{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T23:51:32Z","timestamp":1777593092139,"version":"3.51.4"},"reference-count":101,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2023,8,1]],"date-time":"2023-08-01T00:00:00Z","timestamp":1690848000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,8,1]],"date-time":"2023-08-01T00:00:00Z","timestamp":1690848000000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,8,1]],"date-time":"2023-08-01T00:00:00Z","timestamp":1690848000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,8,1]],"date-time":"2023-08-01T00:00:00Z","timestamp":1690848000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Institute of Civil Military Technology Cooperation Center","award":["18-CM-SW-09"],"award-info":[{"award-number":["18-CM-SW-09"]}]},{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["NRF-2019-Ph.D"],"award-info":[{"award-number":["NRF-2019-Ph.D"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Institute of Information and Communications Technology Planning and Evaluation","award":["IITP\/MSIT[2022-0-01202]"],"award-info":[{"award-number":["IITP\/MSIT[2022-0-01202]"]}]},{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["NRF-2021R1G1A100632611"],"award-info":[{"award-number":["NRF-2021R1G1A100632611"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1563848"],"award-info":[{"award-number":["CNS-1563848"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Korea Internet and Security Agency","award":["1781000003"],"award-info":[{"award-number":["1781000003"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE\/ACM Trans. Networking"],"published-print":{"date-parts":[[2023,8]]},"DOI":"10.1109\/tnet.2022.3220427","type":"journal-article","created":{"date-parts":[[2022,11,17]],"date-time":"2022-11-17T20:33:20Z","timestamp":1668717200000},"page":"1595-1610","source":"Crossref","is-referenced-by-count":14,"title":["Scalable and Secure Virtualization of HSM With ScaleTrust"],"prefix":"10.1109","volume":"31","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5522-2722","authenticated-orcid":false,"given":"Juhyeng","family":"Han","sequence":"first","affiliation":[{"name":"School of Electrical Engineering, Korea Advanced Institute of Science and Technology, Daejeon, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8931-2833","authenticated-orcid":false,"given":"Insu","family":"Yun","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering, Korea Advanced Institute of Science and Technology, Daejeon, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8183-0641","authenticated-orcid":false,"given":"Seongmin","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Convergence Security Engineering, Sungshin Women’s University, Seoul, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7440-2067","authenticated-orcid":false,"given":"Taesoo","family":"Kim","sequence":"additional","affiliation":[{"name":"School of Cybersecurity and Privacy and the School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0904-2875","authenticated-orcid":false,"given":"Sooel","family":"Son","sequence":"additional","affiliation":[{"name":"School of Computing, Korea Advanced Institute of Science and Technology, Daejeon, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6922-7244","authenticated-orcid":false,"given":"Dongsu","family":"Han","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering, Korea Advanced Institute of Science and Technology, Daejeon, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref57","year":"0","journal-title":"Microsoft Azure Dedicated HSM"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/2487726.2488368"},{"key":"ref59","year":"0","journal-title":"Microsoft Identity Platform"},{"key":"ref58","year":"0","journal-title":"Microsoft Azure Key Vault"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE.2018.00030"},{"key":"ref52","author":"leiseboer","year":"0","journal-title":"PKCS #11 Cryptographic Token Interface Usage Guide Version 2 40"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133961"},{"key":"ref54","year":"0","journal-title":"LiquidSecurity and NITROX HSM Adapters"},{"key":"ref51","first-page":"557","article-title":"Inferring fine-grained control flow inside SGX enclaves with branch shadowing","author":"lee","year":"2017","journal-title":"Proc 26th USENIX Secur Symp (Security)"},{"key":"ref50","article-title":"Hacking in darkness: Return-oriented programming against secure enclaves","author":"lee","year":"2017","journal-title":"Proc 26th USENIX Secur Symp (Security)"},{"key":"ref46","author":"barr","year":"0","journal-title":"AWS CloudTrail Update—SSE-KMS Encryption & Log File Integrity Verification"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3152701.3152709"},{"key":"ref48","article-title":"Enhancing security and privacy of tor’s ecosystem by using trusted execution environments","author":"kim","year":"2017","journal-title":"Proc 14th USENIX Symp Networked Syst Design Implement (NSDI)"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7519"},{"key":"ref42","year":"0","journal-title":"IBM Cloud HSM"},{"key":"ref41","year":"0","journal-title":"Connecting to IBM Cloud HSM"},{"key":"ref44","year":"0","journal-title":"Intel® SGX Attestation Service Utilizing Enhanced Privacy ID (EPID)"},{"key":"ref43","year":"0","journal-title":"Intel Software Guard Extensions SDK for Linux OS"},{"key":"ref49","author":"konkel","year":"0","journal-title":"The Pentagon Isn’t Ready Yet for Classified Information to be Stored Off-Premise in the Cloud"},{"key":"ref8","year":"0","journal-title":"AWS Key Management Service (KMS)"},{"key":"ref7","year":"0","journal-title":"AWS CloudHSM"},{"key":"ref9","year":"0","journal-title":"FIPS 140-2 Non-Proprietary Security Policy AWS Key Management Service HSM"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23284"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23513"},{"key":"ref6","year":"0","journal-title":"Authenticating to PKCS #11"},{"key":"ref5","year":"0","journal-title":"Alibaba Cloud Key Management Service"},{"key":"ref100","year":"0","journal-title":"YubiHSM 2"},{"key":"ref101","first-page":"283","article-title":"Opaque: An oblivious and encrypted distributed analytics platform","author":"zheng","year":"2017","journal-title":"Proc 14th USENIX Symp Networked Syst Design Implement"},{"key":"ref40","article-title":"Ryoan: A distributed sandbox for untrusted computation on secret data","author":"hunt","year":"2016","journal-title":"Proc of USENIX Symp on Operating Systems Design and Implementation (OSDI)"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48063.2020.00063"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3065913.3065915"},{"key":"ref37","article-title":"High-resolution side channels for untrusted operating systems","author":"h\u00e4hnel","year":"2017","journal-title":"Proc USENIX Annu Tech Conf (ATC)"},{"key":"ref36","article-title":"Strong and efficient cache side-channel protection using hardware transactional memory","author":"gruss","year":"2017","journal-title":"Proc 26th USENIX Secur Symp (Security)"},{"key":"ref31","year":"0","journal-title":"Fortanix Delivers First Hybrid Cloud Data Security Solution That Integrates Cloud Native Applications With Legacy HSMs"},{"key":"ref30","article-title":"SPORC: Group collaboration using untrusted cloud resources","author":"feldman","year":"2010","journal-title":"Proc of the 2nd USENIX Symp on Operating Systems Design and Implementation (OSDI)"},{"key":"ref33","year":"0","journal-title":"Google Cloud HSM"},{"key":"ref32","year":"0","journal-title":"Hardware Security Modules"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3342559.3365335"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3106989.3106994"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387552"},{"key":"ref23","article-title":"SafetyPin: Encrypted backups with human-memorable secrets","author":"dauterman","year":"2020","journal-title":"Proc of USENIX Symp on Operating Systems Design and Implementation (OSDI)"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3339814"},{"key":"ref25","article-title":"M2R: Enabling stronger privacy in MapReduce computation","author":"dinh","year":"2015","journal-title":"Proc 24th USENIX Secur Symp (Security)"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ICSA.2018.00013"},{"key":"ref22","year":"0","journal-title":"ES256"},{"key":"ref21","year":"0","journal-title":"The DNSSEC Root Signing Ceremony"},{"key":"ref28","year":"0","journal-title":"HSMs in a Payment Industry"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-38F"},{"key":"ref29","year":"0","journal-title":"Entrust nShield Connect HSMs"},{"key":"ref13","article-title":"Shielding applications from an untrusted cloud with haven","author":"baumann","year":"2014","journal-title":"Proc of USENIX Symp on Operating Systems Design and Implementation (OSDI)"},{"key":"ref12","first-page":"1","article-title":"SCONE: Secure Linux containers with Intel SGX","author":"arnautov","year":"2016","journal-title":"Proc of USENIX Symp on Operating Systems Design and Implementation (OSDI)"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3152701.3152710"},{"key":"ref14","article-title":"Everybody be cool, this is a robbery!","author":"b\u00e9drune","year":"2019","journal-title":"Proc Black Hat USA Briefings (Black Hat USA)"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00064"},{"key":"ref11","year":"0","journal-title":"Working With Amazon CloudWatch Logs and AWS CloudHSM"},{"key":"ref99","year":"0","journal-title":"Developer Guide for YubiHSM2—GET Log Entries"},{"key":"ref10","year":"0","journal-title":"How Amazon DynamoDB Uses AWS KMS"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE.2018.00011"},{"key":"ref17","article-title":"The guard’s dilemma: Efficient code-reuse attacks against Intel SGX","author":"biondo","year":"2018","journal-title":"Proc 27th USENIX Secur Symp (Security)"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SEC.2016.15"},{"key":"ref19","article-title":"Intel SGX enabled key manager service with OpenStack barbican","author":"chakrabarti","year":"2017","journal-title":"arXiv 1712 07694"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978301"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00089"},{"key":"ref92","first-page":"991","article-title":"Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution","author":"van bulck","year":"2018","journal-title":"Proc 27th USENIX Secur Symp (Security)"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00087"},{"key":"ref94","author":"van schaik","year":"2020","journal-title":"SGAxe how SGX fails in practice"},{"key":"ref91","year":"0","journal-title":"SecurityServer Se Gen2"},{"key":"ref90","year":"0","journal-title":"How HSMs Support Secure Multi-Tenancy?"},{"key":"ref89","first-page":"505","article-title":"Civet: An efficient Java partitioning framework for hardware enclaves","author":"tsai","year":"2020","journal-title":"Proc 29th USENIX Secur Symp (USENIX Security)"},{"key":"ref86","year":"0","journal-title":"What is FIPS 140-2?"},{"key":"ref85","year":"0","journal-title":"Thales Luna PCIe HSM"},{"key":"ref88","first-page":"1","article-title":"Graphene-SGX: A practical library OS for unmodified applications on SGX","author":"tsai","year":"2017","journal-title":"Proc 2017 USENIX Annu Tech Conf (ATC)"},{"key":"ref87","year":"0","journal-title":"The Apache HTTP Server Project"},{"key":"ref82","year":"0","journal-title":"Data Protection On Demand"},{"key":"ref81","year":"0","journal-title":"Confirm the HSM’s Authenticity"},{"key":"ref84","year":"0","journal-title":"Thales Luna Network HSM"},{"key":"ref83","year":"0","journal-title":"Luna General Purpose HSMs"},{"key":"ref80","year":"0","journal-title":"Audit Logging"},{"key":"ref79","year":"0","journal-title":"Application Partitions"},{"key":"ref78","first-page":"6245","article-title":"A survey of cloud authentication attacks and solution approaches","volume":"2","author":"sumitra","year":"2014","journal-title":"Int J Innov Res Comput Commun Eng"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/2876019.2876032"},{"key":"ref74","year":"0","journal-title":"SafeNet Luna Network Hardware Security Modules S790"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23500"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23193"},{"key":"ref2","year":"2021","journal-title":"2021 Global Encryption Trends Study"},{"key":"ref1","article-title":"FIPS PUB 140-2: Security requirements for cryptographic modules","author":"evans","year":"2001","journal-title":"Federal Information Processing Standards Publication"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23239"},{"key":"ref70","article-title":"SafeBricks: Securing network functions in the cloud","author":"poddar","year":"2018","journal-title":"Proc USENIX NSDI"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354252"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.10"},{"key":"ref68","year":"0","journal-title":"OpenSSL—Cryptography and SSL\/TLS Toolkit"},{"key":"ref67","year":"0","journal-title":"SoftHSMv2 GitHub"},{"key":"ref69","author":"phegade","year":"0","journal-title":"Self-Defending Key Management Service With Intel® Software Guard Extensions"},{"key":"ref64","author":"sullivan","year":"0","journal-title":"Going Keyless Everywhere"},{"key":"ref63","author":"sullivan","year":"0","journal-title":"Keyless SSL The Nitty Gritty Technical Details"},{"key":"ref66","year":"0","journal-title":"SoftHSM"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417265"},{"key":"ref60","year":"0","journal-title":"Monitoring Azure Key Vault—Alerts"},{"key":"ref62","year":"0","journal-title":"Subscription-Based HSMs"},{"key":"ref61","year":"0","journal-title":"Frequently Asked Questions (FAQ)"}],"container-title":["IEEE\/ACM Transactions on Networking"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/90\/10223306\/9954229-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/90\/10223306\/09954229.pdf?arnumber=9954229","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,4]],"date-time":"2023-09-04T18:31:25Z","timestamp":1693852285000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9954229\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8]]},"references-count":101,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tnet.2022.3220427","relation":{},"ISSN":["1063-6692","1558-2566"],"issn-type":[{"value":"1063-6692","type":"print"},{"value":"1558-2566","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8]]}}}