{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T07:58:16Z","timestamp":1772006296738,"version":"3.50.1"},"reference-count":81,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2237485,2452819"],"award-info":[{"award-number":["2237485,2452819"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,8]]},"DOI":"10.1109\/acsac67867.2025.00045","type":"proceedings-article","created":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T20:54:58Z","timestamp":1771966498000},"page":"425-439","source":"Crossref","is-referenced-by-count":0,"title":["Seti:Secure Time for Virtualized Systems"],"prefix":"10.1109","author":[{"given":"Adeel","family":"Nasrullah","sequence":"first","affiliation":[{"name":"UMass Amherst"}]},{"given":"Muhammad Abdullah","family":"Soomro","sequence":"additional","affiliation":[{"name":"UMass Amherst"}]},{"given":"Fatima Muhammad","family":"Anwar","sequence":"additional","affiliation":[{"name":"UMass Amherst"}]}],"member":"263","reference":[{"key":"ref1","first-page":"81","article-title":"Exploiting a natural network effect for scalable, fine-grained clock synchronization","volume-title":"15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18)","author":"Geng","year":"2018"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3386901.3389027"},{"key":"ref3","article-title":"Delivering nanosecond-level time synchronization to containerized software on a virtual machine","volume-title":"Workshop on Synchronization and Timing Systems (WSTS)","author":"Zage"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3578359.3593038"},{"key":"ref5","article-title":"Implementing resilient and reliable time synchronization for the power grid","volume-title":"Workshop on Synchronization and Timing Systems (WSTS)","author":"Abt","year":"2023"},{"key":"ref6","article-title":"Ptp security best practices for the broadcast and professional media industries","volume-title":"Workshop on Synchronization and Timing Systems (WSTS)","author":"Whitcomb","year":"2022"},{"key":"ref7","article-title":"Timing\u2019s critical role in capacity expansion and cost savings for 5g networks","volume-title":"Workshop on Synchronization and Timing Systems (WSTS)","author":"Traore"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3561972"},{"key":"ref9","article-title":"Precision clock and time synchronization on your ec2 instance","volume-title":"A. W. S. (AWS)","year":"2023"},{"key":"ref10","article-title":"Synchronizing the cloud to support ai applications","volume-title":"Workshop on Synchronization and Timing Systems (WSTS)","author":"Kumar"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ISPCS55791.2022.9918379"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/CloudCom59040.2023.00037"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2484402.2484406"},{"key":"ref15","first-page":"1357","article-title":"Protecting cloud virtual machines from hypervisor and host operating system exploits","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Li"},{"key":"ref16","first-page":"1695","article-title":"(mostly) exitless {VM} protection from untrusted hypervisor through disaggregated nested virtualization","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Mi","year":"2020"},{"key":"ref17","article-title":"Quark: A high-performance secure container runtime for serverless computing","author":"Zhao","year":"2023","journal-title":"arXiv preprint"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/MCOMSTD.2017.1600768ST"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/TRO.2021.3075644"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3485833"},{"key":"ref21","article-title":"Overclocking proximity checks in contactless smartcards","volume-title":"University of Cambridge Cambridge, UK","author":"Celiano","year":"2018"},{"key":"ref22","article-title":"Intel tdx architecture","volume-title":"Intel","year":"2024"},{"key":"ref23","volume-title":"Sev secure nested paging firmware abi specification","year":"2023"},{"key":"ref24","article-title":"Enabling realms with the arm confidential compute architecture","volume-title":"USENIX; login","author":"Li","year":"2023"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/MASCOTS59514.2023.10387607"},{"key":"ref26","article-title":"Performance considerations of intel\u00ae trust domain extensions on 4th generation intel\u00ae xeon\u00ae scalable processors","volume-title":"Intel","year":"2024"},{"key":"ref27","first-page":"1","article-title":"Bifrost: Analysis and optimization of network I\/O tax in confidential virtual machines","volume-title":"2023 USENIX Annual Technical Conference (USENIX ATC 23)","author":"Li"},{"key":"ref28","first-page":"305","article-title":"T3e: A practical solution to trusted time in secure enclaves","volume-title":"Network and System Security: 17th International Conference, NSS 2023","author":"Hamidy"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/RTSS46320.2019.00018"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS61025.2024.00009"},{"key":"ref31","first-page":"6043","article-title":"Remote direct memory introspection","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Liu"},{"key":"ref32","first-page":"1651","article-title":"00SEVen - re-enabling virtual machine forensics: Introspecting confidential VMs using privileged in-Vm agents","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Schwarz"},{"key":"ref33","article-title":"CLOUDBURST: Hacking 3d (and breaking out of vmware)","volume-title":"Black Hat USA Technical Briefings, 2009","author":"Kortchinsky"},{"key":"ref34","first-page":"2015","article-title":"VENOM: Virtualized environment neglected operations manipulation","author":"Geffner","year":"2015","journal-title":"CrowdStrike disclosure and Red Hat security advisory"},{"key":"ref35","doi-asserted-by":"crossref","DOI":"10.1145\/3319535.3354252","article-title":"Zombieload: Cross-privilege-boundary data sampling","volume-title":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Schwarz"},{"key":"ref36","first-page":"541","article-title":"vTZ: Virtualizing ARM TrustZone","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Hua"},{"key":"ref37","article-title":"Virtualizing intel\u00ae software guard extensions with kvm and qemu","volume-title":"Intel","year":"2021"},{"key":"ref38","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2021.24302","article-title":"A Devil of $a$ Time: How Vulnerable is NTP to Malicious Timeservers?","volume-title":"Proceedings of the 2021 Network and Distributed System Security Symposium (NDSS \u201921","author":"Perry"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/globecom48099.2022.10001666"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/ispcs.2009.5340224"},{"key":"ref41","article-title":"PTPsec: Securing the precision time protocol against time delay attacks using cyclic path asymmetry analysis","volume-title":"arXiv preprint","volume":"2401.10664","author":"Finkenzeller","year":"2024"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00049"},{"issue":"4","key":"ref43","doi-asserted-by":"crossref","first-page":"553","DOI":"10.3233\/JCS-130474","article-title":"Scheduler vulnerabilities and coordinated attacks in cloud computing","volume":"21","author":"Zhou","year":"2013","journal-title":"Journal of Computer Security"},{"key":"ref44","volume-title":"Time synchronization in virtual machines. Meinbe Global Knowledge Base","author":"Burnicki","year":"2024"},{"key":"ref45","first-page":"cVE-2017","volume-title":"XSA-223: Arm guest disabling inter-rupt may crash xen","author":"Project","year":"2017"},{"key":"ref46","article-title":"HECK-LER: Breaking confidential vms with malicious interrupts","volume-title":"Proceedings of the 33rd USENIX Security Symposium","author":"Schl\u00fcter","year":"2024"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/8033799"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/iiswc50251.2020.00021"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.53"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866313"},{"key":"ref51","author":"Myers","year":"2018","journal-title":"Using the intel stm for protected execution"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.38"},{"key":"ref53","article-title":"Breaking turtles all the way down: An exploitation chain to break out of VMware ESXi","volume-title":"13th USENIX Workshop on Offensive Technologies (WOOT \u201919)","author":"Zhao","year":"2019"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.31"},{"key":"ref55","first-page":"191","article-title":"A virtual machine introspection based architecture for intrusion detection","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS 2003)","author":"Garfinkel","year":"2003"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/2994459.2994470"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2019.00040"},{"key":"ref58","article-title":"How do i get access to the firmware customization portal for intel\u00ae servers and use the customization template?","volume-title":"Intel","year":"2024"},{"key":"ref59","volume-title":"Rdma over ethernet - the rocky road to convergence","author":"Hoff","year":"2015"},{"key":"ref60","article-title":"RoCE in the Data Center","volume-title":"Mellanox Technologies, White Paper","year":"2014"},{"key":"ref61","article-title":"RDMA over Converged Ethernet (RoCE) Design Guide","volume-title":"Technical Reference Manual","year":"2019"},{"key":"ref62","volume-title":"NVIDIA Networking, Kernel Transport Layer Security (kTLS) Offloads","year":"2023"},{"key":"ref63","article-title":"The Linux Kernel Community","volume-title":"Kernel TLS Offload","year":"2024"},{"key":"ref64","article-title":"sRDMA: Efficient nic-based authentication and encryption for rdma","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX SEC)","author":"Taranov","year":"2019"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/IISWC.2013.6704682"},{"key":"ref66","article-title":"Performance implications of system management mode","volume-title":"Proceedings of the IEEE International Symposium on Workload Characterization (IISWC)","author":"Karavanic","year":"2013"},{"key":"ref67","first-page":"28","article-title":"Vigilare: Toward snoop-based kernel integrity monitor","volume-title":"Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS)","author":"Moon","year":"2012"},{"key":"ref68","article-title":"EPA-RIMM: A framework for dynamic smm-based runtime integrity measurement","volume-title":"arXiv preprint","author":"Delgado","year":"2018"},{"key":"ref69","article-title":"A rendezvous with system management interrupts","volume-title":"NCC Group Research Blog","author":"Pey","year":"2022"},{"key":"ref70","volume-title":"Is there a way to determine that an smm interrupt has occurred? Stack Overflow Q&A, question #50790715","author":"Brais","year":"2018"},{"key":"ref71","article-title":"An analysis of system management mode (smm)-based integrity checking systems and evasion attacks","volume-title":"George Mason University, Department of Computer Science, Technical Report GMU-CS-TR-2011\u20138","author":"Wang","year":"2011"},{"key":"ref72","doi-asserted-by":"crossref","DOI":"10.1145\/3372297.3417248","article-title":"Methodologies for quantifying (re-)randomization security and timing under jit-rop","volume-title":"Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS)","author":"Ahmed","year":"2020"},{"key":"ref73","first-page":"arXiv-2405","article-title":"Towards cloud efficiency with large-scale workload characterization","author":"Parayil","year":"2024","journal-title":"arXiv e-prints"},{"key":"ref74","volume-title":"stress-ng (stress next generation","author":"King","year":"2019"},{"key":"ref76","article-title":"ConnectX-4 Lx EN Adapter Card Product Brief","volume-title":"NVIDIA Corporation, Tech. Rep.","year":"2020"},{"key":"ref77","article-title":"NVIDIA Networking Documentation","volume-title":"RDMA over Converged Ethernet, NVIDIA Docs Hub","year":"2023"},{"key":"ref78","article-title":"Intel\u00ae core\u2122 i7\u20139700k processor specifications","volume-title":"I. Corporation","year":"2024"},{"key":"ref79","article-title":"Xen project 4.17 release notes","volume-title":"X. Project","year":"2022"},{"key":"ref80","article-title":"bpftrace tutorial: One-liners","volume-title":"bpftrace Developers","year":"2025"},{"key":"ref81","volume-title":"Temporal convolutional networks: A unified approach to action segmentation","author":"Lea","year":"2016"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/3319647.3325827"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507779"}],"event":{"name":"2025 IEEE Annual Computer Security Applications Conference (ACSAC)","location":"Honolulu, HI, USA","start":{"date-parts":[[2025,12,8]]},"end":{"date-parts":[[2025,12,12]]}},"container-title":["2025 IEEE Annual Computer Security Applications Conference (ACSAC)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11391636\/11391706\/11392079.pdf?arnumber=11392079","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T07:01:35Z","timestamp":1772002895000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11392079\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":81,"URL":"https:\/\/doi.org\/10.1109\/acsac67867.2025.00045","relation":{},"subject":[],"published":{"date-parts":[[2025,12,8]]}}}