{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T22:07:47Z","timestamp":1743026867622,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":48,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819787975"},{"type":"electronic","value":"9789819787982"}],"license":[{"start":{"date-parts":[[2024,12,25]],"date-time":"2024-12-25T00:00:00Z","timestamp":1735084800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,12,25]],"date-time":"2024-12-25T00:00:00Z","timestamp":1735084800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-97-8798-2_9","type":"book-chapter","created":{"date-parts":[[2024,12,24]],"date-time":"2024-12-24T06:00:00Z","timestamp":1735020000000},"page":"165-184","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Cabin: Confining Untrusted Programs Within Confidential VMs"],"prefix":"10.1007","author":[{"given":"Benshan","family":"Mei","sequence":"first","affiliation":[]},{"given":"Saisai","family":"Xia","sequence":"additional","affiliation":[]},{"given":"Wenhao","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Dongdai","family":"Lin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,12,25]]},"reference":[{"key":"9_CR1","unstructured":"Arm confidential compute architecture (2024). https:\/\/developer.arm.com\/documentation\/den0125\/0300\/"},{"key":"9_CR2","unstructured":"Freax13\/mushroom: Run integrity protected workloads in a hardware based trusted execution environment (2024). https:\/\/github.com\/Freax13\/mushroom"},{"key":"9_CR3","unstructured":"Linux\/unix nbench (2024). https:\/\/www.math.utah.edu\/~mayer\/linux\/bmark.html"},{"key":"9_CR4","unstructured":"Secure VM service module for SEV-SNP guests (2024). https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-technical-docs\/specifications\/58019.pdf"},{"key":"9_CR5","unstructured":"SEV secure nested paging firmware ABI specification (2024). https:\/\/www.amd.com\/system\/files\/TechDocs\/56860.pdf"},{"key":"9_CR6","unstructured":"VDSO - wikipedia (2024). https:\/\/en.wikipedia.org\/wiki\/VDSO"},{"key":"9_CR7","unstructured":"WolfSSL and wolfCrypt benchmarks - embedded SSL\/TLS library (2024). https:\/\/github.com\/wolfSSL\/wolfssl"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Ahmad, A., Ou, B., Liu, C., Zhang, X., Fonseca, P.: VEIL: a protected services framework for confidential virtual machines. In: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, vol. 4, pp. 378\u2013393 (2024)","DOI":"10.1145\/3623278.3624763"},{"key":"9_CR9","unstructured":"ARM: Evolution of the arm confidential compute architecture (2024). https:\/\/www.youtube.com\/watch?v=1AsvIt7bSLY"},{"key":"9_CR10","unstructured":"Buhren, R.: Resource control attacks against encrypted virtual machines, Ph.D. thesis, Dissertation, Berlin, Technische Universit\u00e4t Berlin, 2022 (2022)"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Chen, Y., et al.: NORAX: enabling execute-only memory for COTS Binaries on AArch64. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 304\u2013319. IEEE (2017)","DOI":"10.1109\/SP.2017.30"},{"key":"9_CR12","unstructured":"Cheng, P.C., et al.: Intel TDX demystified: a top-down approach. arXiv preprint arXiv:2303.15540 (2023)"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Christou, G., Ntousakis, G., Lahtinen, E., Ioannidis, S., Kemerlis, V.P., Vasilakis, N.: BinWrap: hybrid protection against native Node.js Add-ons. In: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, pp. 429\u2013442 (2023)","DOI":"10.1145\/3579856.3590330"},{"key":"9_CR14","unstructured":"Connor, R.J., McDaniel, T., Smith, J.M., Schuchard, M.: PKU Pitfalls: attacks on PKU-based memory isolation systems. In: 29th USENIX Security Symposium, USENIX Security 20, pp. 1409\u20131426 (2020)"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Delshadtehrani, L., Canakci, S., Blair, W., Egele, M., Joshi, A.: FlexFilt: towards flexible instruction filtering for security. In: Proceedings of the 37th Annual Computer Security Applications Conference, pp. 646\u2013659 (2021)","DOI":"10.1145\/3485832.3488019"},{"key":"9_CR16","unstructured":"Delshadtehrani, L., Canakci, S., Zhou, B., Eldridge, S., Joshi, A., Egele, M.: PHMon: a programmable hardware monitor and its security use cases. In: 29th USENIX Security Symposium, USENIX Security 20, pp. 807\u2013824 (2020)"},{"key":"9_CR17","unstructured":"DeMarinis, N., Williams-King, K., Jin, D., Fonseca, R., Kemerlis, V.P.: sysfilter: automated system call filtering for commodity software. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), pp. 459\u2013474 (2020)"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"Gaidis, A.J., Atlidakis, V., Kemerlis, V.P.: SysXCHG: refining privilege with adaptive system call filters. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pp. 1964\u20131978 (2023)","DOI":"10.1145\/3576915.3623137"},{"key":"9_CR19","unstructured":"Garfinkel, T., Pfaff, B., Rosenblum, M., et\u00a0al.: Ostia: a delegating architecture for secure system call interposition. In: NDSS (2004)"},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Ge, X., Kuo, H.C., Cui, W.: Hecate: lifting and shifting on-premises workloads to an untrusted cloud. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 1231\u20131242 (2022)","DOI":"10.1145\/3548606.3560592"},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Gravani, S., Hedayati, M., Criswell, J., Scott, M.L.: Fast intra-kernel isolation and security with IskiOS. In: Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 119\u2013134 (2021)","DOI":"10.1145\/3471621.3471849"},{"key":"9_CR22","unstructured":"Hedayati, M., et al.: Hodor: intra-process isolation for high-throughput data plane libraries. In: 2019 USENIX Annual Technical Conference, USENIX ATC 19, pp. 489\u2013504 (2019)"},{"key":"9_CR23","unstructured":"Ibrahim, K.A.: Secure isolation and migration of untrusted legacy applications (2021)"},{"key":"9_CR24","unstructured":"Intel: Intel software guard extensions developer guide (2022). https:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/671334\/intel-software-guard-extensions-intel-sgx-developer-guide.html"},{"key":"9_CR25","doi-asserted-by":"crossref","unstructured":"Kirth, P., et al.: PKRU-Safe: automatically locking down the heap between safe and unsafe languages. In: Proceedings of the Seventeenth European Conference on Computer Systems, pp. 132\u2013148 (2022)","DOI":"10.1145\/3492321.3519582"},{"key":"9_CR26","unstructured":"Kwon, D., Shin, J., Kim, G., Lee, B., Cho, Y., Paek, Y.: uXOM: efficient eXecute-only memory on ARM Cortex-M. In: 28th USENIX Security Symposium, USENIX Security 19, pp. 231\u2013247 (2019)"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Li, M., Wilke, L., Wichelmann, J., Eisenbarth, T., Teodorescu, R., Zhang, Y.: A systematic look at ciphertext side channels on AMD Sev-SNP. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 337\u2013351. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833768"},{"key":"9_CR28","unstructured":"Mai, H., et al.: Honeycomb: Secure and efficient GPU executions via static validation. In: 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI 23), pp. 155\u2013172 (2023)"},{"issue":"4","key":"9_CR29","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1109\/MM.2021.3086541","volume":"41","author":"M Mattioli","year":"2021","unstructured":"Mattioli, M.: Rome to Milan, AMD continues its tour of Italy. IEEE Micro 41(4), 78\u201383 (2021)","journal-title":"IEEE Micro"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Mofrad, S., Zhang, F., Lu, S., Shi, W.: A comparison study of intel SGX and AMD memory encryption technology. In: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, pp.\u00a01\u20138 (2018)","DOI":"10.1145\/3214292.3214301"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Narayanan, V., et al.: Remote attestation of Sev-SNP confidential VMS using e-vTPMs (2023)","DOI":"10.1145\/3627106.3627112"},{"key":"9_CR32","doi-asserted-by":"crossref","unstructured":"Orenbach, M., Lifshits, P., Minkin, M., Silberstein, M.: Eleos: Exitless OS services for SGX enclaves. In: Proceedings of the Twelfth European Conference on Computer Systems, pp. 238\u2013253 (2017)","DOI":"10.1145\/3064176.3064219"},{"key":"9_CR33","unstructured":"Park, S., Lee, S., Xu, W., Moon, H., Kim, T.: libmpk: software abstraction for intel memory protection keys (Intel MPK). In: 2019 USENIX Annual Technical Conference, USENIX ATC 19, pp. 241\u2013254 (2019)"},{"key":"9_CR34","doi-asserted-by":"crossref","unstructured":"Park, T., Dhondt, K., Gens, D., Na, Y., Volckaert, S., Franz, M.: NoJITsu: locking down JavaScript engines. In: Proceedings 2020 Network and Distributed System Security Symposium. Internet Society (2020)","DOI":"10.14722\/ndss.2020.24262"},{"key":"9_CR35","doi-asserted-by":"crossref","unstructured":"Pecholt, J., Wessel, S.: CoCoTPM: trusted platform modules for virtual machines in confidential computing environments. In: Proceedings of the 38th Annual Computer Security Applications Conference, pp. 989\u2013998 (2022)","DOI":"10.1145\/3564625.3564648"},{"key":"9_CR36","unstructured":"Potter, S., Nieh, J., Selsky, M.: Secure isolation of untrusted legacy applications. In: LISA, vol.\u00a07, pp. 1\u201314 (2007)"},{"key":"9_CR37","doi-asserted-by":"crossref","unstructured":"Qin, H., et al.: Protecting encrypted virtual machines from nested page fault controlled channel. In: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy, pp. 165\u2013175 (2023)","DOI":"10.1145\/3577923.3583659"},{"key":"9_CR38","doi-asserted-by":"crossref","unstructured":"Rajagopalan, V.L., Kleftogiorgos, K., G\u00f6ktas, E., Xu, J., Portokalidis, G.: SYSPART: automated temporal system call filtering for binaries. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pp. 1979\u20131993 (2023)","DOI":"10.1145\/3576915.3623207"},{"key":"9_CR39","unstructured":"Schrammel, D., Weiser, S., Sadek, R., Mangard, S.: Jenny: securing Syscalls for PKU-based memory isolation systems. In: 31st USENIX Security Symposium, USENIX Security 22, pp. 936\u2013952 (2022)"},{"key":"9_CR40","unstructured":"Schrammel, D., et al.: Donky: domain keys\u2013efficient In-Process isolation for RISC-V and x86. In: 29th USENIX Security Symposium, USENIX Security 20, pp. 1677\u20131694 (2020)"},{"key":"9_CR41","unstructured":"AMD SEV-SNP: Strengthening VM isolation with integrity protection and more. White Paper, p.\u00a08 (2020)"},{"key":"9_CR42","doi-asserted-by":"crossref","unstructured":"Shen, Z., Dharsee, K., Criswell, J.: Fast execute-only memory for embedded systems. In: 2020 IEEE Secure Development (SecDev), pp. 7\u201314. IEEE (2020)","DOI":"10.1109\/SecDev45635.2020.00017"},{"key":"9_CR43","doi-asserted-by":"crossref","unstructured":"Song, S., Suneja, S., Le, M.V., Tak, B.: On the value of sequence-based system call filtering for container security. In: 2023 IEEE 16th International Conference on Cloud Computing (CLOUD), pp. 296\u2013307. IEEE (2023)","DOI":"10.1109\/CLOUD60044.2023.00043"},{"key":"9_CR44","unstructured":"Vahldiek-Oberwagner, A., Elnikety, E., Duarte, N.O., Sammler, M., Druschel, P., Garg, D.: ERIM: secure, efficient in-process isolation with protection keys. In: 28th USENIX Security Symposium, USENIX Security 19, pp. 1221\u20131238 (2019)"},{"key":"9_CR45","doi-asserted-by":"crossref","unstructured":"Voulimeneas, A., Vinck, J., Mechelinck, R., Volckaert, S.: You shall not (by)pass! practical, secure, and fast PKU-based sandboxing. In: Proceedings of the Seventeenth European Conference on Computer Systems, pp. 266\u2013282 (2022)","DOI":"10.1145\/3492321.3519560"},{"key":"9_CR46","doi-asserted-by":"crossref","unstructured":"Wang, X., Yeoh, S., Olivier, P., Ravindran, B.: Secure and efficient in-process monitor (and library) protection with intel MPK. In: Proceedings of the 13th European workshop on Systems Security, pp. 7\u201312 (2020)","DOI":"10.1145\/3380786.3391398"},{"issue":"2","key":"9_CR47","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1145\/3140659.3080208","volume":"45","author":"O Weisse","year":"2017","unstructured":"Weisse, O., Bertacco, V., Austin, T.: Regaining lost cycles with HotCalls: a fast interface for SGX secure enclaves. ACM SIGARCH Comput. Archit. News 45(2), 81\u201393 (2017)","journal-title":"ACM SIGARCH Comput. Archit. News"},{"key":"9_CR48","doi-asserted-by":"crossref","unstructured":"Zhang, M., Polychronakis, M., Sekar, R.: Protecting COTS binaries from disclosure-guided code reuse attacks. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 128\u2013140 (2017)","DOI":"10.1145\/3134600.3134634"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-8798-2_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,24]],"date-time":"2024-12-24T06:02:46Z","timestamp":1735020166000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-8798-2_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,25]]},"ISBN":["9789819787975","9789819787982"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-8798-2_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,12,25]]},"assertion":[{"value":"25 December 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Mytilene","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/icics2024.aegean.gr","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}