skip to main content
research-article

Enhancing Branch Monitoring for Security Purposes: From Control Flow Integrity to Malware Analysis and Debugging

Published:02 January 2018Publication History
Skip Abstract Section

Abstract

Malware and code-reuse attacks are the most significant threats to current systems operation. Solutions developed to countermeasure them have their weaknesses exploited by attackers through sandbox evasion and antidebug crafting. To address such weaknesses, we propose a framework that relies on the modern processors’ branch monitor feature to allow us to analyze malware while reducing evasion effects. The use of hardware assistance aids in increasing stealthiness, a key feature for debuggers, as modern software (malicious or benign) may be antianalysis armored. We achieve stealthier code execution control by using the branch monitor hardware’s inherent interrupt capabilities, keeping the code under execution intact. Previous works on branch monitoring have already addressed the ROP attack problem but require code injection and/or are limited in their capture window size. Therefore, we also propose a ROP detector without these limitations.

Skip Supplemental Material Section

Supplemental Material

References

  1. Julien Ahrens. 2014. Easy File Management Web Server 5.3 - ‘UserID’ Remote Buffer Overflow (ROP). Retrieved November 6, 2017, from https://www.exploit-db.com/exploits/33610/.Google ScholarGoogle Scholar
  2. Y. Akao and T. Yamauchi. 2015. Proposal of kernel rootkits detection method by monitoring branches using hardware features. In Proceedings of the 2015 IIAI 4th International Congress on Advanced Applied Informatics. IEEE, Los Alamitos, CA, 721--722. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Erdem Aktas and Kanad Ghose. 2013. Run-time control flow authentication: An assessment on contemporary x86 platforms. In Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC’13). ACM, New York, NY, 1859--1866.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. AMD. 2012. AMD64 Architecture Programmer’s Manual Volume 2. AMD.Google ScholarGoogle Scholar
  5. ARM. 2011. Cortex-A Series Programmer’s Guide. ARM.Google ScholarGoogle Scholar
  6. Davide Balzarotti, Marco Cova, Christoph Karlberger, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. 2010. Efficient detection of split personalities in malware. In Proceedings of the17th Annual Network and Distributed System Security Symposium. 1--16.Google ScholarGoogle Scholar
  7. Julian Bangert, Sergey Bratus, Rebecca Shapiro, and Sean W. Smith. 2013. The page-fault weird machine: Lessons in instruction-less computation. In Proceedings of the 7th USENIX Conference on Offensive Technologies (WOOT’13). 1--13.Google ScholarGoogle Scholar
  8. Gabriel Negreira Barbosa and Rodrigo Rubira Branco. 2014. Prevalent Characteristics in Modern Malware. Retrieved November 6, 2017, from https://www.blackhat.com/docs/us-14/materials/us-14-Branco-Prevalent-Characteristics-In-Modern-Malware.pdf.Google ScholarGoogle Scholar
  9. Georgios Bitzes and Andrzej Nowak. 2014. The Overhead of Profiling Using PMU Hardware Counters. Retrieved November 6, 2017, from https://zenodo.org/record/10800/files/TheOverheadOfProfilingUsingPMUhardwareCounters.pdf.Google ScholarGoogle Scholar
  10. Tyler Bletsch, Xuxian Jiang, and Vince Freeh. 2011a. Mitigating code-reuse attacks with control-flow locking. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC’11). ACM, New York, NY, 353--362. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Tyler Bletsch, Xuxian Jiang, Vince W. Freeh, and Zhenkai Liang. 2011b. Jump-oriented programming: A new class of code-reuse attack. In Proceedings of the 6th ACM Symposium on Information, Computer, and Communication Security (ASIACCS’11). 30--40. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Marcus Felipe Botacin, Paulo Lício de Geus, and André Ricardo Abed Grégio. 2017. The other guys: Automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques 2017, 1--12. DOI:http://dx.doi.org/10.1007/s11416-017-0292-8 Google ScholarGoogle ScholarCross RefCross Ref
  13. Rodrigo Rubira Branco, Gabriel Negreira Barbosa, and Pedro Drimel Neto. 2012. Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti-VM Technologies. Retrieved November 6, 2017, from https://media.blackhat.com/bh-us-12/Briefings/Branco/BH_US_12_Branco_Scientific_Academic_Slides.pdf.Google ScholarGoogle Scholar
  14. Capstone. 2016. Home Page. Retrieved November 6, 2017, from http://www.capstone-engine.org/.Google ScholarGoogle Scholar
  15. Alexander Chailytko and Stanislav Skuratovich. 2016. Defeating Sandbox Evasion: How to Increase the Successful Emulation Rate in Your Virtual Environment. Retrieved November 6, 2017, from https://www.virusbulletin.com/uploads/pdf/magazine/2016/VB2016-Chailytko-Skuratovich.pdf.Google ScholarGoogle Scholar
  16. Ping Chen, Hai Xiao, Xiaobin Shen, Xinchun Yin, Bing Mao, and Li Xie. 2009. DROP: Detecting return-oriented programming malicious code. In Proceedings of the 5th International Conference on Information Systems Security (ICISS’09). 163--177.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Yueqiang Cheng, Zongwei Zhou, Yu Miao, Xuhua Ding, Huijie Deng, and Robert Deng. 2014. ROPecker: A generic and practical approach for defending against ROP attack. In Proceedings of the 2014 NDSS Symposium. Google ScholarGoogle ScholarCross RefCross Ref
  18. Andrei Chiş, Marcus Denker, Tudor Gîrba, and Oscar Nierstrasz. 2015. Practical domain-specific debuggers using the Moldable Debugger framework. Computer Languages, Systems and Structures 44, PA, 89--113.Google ScholarGoogle Scholar
  19. CloudBurst. 2016. Reverse Engineering for Malware: Shellcodes and AV/API Hook Evasion. Retrieved November 6, 2017, from https://www.cloudburstsecurity.com/2016/06/10/reverse-engineering-for-malware-shellcodes-and-avapi-hook-evasion.Google ScholarGoogle Scholar
  20. L. Davi, M. Hanreich, D. Paul, A. R. Sadeghi, P. Koeberl, D. Sullivan, O. Arias, and Y. Jin. 2015. HAFIX: Hardware-assisted flow integrity extension. In Proceedings of the 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). ACM, Los Alamitos, CA, 1--6. 0738-100XGoogle ScholarGoogle Scholar
  21. Lucas Davi, Ahmad-Reza Sadeghi, and Marcel Winandy. 2009. Dynamic integrity measurement and attestation: Towards defense against return-oriented programming attacks. In Proceedings of the 2009 ACM Workshop on Scalable Trusted Comp. (STC’09). ACM, New York, NY, 1--6.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. S. Debray and J. Patel. 2010. Reverse engineering self-modifying code: Unpacker extraction. In Proceedings of the 2010 17th Working Conference on Reverse Engineering. IEEE, Los Alamitos, CA, 131--140. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. 2008. Ether: Malware analysis via hardware virtualization extensions. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08). 51--62.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2008. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys 44, 2, 6:1--6:42.Google ScholarGoogle Scholar
  25. Aristide Fattori, Roberto Paleari, Lorenzo Martignoni, and Mattia Monga. 2010. Dynamic and transparent analysis of commodity production systems. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE’10). 417--426. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Yuxin Gao, Zexin Lu, and Yuqing Luo. 2014. Survey on malware anti-analysis. In Proceedings of the 2014 5th International Conference on Intelligent Control and Information Processing (ICICIP’14). IEEE, Los Alamitos, CA, 270--275. Google ScholarGoogle ScholarCross RefCross Ref
  27. Enes Göktaş, Elias Athanasopoulos, Michalis Polychronakis, Herbert Bos, and Georgios Portokalidis. 2014. Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security’14). 417--432.Google ScholarGoogle Scholar
  28. Mariano Graziano, Davide Balzarotti, and Alain Zidouemba. 2016. ROPMEMU: A framework for the analysis of complex code-reuse attacks. In Proceedings of the 11th ACM Asia Conference on Computer and Commications Security (ASIACCS’16). Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Groundworkstech. 2016. A Python Interface to the GNU Binary File Descriptor (BFD) Library. Retrieved November 6, 2017, from https://github.com/Groundworkstech/pybfd.Google ScholarGoogle Scholar
  30. Claudio Guarnieri. 2013. Cuckoo Sandbox. Retrieved November 6, 2017, from http://www.cuckoosandbox.org/.Google ScholarGoogle Scholar
  31. Jason Hiser, Anh Nguyen-Tuong, Michele Co, Matthew Hall, and Jack W. Davidson. 2012. ILR: Where’d my gadgets go? In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). 571--585.Google ScholarGoogle Scholar
  32. A. Ho, S. Hand, and T. Harris. 2004. PDB: Pervasive debugging with Xen. In Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing. IEEE, Los Alamitos, CA, 260--265. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Intel. 2015. Intel® 64 and IA-32 Architectures Software Developer’s Manual. Intel.Google ScholarGoogle Scholar
  34. Intel. 2016. Control-Flow Enforcement Technology Preview. Retrieved November 6, 2017, from https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf.Google ScholarGoogle Scholar
  35. Jun Jiang, Xiaoqi Jia, Dengguo Feng, Shengzhi Zhang, and Peng Liu. 2011. HyperCrop: A hypervisor-based countermeasure for return oriented programming. In Proceedings of the 13th International Conference on Information and Communications Security (ICICS’11). 360--373. Google ScholarGoogle ScholarCross RefCross Ref
  36. Noah M. Johnson, Juan Caballero, Kevin Zhijie Chen, Stephen McCamant, Pongsin Poosankam, Daniel Reynaud, and Dawn Song. 2011. Differential slicing: Identifying causal execution differences for security applications. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP’11). IEEE, Los Alamitos, CA, 347--362. DOI:http://dx.doi.org/10.1109/SP.2011.41 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Dhilung Kirat and Giovanni Vigna. 2015. MalGene: Automatic extraction of malware analysis evasion signature. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, New York, NY, 769--780. DOI:http://dx.doi.org/10.1145/2810103.2813642 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel. 2014. Barecloud: Bare-metal analysis-based evasive malware detection. In Proceedings of the 23rd USENIX Security Symposium (SEC’14). 287--301.Google ScholarGoogle Scholar
  39. Knaps. 2015. Easy File Sharing Web Server 7.2 - Remote Buffer Overflow (SEH) (DEP Bypass + ROP). Retrieved November 6, 2017, from https://www.exploit-db.com/exploits/38829/.Google ScholarGoogle Scholar
  40. S. Kompalli. 2014. Using existing hardware services for malware detection. In Proceedings of the 2014 IEEE Security and Privacy Workshops (SPW’14). IEEE, Los Alamitos, CA, 204--208. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Bingchen Lan, Yan Li, Hao Sun, Chao Su, Yao Liu, and Qingkai Zeng. 2015. Loop-oriented programming: A new code reuse attack to bypass modern defenses. In Proceedings of the IEEE Trustcom/BigDataSE/ISPA Conference. 190--197. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Jari-Matti Mäkelä, Ville Leppänen, and Martti Forsell. 2013. Towards a parallel debugging framework for the massively multi-threaded, step-synchronous replica architecture. In Proceedings of the 14th International Conference on Computer Systems and Technologies (CompSysTech’13). ACM, New York, NY, 1--8.Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. J. A. P. Marpaung, M. Sain, and H.-J. Lee. 2012. Survey on malware evasion techniques: State of the art and challenges. In Proceedings of the 14th International Conference on Advanced Communication Technology (ICACT’12). 744--749.Google ScholarGoogle Scholar
  44. A. Moser, C. Kruegel, and E. Kirda. 2007. Limits of static analysis for malware detection. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC’07). ACM, New York, NY, 421--430. Google ScholarGoogle ScholarCross RefCross Ref
  45. James Newsome and Dawn Song. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS’05). 1--17.Google ScholarGoogle Scholar
  46. Anh M. Nguyen, Nabil Schear, HeeDong Jung, Apeksha Godiyal, Samuel T. King, and Hai D. Nguyen. 2009. MAVMM: Lightweight and purpose built VMM for malware analysis. In Proceedings of the IEEE Annual Computer Security Applications Conference (ACSAC’09). 441--450.Google ScholarGoogle Scholar
  47. Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. 2010. G-Free: Defeating return-oriented programming through gadget-less binaries. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC’10). ACM, New York, NY, 1--10.Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2012. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). IEEE, Los Alamitos, CA, 1--15.Google ScholarGoogle Scholar
  49. Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2013. Transparent ROP exploit mitigation using indirect branch tracing. In Proceedings of the 22nd USENIX Security Symposium (SEC’13). 447--462.Google ScholarGoogle Scholar
  50. Rian Quinn. 2012. Detection of Malware via Side Channel Information. Ph.D. Dissertation. Binghamton University.Google ScholarGoogle Scholar
  51. James Reinders.2013. Processor Tracing. Retrieved November 6, 2017, from https://software.intel.com/en-us/blogs/2013/09/18/processor-tracing.Google ScholarGoogle Scholar
  52. Thomas Roccia. 2016. An Overview of Malware Self-Defense and Protection. Retrieved November 6, 2017, from https://securingtomorrow.mcafee.com/mcafee-labs/overview-malware-self-defense-protection/.Google ScholarGoogle Scholar
  53. Jonathan B. Rosenberg. 1996. How Debuggers Work: Algorithms, Data Structures, and Architecture. John Wiley 8 Sons, New York, NY.Google ScholarGoogle Scholar
  54. Christian Rossow, Christian J. Dietrich, Christian Kreibich, Chris Grier, Vern Paxson, Norbert Pohlmann, Herbert Bos, and Maarten van Steen. 2012. Prudent practices for designing malware experiments: Status quo and outlook. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (S8P’12). 65--79.Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Daniel Schulz and Frank Mueller. 2000. A thread-aware debugger with an open interface. In Proceedings of the 2000 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’00). ACM, New York, NY, 1--11.Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Felix Schuster, Thomas Tendyck, Jannik Pewny, Andreas Maaß, Martin Steegmanns, Moritz Contag, and Thorsten Holz. 2014. Evaluating the effectiveness of current anti-ROP defenses. In Research in Attacks, Intrusions and Defenses. Lecture Notes in Computer Science, Vol. 8688. Springer, 88--108.Google ScholarGoogle Scholar
  57. Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the IEEE Symposium on Security and Privacy (SP’10). IEEE, Los Alamitos, CA, 317--331.Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Rebecca Shapiro, Sergey Bratus, and Sean W. Smith. 2013. “W eird machines” in ELF: A spotlight on the underappreciated metadata. In Proceedings of the 7th USENIX Conference on Offensive Technologies (WOOT’13). 11.Google ScholarGoogle Scholar
  59. Ahmad Sharif and Hsien-Hsin S. Lee. 2008. Total recall: A debugging framework for GPUs. In Proceedings of the 23rd ACM SIGGRAPH/EUROGRAPHICS Symposium on Graphics Hardware (GH’08). 13--20.Google ScholarGoogle Scholar
  60. Hao Shi, Abdulla Alwabel, and Jelena Mirkovic. 2014. Cardinal pill testing of system virtual machines. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security’14). 271--285.Google ScholarGoogle Scholar
  61. Michael Sikorski and Andrew Honig. 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software.No Starch Press, San Francisco, CA.Google ScholarGoogle Scholar
  62. M. L. Soffa, K. R. Walcott, and J. Mars. 2011. Exploiting hardware advances for software testing and debugging: NIER track. In Proceedings of the 33rd International Conference on Software Engineering (ICSE’11). 888--891.Google ScholarGoogle Scholar
  63. Nguyen Hong Son. 2011. ROP Chain for Windows 8. Retrieved November 6, 2017, from http://security.bkav.com/home/-/blogs/rop-chain-for-windows-8/normal.Google ScholarGoogle Scholar
  64. J. Vanegue. 2014. The weird machines in proof-carrying code. In Proceedings of the 2014 IEEE Security and Privacy Workshops (SPW’14). IEEE, Los Alamitos, CA, 209--213. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. Amit Vasudevan and Ramesh Yerraballi. 2005. Stealth breakpoints. In Proceedings of the 21st IEEE Annual Computer Security Applications Conference (ACSAC’05). 381--392.Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. Amit Vasudevan and Ramesh Yerraballi. 2006a. Cobra: Fine-grained malware analysis using stealth localized-executions. In Proceedings of the IEEE Symposium on Security and Privacy (SP’06). 264--279.Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Amit Vasudevan and Ramesh Yerraballi. 2006b. SPiKE: Engineering malware analysis tools using unobtrusive binary-instrumentation. In Proceedings of the 29th Australasian Computer Science Conference (ACSC’06). 311--320.Google ScholarGoogle Scholar
  68. Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, and Zhiqiang Lin. 2012. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS’12). ACM, New York, NY, 1--12.Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. C. Willems, T. Holz, and F. Freiling. 2007. Toward automated dynamic malware analysis using CWSandbox. IEEE Security and Privacy 5, 2, 32--39. Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Carsten Willems, Ralf Hund, Andreas Fobian, Dennis Felsch, Thorsten Holz, and Amit Vasudevan. 2012. Down to the bare metal: Using processor features for binary analysis. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC’12). ACM, New York, NY, 1--10.Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Jiyoung Woo and Huy Kang Kim. 2012. Survey and research direction on online game security. In Proceedings of the Workshop at SIGGRAPH Asia (WASA’12). ACM, New York, NY, 1--7.Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. Y. Xia, Y. Liu, H. Chen, and B. Zang. 2012. CFIMon: Detecting violation of control flow integrity using performance counters. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’12). 1--12.Google ScholarGoogle Scholar
  73. M. Xianya, Z. Yi, W. Baosheng, and T. Yong. 2015. A survey of software protection methods based on self-modifying code. In Proceedings of the IEEE International Conference on Computational Intelligence and Communication Networks (CICN’15). 589--593. Google ScholarGoogle ScholarCross RefCross Ref
  74. Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. 2007. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, New York, NY, 116--127. Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. Liwei Yuan, Weichao Xing, Haibo Chen, and Binyu Zang. 2011. Security breaches as PMU deviation: Detecting and identifying security attacks using performance counters. In Proceedings of the 2nd Asia-Pacific Workshop on Systems (APSys’11). ACM, New York, NY, Article 6, 5 pages.Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. F. Zhang, K. Leach, A. Stavrou, H. Wang, and K. Sun. 2015. Using hardware features for increased debugging transparency. In Proceedings of the IEEE Symposium on Security and Privacy (SP’15). IEEE, Los Alamitos, CA, 55--69. Google ScholarGoogle ScholarDigital LibraryDigital Library
  77. Fengwei Zhang, Kevin Leach, Kun Sun, and Angelos Stavrou. 2013. SPECTRE: A dependable introspection framework via system management mode. In Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’13). 1--12.Google ScholarGoogle ScholarDigital LibraryDigital Library
  78. Y. Zhong, H. Yamaki, and H. Takakura. 2012. A malware classification method based on similarity of function structure. In Proceedings of the IEEE/IPSJ 12th International Symposium on Applications and the Internet. 256--261. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Enhancing Branch Monitoring for Security Purposes: From Control Flow Integrity to Malware Analysis and Debugging

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Privacy and Security
          ACM Transactions on Privacy and Security  Volume 21, Issue 1
          February 2018
          148 pages
          ISSN:2471-2566
          EISSN:2471-2574
          DOI:10.1145/3171591
          Issue’s Table of Contents

          Copyright © 2018 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 2 January 2018
          • Accepted: 1 October 2017
          • Revised: 1 August 2017
          • Received: 1 February 2017
          Published in tops Volume 21, Issue 1

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!