{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T13:47:20Z","timestamp":1769003240670,"version":"3.49.0"},"reference-count":96,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372218"],"award-info":[{"award-number":["62372218"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U24A6009"],"award-info":[{"award-number":["U24A6009"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["PolyU15231223"],"award-info":[{"award-number":["PolyU15231223"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Ant Group Research Fund"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2026,1]]},"DOI":"10.1109\/tdsc.2025.3604008","type":"journal-article","created":{"date-parts":[[2025,8,29]],"date-time":"2025-08-29T17:44:37Z","timestamp":1756489477000},"page":"97-114","source":"Crossref","is-referenced-by-count":0,"title":["Complementing Confidential Computing Environment for Applications on Arm CCA"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4247-5202","authenticated-orcid":false,"given":"Yiming","family":"Zhang","sequence":"first","affiliation":[{"name":"School of Data Science and Engineering, Guangdong Polytechnic Normal University, Heyuan, China"}]},{"given":"Yuxin","family":"Hu","sequence":"additional","affiliation":[{"name":"Research Institute of Trustworthy Autonomous Systems, Southern University of Science and Technology, Shenzhen, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7763-1079","authenticated-orcid":false,"given":"Zhenyu","family":"Ning","sequence":"additional","affiliation":[{"name":"College of Computer Science and Electronic Engineering, Hunan University, Hunan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3365-2526","authenticated-orcid":false,"given":"Fengwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Research Institute of Trustworthy Autonomous Systems, Southern University of Science and Technology, Shenzhen, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9082-3208","authenticated-orcid":false,"given":"Xiapu","family":"Luo","sequence":"additional","affiliation":[{"name":"Department of Computing, The Hong Kong Polytechnic University, Hong Kong SAR, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-0616-6917","authenticated-orcid":false,"given":"Haoyang","family":"Huang","sequence":"additional","affiliation":[{"name":"Research Institute of Trustworthy Autonomous Systems, Southern University of Science and Technology, Shenzhen, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-9580-5395","authenticated-orcid":false,"given":"Shoumeng","family":"Yan","sequence":"additional","affiliation":[{"name":"Ant Group, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-7682-1019","authenticated-orcid":false,"given":"Zhengyu","family":"He","sequence":"additional","affiliation":[{"name":"Ant Group, Zhejiang, China"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Unlocking the power of data with arm CCA","year":"2021"},{"key":"ref2","first-page":"2261","article-title":"ReZone: Disarming TrustZone with TEE privilege reduction","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Cerdeira","year":"2022"},{"key":"ref3","article-title":"Arm TrustZone technology","year":"2021"},{"key":"ref4","article-title":"Secure platform","year":"2021"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2022.3152555"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00061"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.11"},{"key":"ref8","first-page":"541","article-title":"vTZ: Virtualizing ARM TrustZone","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Hua","year":"2017"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2622261"},{"key":"ref10","article-title":"Arm confidential compute architecture","year":"2021"},{"key":"ref11","article-title":"Arm confidential compute architecture software stack guide","year":"2021"},{"key":"ref12","article-title":"Arm realm management extension (RME) system architecture","year":"2022"},{"key":"ref13","first-page":"465","article-title":"Design and verification of the Arm confidential compute architecture","volume-title":"Proc. 16th USENIX Symp. Operating Syst. Des. Implementation","author":"Li","year":"2022"},{"key":"ref14","article-title":"Introducing Arm confidential compute architecture","year":"2021"},{"key":"ref15","article-title":"Learn the architecture - realm management extension","year":"2021"},{"key":"ref16","first-page":"489","article-title":"Hodor: Intra-process isolation for high-throughput data plane libraries","volume-title":"Proc. 2019 USENIX Annu. Tech. Conf.","author":"Hedayati","year":"2019"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064217"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"ref19","article-title":"The realm management extension (RME) for Armv9-A","year":"2021"},{"key":"ref20","article-title":"Arm fixed virtual platforms","year":"2021"},{"key":"ref21","article-title":"Arm SMMU architecture specification v3","year":"2023"},{"key":"ref22","article-title":"Arm generic interrupt controller","year":"2023"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.48"},{"key":"ref24","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2019.23448","article-title":"SANCTUARY: Arming trustzone with user-space enclaves","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Brasser","year":"2019"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483554"},{"key":"ref26","first-page":"4111","article-title":"Elasticlave: An efficient memory model for enclaves","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Yu","year":"2022"},{"key":"ref27","article-title":"Arm CCA Security Model 1.0","year":"2021"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23193"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-016-0141-6"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00083"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387541"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358310"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00042"},{"key":"ref34","article-title":"Arm CCA hardware architecture","year":"2021"},{"key":"ref35","article-title":"Deep dive into cma","year":"2021"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387532"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/2490301.2451145"},{"key":"ref38","article-title":"Arm a-profile A64 instruction set architecture","year":"2021"},{"key":"ref39","article-title":"Juno r2 arm development platform soc","year":"2016"},{"key":"ref40","article-title":"Trusted-Firmware-A","year":"2022"},{"key":"ref41","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2021.24328","article-title":"Emilia: Catching iago in legacy code","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Cui","year":"2021"},{"key":"ref42","article-title":"cloc: Count lines of code","year":"2021"},{"key":"ref43","article-title":"TF-RMM, released date 2022\/11\/09","year":"2022"},{"key":"ref44","article-title":"Cage: Complementing arm CCA with GPU extensions","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Wang","year":"2024"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417886"},{"key":"ref46","article-title":"AArch64 memory management","year":"2021"},{"key":"ref47","article-title":"Arm architecture reference manual for a-profile architecture","year":"2021"},{"key":"ref48","article-title":"The realm management extension (RME), for SMMUv3","year":"2021"},{"key":"ref49","first-page":"3423","article-title":"ACAI: Protecting accelerator execution with Arm confidential computing architecture","volume-title":"Proc. 33nd USENIX Secur. Symp.","author":"Sridhara","year":"2024"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132782"},{"key":"ref51","first-page":"841","article-title":"fTPM: A software-only implementation of a TPM chip","volume-title":"Proc. 25th USENIX Secur. Symp.","author":"Raj","year":"2016"},{"key":"ref52","article-title":"DigisparkHOTP","year":"2016"},{"key":"ref53","article-title":"AES algorithm implementation","year":"2020"},{"key":"ref54","article-title":"LeNet-5","year":"2017"},{"key":"ref55","article-title":"SqueezeNet","year":"2019"},{"key":"ref56","article-title":"Apache http server","year":"2022"},{"key":"ref57","article-title":"Memcached","year":"2022"},{"key":"ref58","article-title":"Nginx","year":"2022"},{"key":"ref59","article-title":"Byte-unixbench","year":"2022"},{"key":"ref60","first-page":"281","article-title":"Reverse debugging of kernel failures in deployed systems","volume-title":"Proc. 2020 USENIX Annu. Tech. Conf.","author":"Ge","year":"2020"},{"key":"ref61","article-title":"Support for arm CCA VMS on linux","year":"2023"},{"key":"ref62","article-title":"Sysbench: A system performance benchmark","year":"2023"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2861756"},{"key":"ref64","first-page":"391","article-title":"Rethinking system audit architectures for high event coverage and synchronous log availability","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Gandhi","year":"2023"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519565"},{"key":"ref66","article-title":"Measuring the impact of the linux memory manager","volume-title":"Proc. Libre Softw. Meeting","author":"Gorman","year":"2005"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2014.2320915"},{"key":"ref68","first-page":"645","article-title":"Graphene-SGX: A practical library os for unmodified applications on SGX","volume-title":"Proc. 2017 USENIX Annu. Tech. Conf.","author":"Tsai","year":"2017"},{"key":"ref69","first-page":"523","article-title":"BesFS: A POSIX filesystem for enclaves with a mechanized safety proof","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Shinde","year":"2020"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241161"},{"key":"ref71","first-page":"1073","article-title":"CURE: A security architecture with CUstomizable and resilient enclaves","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Bahmani","year":"2021"},{"key":"ref72","first-page":"689","article-title":"SCONE: Secure linux containers with intel SGX","volume-title":"Proc. 12th USENIX Symp. Operating Syst. Des. Implementation","author":"Arnautov","year":"2016"},{"key":"ref73","first-page":"285","article-title":"Glamdring: Automatic application partitioning for intel SGX","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Lind","year":"2017"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/3313808.3313810"},{"key":"ref75","article-title":"Secure encrypted virtualization","year":"2018","journal-title":""},{"key":"ref76","article-title":"Intel trust domain extensions","year":"2014","journal-title":""},{"key":"ref77","first-page":"437","article-title":"HyperEnclave: An open and cross-platform trusted execution environment","volume-title":"Proc. 2022 USENIX Annu. Tech. Conf.","author":"Jia","year":"2022"},{"key":"ref78","first-page":"805","article-title":"Faastlane: Accelerating function-as-a-service workflows","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Kotni","year":"2021"},{"key":"ref79","first-page":"1221","article-title":"ERIM: Secure, efficient in-process isolation with protection keys MPK","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Vahldiek-Oberwagner","year":"2019"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.12"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00263"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24026"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23009"},{"key":"ref84","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2017.23024","article-title":"Dynamic virtual address range adjustment for intra-level privilege separation on ARM","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Cho","year":"2017"},{"key":"ref85","first-page":"599","article-title":"VeriSMo: A verified security module for confidential VMS","volume-title":"Proc. 18th USENIX Symp. Operating Syst. Des. Implementation","author":"Zhou","year":"2024"},{"key":"ref86","first-page":"653","article-title":"CertiKOS: An extensible architecture for building certified concurrent OS kernels","volume-title":"Proc. 12th USENIX Symp. Operating Syst. Des. Implementation","author":"Gu","year":"2016"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.23919\/cje.2021.00.451"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132748"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/3081333.3081349"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/2541940.2541949"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.23919\/cje.2022.00.196"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.13"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363205"},{"key":"ref94","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2025.230147","article-title":"SCRUTINIZER: Towards secure forensics on compromised trustzone","volume-title":"Proc. 32nd Netw. Distrib. Syst. Secur. Symp.","author":"Zhang","year":"2025"},{"key":"ref95","first-page":"1651","article-title":"00SEVen\u2013re-enabling virtual machine forensics: Introspecting confidential VMs using privileged in-VM agents","volume-title":"Proc. 33rd USENIX Secur. Symp.","author":"Schwarz","year":"2024"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833714"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11354469\/11143955.pdf?arnumber=11143955","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T23:23:21Z","timestamp":1768951401000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11143955\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1]]},"references-count":96,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3604008","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1]]}}}