-Agnostic Function Detection in Binaries, 2017 IEEE European Symposium on Security and Privacy (EuroS&P) ,
DOI : 10.1109/EuroSP.2017.11
DKSM: Subverting Virtual Machine Introspection for Fun and Profit, 2010 29th IEEE Symposium on Reliable Distributed Systems, pp.82-91, 2010. ,
DOI : 10.1109/SRDS.2010.39
URL : http://www.csc.ncsu.edu/faculty/jiang/pubs/SRDS10.pdf
Byteweight: Learning to recognize functions in binary code, 23rd USENIX Security Symposium (USENIX Security 14), pp.845-860, 2014. ,
Xen and the art of virtualization, ACM SIGOPS Operating Systems Review, vol.37, issue.5, pp.164-177, 2003. ,
DOI : 10.1145/1165389.945462
A Survey on Hypervisor-Based Monitoring, ACM Computing Surveys, vol.48, issue.1, p.10, 2015. ,
DOI : 10.1109/SP.2012.16
QEMU, a Fast and Portable Dynamic Translator, Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC '05, pp.41-41, 2005. ,
Maitland: Lighter-Weight VM Introspection to Support Cyber-security in the Cloud, 2012 IEEE Fifth International Conference on Cloud Computing, pp.471-478, 2012. ,
DOI : 10.1109/CLOUD.2012.145
Incremental call-path profiling, Concurrency and Computation: Practice and Experience, vol.19, issue.11, pp.1533-1547, 2007. ,
Anywhere, any-time binary instrumentation, Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools, pp.9-16, 2011. ,
Hot-hardening, Proceedings of the 30th Annual Computer Security Applications Conference on, ACSAC '14, pp.6-15, 2014. ,
DOI : 10.1109/COMPSAC.2005.51
BAP: A Binary Analysis Platform, International Conference on Computer Aided Verification, pp.463-469, 2011. ,
DOI : 10.1007/978-3-642-14295-6_27
URL : http://users.ece.cmu.edu/~ejschwar/papers/cav11.pdf
Bringing Virtualization to the x86 Architecture with the Original VMware Workstation, ACM Transactions on Computer Systems, vol.30, issue.4, p.12, 2012. ,
DOI : 10.1145/2382553.2382554
URL : http://www.cs.columbia.edu/~cdall/candidacy/pdf/Bugnion2012.pdf
KairosVM: Deterministic introspection for real-time virtual machine hierarchical scheduling, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA), pp.1-8, 2014. ,
DOI : 10.1109/ETFA.2014.7005061
Binary code extraction and interface identification for security applications, 2009. ,
DOI : 10.21236/ADA538737
URL : http://www.dtic.mil/dtic/tr/fulltext/u2/a538737.pdf
Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection, Research in Attacks, Intrusions, and Defenses, pp.22-41, 2012. ,
DOI : 10.1007/978-3-642-33338-5_2
When virtual is better than real [operating system relocation to virtual machines], Proceedings Eighth Workshop on Hot Topics in Operating Systems, pp.133-138, 2001. ,
DOI : 10.1109/HOTOS.2001.990073
StackArmor: Comprehensive Protection from Stack-based Memory Error Vulnerabilities for Binaries, Proceedings 2015 Network and Distributed System Security Symposium, 2015. ,
DOI : 10.14722/ndss.2015.23248
Investigating the Hooking Behavior: A Page-Level Memory Monitoring Method for Live Forensics, Lecture Notes in Computer Science, vol.8783, pp.255-272, 2014. ,
DOI : 10.1007/978-3-319-13257-0_15
Introspection-based memory de-duplication and migration, ACM SIGPLAN Notices, vol.48, issue.7, pp.51-62, 2013. ,
DOI : 10.1145/2517326.2451525
Cloud security is not (just) virtualization security, Proceedings of the 2009 ACM workshop on Cloud computing security, CCSW '09, pp.97-102, 2009. ,
DOI : 10.1145/1655008.1655022
URL : http://www.cse.psu.edu/~mcdaniel/cse598i-s10/docs/p97-christodorescu.pdf
Decompilation of binary programs. Software: Practice and Experience, pp.811-829, 1995. ,
DOI : 10.1002/spe.4380250706
URL : http://www.cs.ubc.ca/local/reading/proceedings/spe91-95/spe/./vol25/issue7/spe966cc.pdf
Live migration of virtual machines, Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation, pp.273-286, 2005. ,
Intel 64 and IA-32 Architectures Software Developer's Manuals ,
Profiling and Tracing Dynamic Library Usage via Interposition, Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer, pp.18-18, 1994. ,
Towards a taxonomy of intrusion-detection systems, Computer Networks, vol.31, issue.8, pp.31805-822, 1999. ,
DOI : 10.1016/S1389-1286(98)00017-6
NG: a unified binary analysis framework to recover CFGs and function boundaries, Proceedings of the 26th International Conference on Compiler Construction, pp.131-141, 2017. ,
Ether, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.51-62, 2008. ,
DOI : 10.1145/1455770.1455779
Tappan Zee (north) bridge, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.839-850, 2013. ,
DOI : 10.1145/2508859.2516697
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection, 2011 IEEE Symposium on Security and Privacy, 2011. ,
DOI : 10.1109/SP.2011.11
URL : http://www-static.cc.gatech.edu/%7Egiffin/papers/oakland11/DLZ%2B11.pdf
discovre: Efficient crossarchitecture identification of bugs in binary code, Proceedings of the 23th Symposium on Network and Distributed System Security (NDSS), 2016. ,
ORIGEN, Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS '16, pp.11-22, 2016. ,
DOI : 10.1145/2509136.2509509
Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection, 2012 IEEE Symposium on Security and Privacy, pp.586-600, 2012. ,
DOI : 10.1109/SP.2012.40
URL : http://doi.org/10.1109/sp.2012.40
EXTERIOR: Using a dual-VM Based External Shell for guest- OS Introspection, Configuration, and Recovery, Proceedings of the 9th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '13, pp.97-110, 2013. ,
Subverting system authentication with contextaware , reactive virtual machine introspection, Proceedings of the 29th Annual Computer Security Applications Conference, pp.229-238, 2013. ,
DOI : 10.1145/2523649.2523664
URL : http://www.utdallas.edu/~kxh060100/fu13acsac.pdf
HyperShell: A Practical Hypervisor Layer Guest OS Shell for Automated In-VM Management, Proceedings of the 2014 USENIX Annual Technical Conference, 2014. ,
A Virtual Machine Introspection Based Architecture for Intrusion Detection, Proc. Network and Distributed Systems Security Symposium, pp.191-206, 2003. ,
OS-Sommelier, Proceedings of the Third ACM Symposium on Cloud Computing, SoCC '12, pp.1-5, 2012. ,
DOI : 10.1145/2391229.2391234
Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics, Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, CODASPY '16, 2016. ,
DOI : 10.1007/978-3-319-26362-5_25
Process Implanting: A New Active Introspection Framework for Virtualization, 2011 IEEE 30th International Symposium on Reliable Distributed Systems, pp.147-156, 2011. ,
DOI : 10.1109/SRDS.2011.26
URL : http://www.cs.ncsu.edu/faculty/jiang/pubs/SRDS11.pdf
Virtual Machine Introspection: Techniques and Applications, 2015 10th International Conference on Availability, Reliability and Security, pp.676-685, 2015. ,
DOI : 10.1109/ARES.2015.43
URL : https://hal.archives-ouvertes.fr/hal-01165285
Understanding full virtualization, paravirtualization and hardware assist. White paper, 2007. ,
SoK: Introspections on Trust and the Semantic Gap, 2014 IEEE Symposium on Security and Privacy, pp.605-620, 2014. ,
DOI : 10.1109/SP.2014.45
URL : http://www.cs.stonybrook.edu/~porter/pubs/sok14.pdf
Stealthy Malware Detection Through Vmm-based "Out-of-the-box" Semantic View Reconstruction, Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pp.128-138, 2007. ,
Virt-inspector-display operating system version and other information about a virtual machine ,
Antfarm: Tracking Processes in a Virtual Machine Environment, Proceedings of the Annual Conference on USE- NIX '06 Annual Technical Conference, ATEC '06, pp.1-1, 2006. ,
VMM-based Hidden Process Detection and Identification Using Lycosid, Proceedings of the Fourth ACM SIG- PLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '08, pp.91-100, 2008. ,
Detecting Past and Present Intrusions Through Vulnerability-specific Predicates, Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, SOSP '05, pp.91-104, 2005. ,
DOI : 10.1145/1095809.1095820
Code validation for modern OS kernels, Workshop on Malware Memory Forensics (MMF), 2014. ,
KVM: the Linux Virtual Machine Monitor, Proceedings of the Linux Symposium, pp.225-230, 2007. ,
Kernel korner: kprobes-a kernel debugger, Linux Journal, issue.133, p.11, 2005. ,
Pebil: Efficient static binary instrumentation for linux, Performance Analysis of Systems & Software (ISPASS), 2010 IEEE International Symposium on, pp.175-183, 2010. ,
Scalability, fidelity and stealth in the drakvuf dynamic malware analysis system, Proceedings of the 30th Annual Computer Security Applications Conference, pp.386-395, 2014. ,
A survey on tools for binary code analysis, 2004. ,
Intrusion detection system: A comprehensive review, Journal of Network and Computer Applications, vol.36, issue.1, pp.16-24, 2013. ,
DOI : 10.1016/j.jnca.2012.09.004
Obfuscation of executable code to improve resistance to static disassembly, Proceedings of the 10th ACM conference on Computer and communication security , CCS '03, pp.290-299, 2003. ,
DOI : 10.1145/948109.948149
URL : http://www.cs.arizona.edu/~debray/Publications/disasm-resist.ps
Hypervisor Support for Identifying Covertly Executing Binaries, USENIX Security Symposium, pp.243-258, 2008. ,
Manitou, Proceedings of the 1st workshop on Architectural and system support for improving software dependability , ASID '06, pp.6-11, 2006. ,
DOI : 10.1145/1181309.1181311
U-HIPE: hypervisor-based protection of user-mode processes in windows, Journal of Computer Virology and Hacking Techniques, vol.12, issue.1, pp.23-36, 2016. ,
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, Insecure, 2009. ,
The NIST definition of cloud computing, 2011. ,
DOI : 10.6028/NIST.SP.800-145
Binary code is not easy, Proceedings of the 25th International Symposium on Software Testing and Analysis, ISSTA 2016 ,
DOI : 10.1109/CSAC.2004.17
URL : http://dl.acm.org/ft_gateway.cfm?id=2931047&type=pdf
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, 2005. ,
Vulnerability-specific execution filtering for exploit prevention on commodity software, 2006. ,
Fast and space-efficient virtual machine checkpointing, ACM SIGPLAN Notices, vol.46, issue.7, pp.75-86, 2011. ,
DOI : 10.1145/2007477.1952694
Simplifying virtual machine introspection using libVMI, Sandia Report, 2012. ,
Lares: An architecture for secure active monitoring using virtualization, Security and Privacy, pp.233-247, 2008. ,
Secure and flexible monitoring of virtual machines, Computer Security Applications Conference ACSAC 2007. Twenty-Third Annual, pp.385-397, 2007. ,
Crossarchitecture bug search in binary executables, Security and Privacy (SP), 2015 IEEE Symposium on, pp.709-724, 2015. ,
DOI : 10.1515/itit-2016-0040
URL : http://www.degruyter.com/downloadpdf/j/itit.2017.59.issue-2/itit-2016-0040/itit-2016-0040.xml
A formal model for virtual machine introspection, Proceedings of the 1st ACM workshop on Virtual machine security, VMSec '09, pp.1-10, 2009. ,
DOI : 10.1145/1655148.1655150
URL : http://www.sec.in.tum.de/assets/staff/pfoh/PfohSchneider2009a.pdf
Nitro: Hardware-Based System Call Tracing for Virtual Machines, Advances in Information and Computer Security, pp.96-112, 2011. ,
DOI : 10.1109/SP.2008.24
URL : http://www.sec.in.tum.de/assets/staff/pfoh/PfohSchneider2011a.pdf
Reliability and Security Monitoring of Virtual Machines Using Hardware Architectural Invariants, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp.13-24, 2014. ,
DOI : 10.1109/DSN.2014.19
Formal requirements for virtualizable third generation architectures, Communications of the ACM, vol.17, issue.7, pp.412-421, 1974. ,
Operating system fingerprinting for virtual machines, Proc. DEFCON, 2010. ,
Kernel malware analysis with untampered and temporal views of dynamic kernel memory, Recent Advances in Intrusion Detection, pp.178-197, 2010. ,
DOI : 10.1007/978-3-642-15512-3_10
URL : http://www.cs.purdue.edu/homes/dxu/pubs/RAID10.pdf
Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing, Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, RAID '08, pp.1-20, 2008. ,
DOI : 10.1007/978-3-540-87403-4_1
URL : http://www.cs.purdue.edu/homes/dxu/pubs/RAID08.pdf
The Reincarnation of Virtual Machines, Queue, vol.2, issue.5, p.34, 2004. ,
DOI : 10.1145/1016998.1017000
URL : http://dl.acm.org/ft_gateway.cfm?id=1017000&type=pdf
Learning to Analyze Binary Computer Code, AAAI, pp.798-804, 2008. ,
Windows internals, 2012. ,
HYBRID-BRIDGE: Efficiently Bridging the Semantic Gap in Virtual Memory Introspection via Decoupled Execution and Training Memoization, Proceedings 2014 Network and Distributed System Security Symposium, 2014. ,
DOI : 10.14722/ndss.2014.23226
Disassembly of executable code revisited, Ninth Working Conference on Reverse Engineering, 2002. Proceedings., pp.45-54, 2002. ,
DOI : 10.1109/WCRE.2002.1173063
URL : http://www.cs.arizona.edu/people/debray/papers/disasm.ps
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes, Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, SOSP '07, pp.335-350, 2007. ,
On the effectiveness of address-space randomization, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, pp.298-307, 2004. ,
DOI : 10.1145/1030083.1030124
URL : http://www.cs.dartmouth.edu/~nihal/security/p298-shacham.pdf
Secure in-VM Monitoring Using Hardware Virtualization, Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pp.477-487, 2009. ,
Recognizing functions in binaries with neural networks, 24th USENIX Security Symposium (USENIX Security 15), pp.611-626, 2015. ,
Guide to intrusion detection and prevention systems ,
DOI : 10.6028/NIST.SP.800-94
Process out-grafting, Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pp.363-374, 2011. ,
DOI : 10.1145/2046707.2046751
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections, Recent Advances in Intrusion Detection, pp.39-58, 2008. ,
DOI : 10.1007/978-3-540-87403-4_3
URL : http://www-static.cc.gatech.edu/~giffin/papers/raid08/SG08.pdf
Exploring VM Introspection: Techniques and Trade-offs, Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp.133-146, 2015. ,
DOI : 10.1145/2817817.2731196
Introduction to Algorithms, 2002. ,
Integrating Offline Analysis and Online Protection to Defeat Buffer Overflow Attacks, Information Security, pp.409-415, 2011. ,
DOI : 10.1109/ARES.2009.126
SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification, Computer Security-ESORICS 2014, pp.237-256, 2014. ,
DOI : 10.1007/978-3-319-11212-1_14
URL : http://www.utdallas.edu/%7Ezxl111930/file/ESORICS14.pdf
Practical Context-Sensitive CFI, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pp.927-940, 2015. ,
DOI : 10.1145/2576195.2576208
Memory resource management in VMware ESX server, ACM SIGOPS Operating Systems Review, vol.36, issue.SI, pp.181-194, 2002. ,
Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring, WOOT, 2015. ,
Countering kernel rootkits with lightweight hook protection, Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pp.545-554, 2009. ,
DOI : 10.1145/1653662.1653728
URL : http://discovery.csc.ncsu.edu/~pning/pubs/ccs09-HookSafe.pdf
System Call Redirection: A Practical Approach to Meeting Real-World Virtual Machine Introspection Needs, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp.574-585, 2014. ,
DOI : 10.1109/DSN.2014.59
Automatic Uncovering of Tap Points from Kernel Executions, International Symposium on Research in Attacks, Intrusions, and Defenses, pp.49-70, 2016. ,
DOI : 10.1007/978-3-319-26362-5_25
Towards Automatic Inference of Kernel Object Semantics from Binary Code, Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'15), 2015. ,
DOI : 10.1007/978-3-319-26362-5_25
Practical control flow integrity and randomization for binary executables, Security and Privacy (SP), 2013 IEEE Symposium on, pp.559-573, 2013. ,
vPatcher: VMI-Based Transparent Data Patching to Secure Software in the Cloud, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, pp.943-948, 2014. ,
DOI : 10.1109/TrustCom.2014.125
RootkitDet: Practical End-to-End Defense against Kernel Rootkits in a Cloud Environment, Computer Security-ESORICS 2014, pp.475-493, 2014. ,
DOI : 10.1007/978-3-319-11212-1_27