G. and T. Gnu, Compiler Collection. https://gcc.gnu.org/. [Online; accessed 31, 2017.

. Gmail-google, https://www.google.com/gmail/. [Online; accessed 31, 2017.

. Google-app-engine, https://appengine.google.com/. [Online; accessed 31, 2017.

. Ibm-smartcloud-application, https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki [Online; accessed 31, 2017.

I. Pro and D. , https://www.hex-rays.com/products, 2017.

. Linux-cross-reference, http://lxr.free-electrons.com/. [Online; accessed 31, 2017.

M. Hyper and -. , https://msdn.microsoft.com/fr-fr/library/mt169373 [Online; accessed 31, 2017.

M. Visual and S. , https://www.visualstudio.com/. [Online; accessed 31, 2017.

V. Esxi, http://www.vmware.com/fr/products/esxi-and-esx.html. [Online; accessed 31, 2017.

K. Adams and O. Agesen, A comparison of software and hardware techniques for x86 virtualization, ACM SIGOPS Operating Systems Review, vol.40, issue.5, pp.2-13, 2006.
DOI : 10.1145/1168917.1168860

F. Aderholdt, F. Han, L. Stephen, T. Scott, and . Naughton, Efficient Checkpointing of Virtual Machines Using Virtual Machine Introspection, 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp.414-423, 2014.
DOI : 10.1109/CCGrid.2014.72

I. Ahmed, V. Roussev, and A. A. Gombe, Robust Fingerprinting for Relocatable Code, Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY '15, pp.219-229, 2015.
DOI : 10.1007/978-3-642-15506-2_15

D. Andriesse, X. Chen, A. Victor-van-der-veen, H. Slowinska, and . Bos, An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries, USENIX Security Symposium, 2016.

D. Andriesse, A. Slowinska, and H. Bos, Compiler-Agnostic Function Detection in Binaries, 2017 IEEE European Symposium on Security and Privacy (EuroS&P)
DOI : 10.1109/EuroSP.2017.11

S. Bahram, X. Jiang, Z. Wang, M. Grace, J. Li et al., DKSM: Subverting Virtual Machine Introspection for Fun and Profit, 2010 29th IEEE Symposium on Reliable Distributed Systems, pp.82-91, 2010.
DOI : 10.1109/SRDS.2010.39

URL : http://www.csc.ncsu.edu/faculty/jiang/pubs/SRDS10.pdf

T. Bao, J. Burket, M. Woo, R. Turner, and D. Brumley, Byteweight: Learning to recognize functions in binary code, 23rd USENIX Security Symposium (USENIX Security 14), pp.845-860, 2014.

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris et al., Xen and the art of virtualization, ACM SIGOPS Operating Systems Review, vol.37, issue.5, pp.164-177, 2003.
DOI : 10.1145/1165389.945462

E. Bauman, G. Ayoade, and Z. Lin, A Survey on Hypervisor-Based Monitoring, ACM Computing Surveys, vol.48, issue.1, p.10, 2015.
DOI : 10.1109/SP.2012.16

F. Bellard, QEMU, a Fast and Portable Dynamic Translator, Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC '05, pp.41-41, 2005.

C. Benninger, W. Stephen, Y. Neville, C. Onat-yazir, Y. Matthews et al., Maitland: Lighter-Weight VM Introspection to Support Cyber-security in the Cloud, 2012 IEEE Fifth International Conference on Cloud Computing, pp.471-478, 2012.
DOI : 10.1109/CLOUD.2012.145

R. Andrew, . Bernat, P. Barton, and . Miller, Incremental call-path profiling, Concurrency and Computation: Practice and Experience, vol.19, issue.11, pp.1533-1547, 2007.

R. Andrew, . Bernat, P. Barton, and . Miller, Anywhere, any-time binary instrumentation, Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools, pp.9-16, 2011.

S. Biedermann, S. Katzenbeisser, and J. Szefer, Hot-hardening, Proceedings of the 30th Annual Computer Security Applications Conference on, ACSAC '14, pp.6-15, 2014.
DOI : 10.1109/COMPSAC.2005.51

D. Brumley, I. Jager, T. Avgerinos, J. Edward, and . Schwartz, BAP: A Binary Analysis Platform, International Conference on Computer Aided Verification, pp.463-469, 2011.
DOI : 10.1007/978-3-642-14295-6_27

URL : http://users.ece.cmu.edu/~ejschwar/papers/cav11.pdf

E. Bugnion, S. Devine, M. Rosenblum, J. Sugerman, Y. Edward et al., Bringing Virtualization to the x86 Architecture with the Original VMware Workstation, ACM Transactions on Computer Systems, vol.30, issue.4, p.12, 2012.
DOI : 10.1145/2382553.2382554

URL : http://www.cs.columbia.edu/~cdall/candidacy/pdf/Bugnion2012.pdf

K. Burns, A. Barbalace, V. Legout, and B. Ravindran, KairosVM: Deterministic introspection for real-time virtual machine hierarchical scheduling, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA), pp.1-8, 2014.
DOI : 10.1109/ETFA.2014.7005061

J. Caballero, M. Noah, S. Johnson, D. Mccamant, and . Song, Binary code extraction and interface identification for security applications, 2009.
DOI : 10.21236/ADA538737

URL : http://www.dtic.mil/dtic/tr/fulltext/u2/a538737.pdf

M. Carbone, M. Conover, B. Montague, and W. Lee, Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection, Research in Attacks, Intrusions, and Defenses, pp.22-41, 2012.
DOI : 10.1007/978-3-642-33338-5_2

P. M. Chen and B. D. Noble, When virtual is better than real [operating system relocation to virtual machines], Proceedings Eighth Workshop on Hot Topics in Operating Systems, pp.133-138, 2001.
DOI : 10.1109/HOTOS.2001.990073

X. Chen, A. Slowinska, D. Andriesse, H. Bos, and C. Giuffrida, StackArmor: Comprehensive Protection from Stack-based Memory Error Vulnerabilities for Binaries, Proceedings 2015 Network and Distributed System Security Symposium, 2015.
DOI : 10.14722/ndss.2015.23248

Y. Cheng, X. Fu, B. Luo, R. Yang, and H. Ruan, Investigating the Hooking Behavior: A Page-Level Memory Monitoring Method for Live Forensics, Lecture Notes in Computer Science, vol.8783, pp.255-272, 2014.
DOI : 10.1007/978-3-319-13257-0_15

J. Chiang, H. Li, and T. Chiueh, Introspection-based memory de-duplication and migration, ACM SIGPLAN Notices, vol.48, issue.7, pp.51-62, 2013.
DOI : 10.1145/2517326.2451525

M. Christodorescu, R. Sailer, D. L. Schales, D. Sgandurra, and D. Zamboni, Cloud security is not (just) virtualization security, Proceedings of the 2009 ACM workshop on Cloud computing security, CCSW '09, pp.97-102, 2009.
DOI : 10.1145/1655008.1655022

URL : http://www.cse.psu.edu/~mcdaniel/cse598i-s10/docs/p97-christodorescu.pdf

C. Cifuentes and K. Gough, Decompilation of binary programs. Software: Practice and Experience, pp.811-829, 1995.
DOI : 10.1002/spe.4380250706

URL : http://www.cs.ubc.ca/local/reading/proceedings/spe91-95/spe/./vol25/issue7/spe966cc.pdf

C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul et al., Live migration of virtual machines, Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation, pp.273-286, 2005.

I. Corp, Intel 64 and IA-32 Architectures Software Developer's Manuals

T. W. Curry, Profiling and Tracing Dynamic Library Usage via Interposition, Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer, pp.18-18, 1994.

H. Debar, M. Dacier, and A. Wespi, Towards a taxonomy of intrusion-detection systems, Computer Networks, vol.31, issue.8, pp.31805-822, 1999.
DOI : 10.1016/S1389-1286(98)00017-6

A. D. Federico, M. Payer, G. Agosta, and . Rev, NG: a unified binary analysis framework to recover CFGs and function boundaries, Proceedings of the 26th International Conference on Compiler Construction, pp.131-141, 2017.

A. Dinaburg, P. Royal, M. Sharif, and W. Lee, Ether, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.51-62, 2008.
DOI : 10.1145/1455770.1455779

B. Dolan-gavitt, T. Leek, J. Hodosh, and W. Lee, Tappan Zee (north) bridge, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.839-850, 2013.
DOI : 10.1145/2508859.2516697

B. Dolan-gavitt, T. Leek, M. Zhivich, J. Giffin, and W. Lee, Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection, 2011 IEEE Symposium on Security and Privacy, 2011.
DOI : 10.1109/SP.2011.11

URL : http://www-static.cc.gatech.edu/%7Egiffin/papers/oakland11/DLZ%2B11.pdf

S. Eschweiler, K. Yakdan, and E. Gerhards-padilla, discovre: Efficient crossarchitecture identification of bugs in binary code, Proceedings of the 23th Symposium on Network and Distributed System Security (NDSS), 2016.

Q. Feng, A. Prakash, M. Wang, C. Carmony, and H. Yin, ORIGEN, Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS '16, pp.11-22, 2016.
DOI : 10.1145/2509136.2509509

Y. Fu and Z. Lin, Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection, 2012 IEEE Symposium on Security and Privacy, pp.586-600, 2012.
DOI : 10.1109/SP.2012.40

URL : http://doi.org/10.1109/sp.2012.40

Y. Fu and Z. Lin, EXTERIOR: Using a dual-VM Based External Shell for guest- OS Introspection, Configuration, and Recovery, Proceedings of the 9th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '13, pp.97-110, 2013.

Y. Fu, Z. Lin, and K. W. Hamlen, Subverting system authentication with contextaware , reactive virtual machine introspection, Proceedings of the 29th Annual Computer Security Applications Conference, pp.229-238, 2013.
DOI : 10.1145/2523649.2523664

URL : http://www.utdallas.edu/~kxh060100/fu13acsac.pdf

Y. Fu, J. Zeng, and Z. Lin, HyperShell: A Practical Hypervisor Layer Guest OS Shell for Automated In-VM Management, Proceedings of the 2014 USENIX Annual Technical Conference, 2014.

T. Garfinkel and M. Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection, Proc. Network and Distributed Systems Security Symposium, pp.191-206, 2003.

Y. Gu, Y. Fu, A. Prakash, Z. Lin, and H. Yin, OS-Sommelier, Proceedings of the Third ACM Symposium on Cloud Computing, SoCC '12, pp.1-5, 2012.
DOI : 10.1145/2391229.2391234

Y. Gu and Z. Lin, Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics, Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, CODASPY '16, 2016.
DOI : 10.1007/978-3-319-26362-5_25

Z. Gu, Z. Deng, D. Xu, and X. Jiang, Process Implanting: A New Active Introspection Framework for Virtualization, 2011 IEEE 30th International Symposium on Reliable Distributed Systems, pp.147-156, 2011.
DOI : 10.1109/SRDS.2011.26

URL : http://www.cs.ncsu.edu/faculty/jiang/pubs/SRDS11.pdf

Y. Hebbal, S. Laniepce, and J. Menaud, Virtual Machine Introspection: Techniques and Applications, 2015 10th International Conference on Availability, Reliability and Security, pp.676-685, 2015.
DOI : 10.1109/ARES.2015.43

URL : https://hal.archives-ouvertes.fr/hal-01165285

C. Horne, Understanding full virtualization, paravirtualization and hardware assist. White paper, 2007.

B. Jain, M. Basim-baig, D. Zhang, E. Donald, R. Porter et al., SoK: Introspections on Trust and the Semantic Gap, 2014 IEEE Symposium on Security and Privacy, pp.605-620, 2014.
DOI : 10.1109/SP.2014.45

URL : http://www.cs.stonybrook.edu/~porter/pubs/sok14.pdf

X. Jiang, X. Wang, and D. Xu, Stealthy Malware Detection Through Vmm-based "Out-of-the-box" Semantic View Reconstruction, Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pp.128-138, 2007.

R. Jones and M. Booth, Virt-inspector-display operating system version and other information about a virtual machine

T. Stephen, A. C. Jones, R. H. Arpaci-dusseau, and . Arpaci-dusseau, Antfarm: Tracking Processes in a Virtual Machine Environment, Proceedings of the Annual Conference on USE- NIX '06 Annual Technical Conference, ATEC '06, pp.1-1, 2006.

T. Stephen, A. C. Jones, R. H. Arpaci-dusseau, and . Arpaci-dusseau, VMM-based Hidden Process Detection and Identification Using Lycosid, Proceedings of the Fourth ACM SIG- PLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '08, pp.91-100, 2008.

A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen, Detecting Past and Present Intrusions Through Vulnerability-specific Predicates, Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, SOSP '05, pp.91-104, 2005.
DOI : 10.1145/1095809.1095820

T. Kittel, S. Vogl, K. Tamas, J. Lengyel, C. Pfoh et al., Code validation for modern OS kernels, Workshop on Malware Memory Forensics (MMF), 2014.

A. Kivity, Y. Kamay, D. Laor, U. Lublin, and A. Liguori, KVM: the Linux Virtual Machine Monitor, Proceedings of the Linux Symposium, pp.225-230, 2007.

R. Krishnakumar, Kernel korner: kprobes-a kernel debugger, Linux Journal, issue.133, p.11, 2005.

A. Michael, . Laurenzano, M. Mustafa, L. Tikir, A. Carrington et al., Pebil: Efficient static binary instrumentation for linux, Performance Analysis of Systems & Software (ISPASS), 2010 IEEE International Symposium on, pp.175-183, 2010.

K. Tamas, S. Lengyel, . Maresca, D. Bryan, . Payne et al., Scalability, fidelity and stealth in the drakvuf dynamic malware analysis system, Proceedings of the 30th Annual Computer Security Applications Conference, pp.386-395, 2014.

S. Li, A survey on tools for binary code analysis, 2004.

H. Liao, C. Lin, Y. Lin, and K. Tung, Intrusion detection system: A comprehensive review, Journal of Network and Computer Applications, vol.36, issue.1, pp.16-24, 2013.
DOI : 10.1016/j.jnca.2012.09.004

C. Linn and S. Debray, Obfuscation of executable code to improve resistance to static disassembly, Proceedings of the 10th ACM conference on Computer and communication security , CCS '03, pp.290-299, 2003.
DOI : 10.1145/948109.948149

URL : http://www.cs.arizona.edu/~debray/Publications/disasm-resist.ps

L. Litty, H. Andrés-lagar-cavilla, and D. Lie, Hypervisor Support for Identifying Covertly Executing Binaries, USENIX Security Symposium, pp.243-258, 2008.

L. Litty and D. Lie, Manitou, Proceedings of the 1st workshop on Architectural and system support for improving software dependability , ASID '06, pp.6-11, 2006.
DOI : 10.1145/1181309.1181311

A. Lut, A. Coles, S. Lukács, and D. Lut, U-HIPE: hypervisor-based protection of user-mode processes in windows, Journal of Computer Virology and Hacking Techniques, vol.12, issue.1, pp.23-36, 2016.

G. Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, Insecure, 2009.

P. Mell and T. Grance, The NIST definition of cloud computing, 2011.
DOI : 10.6028/NIST.SP.800-145

X. Meng and B. Miller, Binary code is not easy, Proceedings of the 25th International Symposium on Software Testing and Analysis, ISSTA 2016
DOI : 10.1109/CSAC.2004.17

URL : http://dl.acm.org/ft_gateway.cfm?id=2931047&type=pdf

J. Newsome, Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, 2005.

J. Newsome, D. Brumley, and D. Song, Vulnerability-specific execution filtering for exploit prevention on commodity software, 2006.

E. Park, B. Egger, and J. Lee, Fast and space-efficient virtual machine checkpointing, ACM SIGPLAN Notices, vol.46, issue.7, pp.75-86, 2011.
DOI : 10.1145/2007477.1952694

D. Bryan and . Payne, Simplifying virtual machine introspection using libVMI, Sandia Report, 2012.

D. Bryan, M. Payne, M. Carbone, W. Sharif, and . Lee, Lares: An architecture for secure active monitoring using virtualization, Security and Privacy, pp.233-247, 2008.

D. Bryan, . Payne, W. Mdp-de-carbone, and . Lee, Secure and flexible monitoring of virtual machines, Computer Security Applications Conference ACSAC 2007. Twenty-Third Annual, pp.385-397, 2007.

J. Pewny, B. Garmany, R. Gawlik, C. Rossow, and T. Holz, Crossarchitecture bug search in binary executables, Security and Privacy (SP), 2015 IEEE Symposium on, pp.709-724, 2015.
DOI : 10.1515/itit-2016-0040

URL : http://www.degruyter.com/downloadpdf/j/itit.2017.59.issue-2/itit-2016-0040/itit-2016-0040.xml

J. Pfoh, C. Schneider, and C. Eckert, A formal model for virtual machine introspection, Proceedings of the 1st ACM workshop on Virtual machine security, VMSec '09, pp.1-10, 2009.
DOI : 10.1145/1655148.1655150

URL : http://www.sec.in.tum.de/assets/staff/pfoh/PfohSchneider2009a.pdf

J. Pfoh, C. Schneider, and C. Eckert, Nitro: Hardware-Based System Call Tracing for Virtual Machines, Advances in Information and Computer Security, pp.96-112, 2011.
DOI : 10.1109/SP.2008.24

URL : http://www.sec.in.tum.de/assets/staff/pfoh/PfohSchneider2011a.pdf

C. Pham, Z. Estrada, P. Cao, Z. Kalbarczyk, and R. K. Iyer, Reliability and Security Monitoring of Virtual Machines Using Hardware Architectural Invariants, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp.13-24, 2014.
DOI : 10.1109/DSN.2014.19

J. Gerald, . Popek, P. Robert, and . Goldberg, Formal requirements for virtualizable third generation architectures, Communications of the ACM, vol.17, issue.7, pp.412-421, 1974.

A. Nguyen and . Quynh, Operating system fingerprinting for virtual machines, Proc. DEFCON, 2010.

J. Rhee, R. Riley, D. Xu, and X. Jiang, Kernel malware analysis with untampered and temporal views of dynamic kernel memory, Recent Advances in Intrusion Detection, pp.178-197, 2010.
DOI : 10.1007/978-3-642-15512-3_10

URL : http://www.cs.purdue.edu/homes/dxu/pubs/RAID10.pdf

R. Riley, X. Jiang, and D. Xu, Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing, Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, RAID '08, pp.1-20, 2008.
DOI : 10.1007/978-3-540-87403-4_1

URL : http://www.cs.purdue.edu/homes/dxu/pubs/RAID08.pdf

M. Rosenblum, The Reincarnation of Virtual Machines, Queue, vol.2, issue.5, p.34, 2004.
DOI : 10.1145/1016998.1017000

URL : http://dl.acm.org/ft_gateway.cfm?id=1017000&type=pdf

E. Nathan, X. Rosenblum, . Zhu, P. Barton, K. Miller et al., Learning to Analyze Binary Computer Code, AAAI, pp.798-804, 2008.

M. Russinovich, D. Solomon, and A. Ionescu, Windows internals, 2012.

A. Saberi, Y. Fu, and Z. Lin, HYBRID-BRIDGE: Efficiently Bridging the Semantic Gap in Virtual Memory Introspection via Decoupled Execution and Training Memoization, Proceedings 2014 Network and Distributed System Security Symposium, 2014.
DOI : 10.14722/ndss.2014.23226

B. Schwarz, S. Debray, and G. Andrews, Disassembly of executable code revisited, Ninth Working Conference on Reverse Engineering, 2002. Proceedings., pp.45-54, 2002.
DOI : 10.1109/WCRE.2002.1173063

URL : http://www.cs.arizona.edu/people/debray/papers/disasm.ps

A. Seshadri, M. Luk, N. Qu, and A. Perrig, SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes, Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, SOSP '07, pp.335-350, 2007.

H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu et al., On the effectiveness of address-space randomization, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, pp.298-307, 2004.
DOI : 10.1145/1030083.1030124

URL : http://www.cs.dartmouth.edu/~nihal/security/p298-shacham.pdf

I. Monirul, W. Sharif, W. Lee, A. Cui, and . Lanzi, Secure in-VM Monitoring Using Hardware Virtualization, Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pp.477-487, 2009.

E. Chul, R. Shin, D. Song, and R. Moazzezi, Recognizing functions in binaries with neural networks, 24th USENIX Security Symposium (USENIX Security 15), pp.611-626, 2015.

K. Skarfone and P. Mell, Guide to intrusion detection and prevention systems
DOI : 10.6028/NIST.SP.800-94

D. Srinivasan, Z. Wang, X. Jiang, and D. Xu, Process out-grafting, Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pp.363-374, 2011.
DOI : 10.1145/2046707.2046751

A. Srivastava and J. Giffin, Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections, Recent Advances in Intrusion Detection, pp.39-58, 2008.
DOI : 10.1007/978-3-540-87403-4_3

URL : http://www-static.cc.gatech.edu/~giffin/papers/raid08/SG08.pdf

S. Suneja, C. Isci, V. Eyal-de-lara, and . Bala, Exploring VM Introspection: Techniques and Trade-offs, Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp.133-146, 2015.
DOI : 10.1145/2817817.2731196

L. Ronald, H. Rivest-thomas, C. E. Cormen, C. Leiserson, and . Stein, Introduction to Algorithms, 2002.

D. Tian, X. Xiong, C. Hu, and P. Liu, Integrating Offline Analysis and Online Protection to Defeat Buffer Overflow Attacks, Information Security, pp.409-415, 2011.
DOI : 10.1109/ARES.2009.126

D. Urbina, Y. Gu, J. Caballero, and Z. Lin, SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification, Computer Security-ESORICS 2014, pp.237-256, 2014.
DOI : 10.1007/978-3-319-11212-1_14

URL : http://www.utdallas.edu/%7Ezxl111930/file/ESORICS14.pdf

D. Victor-van-der-veen, E. Andriesse, B. Gökta¸sgökta¸s, L. Gras, A. Sambuc et al., Practical Context-Sensitive CFI, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pp.927-940, 2015.
DOI : 10.1145/2576195.2576208

A. Carl and . Waldspurger, Memory resource management in VMware ESX server, ACM SIGOPS Operating Systems Review, vol.36, issue.SI, pp.181-194, 2002.

G. Wang, Z. J. Estrada, C. M. Pham, T. Zbigniew, . Kalbarczyk et al., Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring, WOOT, 2015.

Z. Wang, X. Jiang, W. Cui, and P. Ning, Countering kernel rootkits with lightweight hook protection, Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pp.545-554, 2009.
DOI : 10.1145/1653662.1653728

URL : http://discovery.csc.ncsu.edu/~pning/pubs/ccs09-HookSafe.pdf

R. Wu, P. Chen, P. Liu, and B. Mao, System Call Redirection: A Practical Approach to Meeting Real-World Virtual Machine Introspection Needs, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp.574-585, 2014.
DOI : 10.1109/DSN.2014.59

J. Zeng, Y. Fu, and Z. Lin, Automatic Uncovering of Tap Points from Kernel Executions, International Symposium on Research in Attacks, Intrusions, and Defenses, pp.49-70, 2016.
DOI : 10.1007/978-3-319-26362-5_25

J. Zeng and Z. Lin, Towards Automatic Inference of Kernel Object Semantics from Binary Code, Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'15), 2015.
DOI : 10.1007/978-3-319-26362-5_25

C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres et al., Practical control flow integrity and randomization for binary executables, Security and Privacy (SP), 2013 IEEE Symposium on, pp.559-573, 2013.

H. Zhang, L. Zhao, L. Xu, L. Wang, and D. Wu, vPatcher: VMI-Based Transparent Data Patching to Secure Software in the Cloud, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, pp.943-948, 2014.
DOI : 10.1109/TrustCom.2014.125

L. Zhang, S. Shetty, P. Liu, and J. Jing, RootkitDet: Practical End-to-End Defense against Kernel Rootkits in a Cloud Environment, Computer Security-ESORICS 2014, pp.475-493, 2014.
DOI : 10.1007/978-3-319-11212-1_27