{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T00:45:35Z","timestamp":1743036335812,"version":"3.40.3"},"publisher-location":"Cham","reference-count":41,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319112022"},{"type":"electronic","value":"9783319112039"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-11203-9_18","type":"book-chapter","created":{"date-parts":[[2014,8,14]],"date-time":"2014-08-14T16:36:46Z","timestamp":1408034206000},"page":"310-325","source":"Crossref","is-referenced-by-count":2,"title":["Detangling Resource Management Functions from the TCB in Privacy-Preserving Virtualization"],"prefix":"10.1007","author":[{"given":"Min","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zili","family":"Zha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wanyu","family":"Zang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Meng","family":"Yu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kun","family":"Bai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"18_CR1","unstructured":"Forbes: PRISM Projected To Cost U.S. Cloud Market $35B, \n                  \n                    http:\/\/www.forbes.com\/sites\/louiscolumbus\/2013\/08\/08\/prism-projected-to-cost-u-s-cloud-computing-industry-35b"},{"key":"18_CR2","unstructured":"Xen: \n                  \n                    http:\/\/www.xen.org\/"},{"key":"18_CR3","unstructured":"KVM, \n                  \n                    http:\/\/www.linux-kvm.org\/"},{"key":"18_CR4","unstructured":"Amazon Inc.: Amazon EC2, \n                  \n                    http:\/\/aws.amazon.com\/ec2\/"},{"key":"18_CR5","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1145\/2382196.2382226","volume-title":"Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012","author":"S. Butt","year":"2012","unstructured":"Butt, S., Lagar-Cavilla, H.A., Srivastava, A., Ganapathy, V.: Self-service cloud computing. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 253\u2013264. ACM, New York (2012)"},{"key":"18_CR6","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1145\/2523649.2523680","volume-title":"Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC 2013","author":"M. Li","year":"2013","unstructured":"Li, M., Zang, W., Bai, K., Yu, M., Liu, P.: Mycloud: Supporting user-configured privacy protection in cloud computing. In: Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC 2013, pp. 59\u201368. ACM, New York (2013)"},{"key":"18_CR7","doi-asserted-by":"crossref","unstructured":"Murray, D., Milos, G., Hand, S.: Improving xen security through disaggregation. In: Proceedings of the Fourth ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments, pp. 151\u2013160. ACM (2008)","DOI":"10.1145\/1346256.1346278"},{"key":"18_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1007\/978-3-642-31540-4_23","volume-title":"Data and Applications Security and Privacy XXVI","author":"W. Pan","year":"2012","unstructured":"Pan, W., Zhang, Y., Yu, M., Jing, J.: Improving virtualization security by splitting hypervisor into smaller components. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol.\u00a07371, pp. 298\u2013313. Springer, Heidelberg (2012)"},{"key":"18_CR9","doi-asserted-by":"crossref","unstructured":"Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 203\u2013216. ACM (2011)","DOI":"10.1145\/2043556.2043576"},{"key":"18_CR10","doi-asserted-by":"crossref","unstructured":"Williams, D., Jamjoom, H., Weatherspoon, H.: The xen-blanket: virtualize once, run everywhere. In: ACM EuroSys (2012)","DOI":"10.1145\/2168836.2168849"},{"key":"18_CR11","unstructured":"Ben-Yehuda, M., Day, M., Dubitzky, Z., Factor, M., Har\u2019El, N., Gordon, A., Liguori, A., Wasserman, O., Yassour, B.: The turtles project: Design and implementation of nested virtualization. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 1\u20136. USENIX Association (2010)"},{"key":"18_CR12","doi-asserted-by":"crossref","unstructured":"Kauer, B., Verissimo, P., Bessani, A.: Recursive virtual machines for advanced security mechanisms. In: 2011 IEEE\/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 117\u2013122. IEEE (2011)","DOI":"10.1109\/DSNW.2011.5958796"},{"key":"18_CR13","first-page":"209","volume-title":"Proceedings of the 5th European Conference on Computer Systems, EuroSys 2010","author":"U. Steinberg","year":"2010","unstructured":"Steinberg, U., Kauer, B.: Nova: a microhypervisor-based secure virtualization architecture. In: Proceedings of the 5th European Conference on Computer Systems, EuroSys 2010, pp. 209\u2013222. ACM, New York (2010)"},{"issue":"1","key":"18_CR14","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1145\/1113361.1113363","volume":"40","author":"G. Heiser","year":"2006","unstructured":"Heiser, G., Uhlig, V., LeVasseur, J.: Are virtual-machine monitors microkernels done right? SIGOPS Oper. Syst. Rev.\u00a040(1), 95\u201399 (2006)","journal-title":"SIGOPS Oper. Syst. Rev."},{"key":"18_CR15","doi-asserted-by":"publisher","first-page":"350","DOI":"10.1145\/1816038.1816010","volume":"38","author":"E. Keller","year":"2010","unstructured":"Keller, E., Szefer, J., Rexford, J., Lee, R.: Nohype: virtualized cloud infrastructure without the virtualization. ACM SIGARCH Computer Architecture News\u00a038, 350\u2013361 (2010)","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Szefer, J., Keller, E., Lee, R., Rexford, J.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 401\u2013412. ACM (2011)","DOI":"10.1145\/2046707.2046754"},{"issue":"4","key":"18_CR17","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1145\/1357010.1352625","volume":"42","author":"J.M. McCune","year":"2008","unstructured":"McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. SIGOPS Oper. Syst. Rev.\u00a042(4), 315\u2013328 (2008)","journal-title":"SIGOPS Oper. Syst. Rev."},{"key":"18_CR18","doi-asserted-by":"crossref","unstructured":"Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In. In: ASPLOS (May 2008)","DOI":"10.1145\/1346281.1346284"},{"key":"18_CR19","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1145\/1346256.1346267","volume-title":"Proceedings of the Fourth ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments, VEE 2008","author":"J. Yang","year":"2008","unstructured":"Yang, J., Shin, K.G.: Using hypervisor to provide data secrecy for user applications on a per-page basis. In: Proceedings of the Fourth ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments, VEE 2008, pp. 71\u201380. ACM, New York (2008)"},{"key":"18_CR20","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1145\/2451116.2451146","volume-title":"Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating System, ASPLOS 2013","author":"O.S. Hofmann","year":"2013","unstructured":"Hofmann, O.S., Kim, S., Dunn, A.M., Lee, M.Z., Witchel, E.: Inktag: secure applications on an untrusted operating system. In: Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating System, ASPLOS 2013, pp. 265\u2013278. ACM, New York (2013)"},{"key":"18_CR21","first-page":"279","volume-title":"Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI 2006","author":"R. Ta-Min","year":"2006","unstructured":"Ta-Min, R., Litty, L., Lie, D.: Splitting interfaces: making trust between applications and operating system configurable. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI 2006, pp. 279\u2013292. USENIX Association, Berkeley (2006)"},{"key":"18_CR22","unstructured":"Cheng, Y., Ding, X., Deng, R.H.: Appshield: Protecting applications against untrusted operating system. In: Singaport Management University Technical Report. smu-sis-13-101 (2013)"},{"key":"18_CR23","unstructured":"Cloud, M., \n                  \n                    http:\/\/www.microsoft.com\/enterprise\/microsoftcloud\/"},{"key":"18_CR24","unstructured":"Cloud, H.P., \n                  \n                    http:\/\/www.hpcloud.com\/"},{"key":"18_CR25","unstructured":"CVE-2007-4993: Xen guest root escape to dom0 via pygrub"},{"key":"18_CR26","unstructured":"CVE-2010-0431: Qemu-kvm in redhat enterprise virtualization (rhev) 2.2 and kvm 83, does not properly validate guest qxl driver pointers, which allows guest os users to gain privileges via unspecified vectors"},{"key":"18_CR27","unstructured":"CVE-2009-1758: The hypervisor callback function in xen, as applied to the linux kernel 2.6.30-rc4 allows guest user applications to cause a denial of service of the guest os by triggering a segmentation fault in certain address ranges"},{"key":"18_CR28","unstructured":"Elhage, N.: Virtunoid: Breaking out of kvm (2011)"},{"key":"18_CR29","unstructured":"Kortchinsky, K.: Cloudburst: Hacking 3d (and breaking out of vmware). In: Black Hat Conference (2009)"},{"key":"18_CR30","unstructured":"Wojtczuk, R., Rutkowska, J.: Xen 0wning trilogy. In: Black Hat Conference (2008)"},{"key":"18_CR31","unstructured":"Secunia: Vulnerability report: Vmware esx server 3.x, \n                  \n                    http:\/\/secunia.com\/advisories\/product\/10757\/\n                  \n                  \n                ."},{"key":"18_CR32","unstructured":"Secunia: Xen multiple vulnerability report, \n                  \n                    http:\/\/secunia.com\/advisories\/44502\/"},{"key":"18_CR33","unstructured":"CVE-2009-2277: Cross-site scripting (xss) vulnerability in webaccess in vmware allows attackers to inject arbitrary web script via vectors related to context data"},{"key":"18_CR34","unstructured":"CVE-2009-1244: Vulnerability in the virtual machine display function in vmware workstation allows guest os users to execute arbitrary code on host os"},{"key":"18_CR35","unstructured":"Anderson, R., Kuhn, M.: Tamper resistance-a cautionary note. In: Proceedings of the Second Usenix Workshop on Electronic Commerce, vol.\u00a02, pp. 1\u201311 (1996)"},{"key":"18_CR36","unstructured":"Intel Coperation: Intel trusted execution technology (2011)"},{"key":"18_CR37","unstructured":"Intel Coperation: Intel trusted platform module (2003)"},{"key":"18_CR38","unstructured":"Wojtczuk, R., Rutkowska, J.: Attacking smm memory via intel cpu cache poisoning. Invisible Things Lab (2009)"},{"key":"18_CR39","unstructured":"Intel Corporation: Intel vprof technology, \n                  \n                    http:\/\/www.intel.com\/content\/www\/us\/en\/architecture-and-technology\/vpro\/vpro-technology-general.html"},{"key":"18_CR40","unstructured":"Intel Coperation: Serial ATA Advanced Host Controller Interface (2012)"},{"key":"18_CR41","unstructured":"Intel Corporation: Intel\u00ae Virtualization Technology Specification for Directed I\/O Specification, \n                  \n                    www.intel.com\/technology\/vt\/\n                  \n                  \n                ."}],"container-title":["Lecture Notes in Computer Science","Computer Security - ESORICS 2014"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-11203-9_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,22]],"date-time":"2019-09-22T20:08:16Z","timestamp":1569182896000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-11203-9_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319112022","9783319112039"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-11203-9_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}