{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T03:48:08Z","timestamp":1772164088931,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,4,8]],"date-time":"2017-04-08T00:00:00Z","timestamp":1491609600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,4,8]]},"DOI":"10.1145\/3050748.3050759","type":"proceedings-article","created":{"date-parts":[[2017,3,31]],"date-time":"2017-03-31T08:22:54Z","timestamp":1490948574000},"page":"157-170","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Using OS Design Patterns to Provide Reliability and Security as-a-Service for VM-based Clouds"],"prefix":"10.1145","author":[{"given":"Zachary J.","family":"Estrada","sequence":"first","affiliation":[{"name":"University of Illinois, Rose-Hulman, Institute of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Read","family":"Sprabery","sequence":"additional","affiliation":[{"name":"University of Illinois"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lok","family":"Yan","sequence":"additional","affiliation":[{"name":"Air Force Research Laboratory"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhongzhi","family":"Yu","sequence":"additional","affiliation":[{"name":"University of Illinois"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Roy","family":"Campbell","sequence":"additional","affiliation":[{"name":"University of Illinois"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zbigniew","family":"Kalbarczyk","sequence":"additional","affiliation":[{"name":"University of Illinois"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ravishankar K.","family":"Iyer","sequence":"additional","affiliation":[{"name":"University of Illinois"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,4,8]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"41","volume-title":"USENIX Annual Technical Conference, FREENIX Track","author":"Bellard F.","year":"2005","unstructured":"F. Bellard . QEMU, a fast and portable dynamic translator . In USENIX Annual Technical Conference, FREENIX Track , pages 41 -- 46 , 2005 . F. Bellard. QEMU, a fast and portable dynamic translator. In USENIX Annual Technical Conference, FREENIX Track, pages 41--46, 2005."},{"key":"e_1_3_2_1_2_1","first-page":"423","volume-title":"OSDI","volume":"10","author":"Ben-Yehuda M.","year":"2010","unstructured":"M. Ben-Yehuda , M. D. Day , Z. Dubitzky , M. Factor , N. Har'El , A. Gordon , A. Liguori , O. Wasserman , and B.-A. Yassour . The turtles project: Design and implementation of nested virtualization . In OSDI , volume 10 , pages 423 -- 436 , 2010 . M. Ben-Yehuda, M. D. Day, Z. Dubitzky, M. Factor, N. Har'El, A. Gordon, A. Liguori, O. Wasserman, and B.-A. Yassour. The turtles project: Design and implementation of nested virtualization. In OSDI, volume 10, pages 423--436, 2010."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2746194.2746199"},{"issue":"5","key":"e_1_3_2_1_4_1","first-page":"35","volume":"14","author":"Carbone M.","year":"2014","unstructured":"M. Carbone , A. Kataria , R. Rugina , and V. Thampi . Vprobes: Deep observability into the ESXi hypervisor. vmware Technical Journal , 14 ( 5 ): 35 -- 42 , 2014 . M. Carbone, A. Kataria, R. Rugina, and V. Thampi. Vprobes: Deep observability into the ESXi hypervisor. vmware Technical Journal, 14(5):35--42, 2014.","journal-title":"Vprobes: Deep observability into the ESXi hypervisor. vmware Technical Journal"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095921.1095932"},{"key":"e_1_3_2_1_6_1","volume-title":"http:\/\/lwn.net\/Articles\/549580\/","author":"Corbet J.","year":"2013","unstructured":"J. Corbet . (nearly) full tickless operation in 3.10. Online , http:\/\/lwn.net\/Articles\/549580\/ , 2013 . J. Corbet. (nearly) full tickless operation in 3.10. Online, http:\/\/lwn.net\/Articles\/549580\/, 2013."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523675"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/EDCC.2015.9"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"key":"e_1_3_2_1_11_1","first-page":"191","volume-title":"NDSS","volume":"3","author":"Garfinkel T.","year":"2003","unstructured":"T. Garfinkel , M. Rosenblum , A virtual machine introspection based architecture for intrusion detection . In NDSS , volume 3 , pages 191 -- 206 , 2003 . T. Garfinkel, M. Rosenblum, et al. A virtual machine introspection based architecture for intrusion detection. In NDSS, volume 3, pages 191--206, 2003."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2014.52"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610407"},{"key":"e_1_3_2_1_14_1","volume-title":"July 11","author":"Hill D. W.","year":"2000","unstructured":"D. W. Hill and J. T. Lynn . Adaptive system and method for responding to computer network security attacks , July 11 2000 . US Patent 6,088,804. D. W. Hill and J. T. Lynn. Adaptive system and method for responding to computer network security attacks, July 11 2000. US Patent 6,088,804."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2007.3"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74320-0_11"},{"key":"e_1_3_2_1_17_1","first-page":"1","volume-title":"USENIX Annual Technical Conference, General Track","author":"Jones S. T.","year":"2006","unstructured":"S. T. Jones , A. C. Arpaci-Dusseau , and R. H. Arpaci-Dusseau . Antfarm: Tracking processes in a virtual machine environment . In USENIX Annual Technical Conference, General Track , pages 1 -- 14 , 2006 . S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau. Antfarm: Tracking processes in a virtual machine environment. In USENIX Annual Technical Conference, General Track, pages 1--14, 2006."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346269"},{"key":"e_1_3_2_1_19_1","volume-title":"Technical report, International Secure Systems Lab (isecLAB)","author":"Keil S.","year":"2007","unstructured":"S. Keil and C. Kolbitsch . Kernel-mode exploits primer. Technical report , Technical report, International Secure Systems Lab (isecLAB) , 2007 . S. Keil and C. Kolbitsch. Kernel-mode exploits primer. Technical report, Technical report, International Secure Systems Lab (isecLAB), 2007."},{"key":"e_1_3_2_1_20_1","first-page":"225","volume-title":"In Proc. of the Linux Symposium","volume":"1","author":"Kivity A.","year":"2007","unstructured":"A. Kivity , Y. Kamay , D. Laor , U. Lublin , and A. Liguori . KVM: the Linux virtual machine monitor . In In Proc. of the Linux Symposium , volume 1 , pages 225 -- 230 , 2007 . A. Kivity, Y. Kamay, D. Laor, U. Lublin, and A. Liguori. KVM: the Linux virtual machine monitor. In In Proc. of the Linux Symposium, volume 1, pages 225--230, 2007."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.5555\/1064866.1064877"},{"key":"e_1_3_2_1_22_1","volume-title":"AMD64 Architecture Programmers Manual Volume 2: System Programming","author":"Advanced Micro Devices Inc.","year":"2013","unstructured":"Advanced Micro Devices Inc. AMD64 Architecture Programmers Manual Volume 2: System Programming . May 2013 . Advanced Micro Devices Inc. AMD64 Architecture Programmers Manual Volume 2: System Programming. May 2013."},{"key":"e_1_3_2_1_23_1","volume-title":"Intel\u00ae 64 and IA-32 Architectures Software Developers Manual","author":"Intel Corporation","year":"2014","unstructured":"Intel Corporation . Intel\u00ae 64 and IA-32 Architectures Software Developers Manual Volume 3 (3A, 3B & 3C): System Programming Guide . September 2014 . Intel Corporation. Intel\u00ae 64 and IA-32 Architectures Software Developers Manual Volume 3 (3A, 3B & 3C): System Programming Guide. September 2014."},{"key":"e_1_3_2_1_24_1","volume-title":"The NIST definition of cloud computing","author":"Mell P.","year":"2011","unstructured":"P. Mell and T. Grance . The NIST definition of cloud computing . 2011 . P. Mell and T. Grance. The NIST definition of cloud computing. 2011."},{"key":"e_1_3_2_1_25_1","volume-title":"Usability Engineering","author":"Nielsen J.","year":"1993","unstructured":"J. Nielsen . Response times : The 3 important limits . Usability Engineering , 1993 . J. Nielsen. Response times: The 3 important limits. Usability Engineering, 1993."},{"key":"e_1_3_2_1_26_1","volume-title":"White Paper from FutureMark Corp","author":"Niemela S.","year":"2005","unstructured":"S. Niemela . Pcmark05 pc performance analysis. White Paper from FutureMark Corp , 2005 . S. Niemela. Pcmark05 pc performance analysis. White Paper from FutureMark Corp, 2005."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15512-3_11"},{"key":"e_1_3_2_1_28_1","first-page":"511","volume-title":"2015 USENIX Annual Technical Conference (USENIX ATC 15)","author":"Panneerselvam S.","year":"2015","unstructured":"S. Panneerselvam , M. Swift , and N. S. Kim . Bolt: Faster reconfiguration in operating systems . In 2015 USENIX Annual Technical Conference (USENIX ATC 15) , pages 511 -- 516 , Santa Clara, CA , July 2015 . USENIX Association. ISBN 978-1-931971-225. URL https:\/\/www.usenix.org\/conference\/atc15\/technicalsession\/presentation\/panneerselvam. S. Panneerselvam, M. Swift, and N. S. Kim. Bolt: Faster reconfiguration in operating systems. In 2015 USENIX Annual Technical Conference (USENIX ATC 15), pages 511--516, Santa Clara, CA, July 2015. USENIX Association. ISBN 978-1-931971-225. URL https:\/\/www.usenix.org\/conference\/atc15\/technicalsession\/presentation\/panneerselvam."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.2172\/1055635"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2014.19"},{"key":"e_1_3_2_1_33_1","first-page":"19","volume-title":"Usenix Security","volume":"3","author":"Provos N.","year":"2003","unstructured":"N. Provos . Improving host security with system call policies . In Usenix Security , volume 3 , page 19 , 2003 . N. Provos. Improving host security with system call policies. In Usenix Security, volume 3, page 19, 2003."},{"key":"e_1_3_2_1_34_1","volume-title":"USENIX Annual Technical Conference Proceedings","author":"Quynh N. A.","year":"2007","unstructured":"N. A. Quynh and K. Suzaki . Xenprobes, a lightweight user-space probing framework for xen virtual machine . In USENIX Annual Technical Conference Proceedings , 2007 . N. A. Quynh and K. Suzaki. Xenprobes, a lightweight user-space probing framework for xen virtual machine. In USENIX Annual Technical Conference Proceedings, 2007."},{"key":"e_1_3_2_1_35_1","unstructured":"D. Rosenberg. Smep: What is it and how to beat it on linux. Online http:\/\/vulnfactory.org\/blog\/2011\/06\/05\/smep-what-is-it-and-how-to-beat-it-on-linux\/ 2011.  D. Rosenberg. Smep: What is it and how to beat it on linux. Online http:\/\/vulnfactory.org\/blog\/2011\/06\/05\/smep-what-is-it-and-how-to-beat-it-on-linux\/ 2011."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1323293.1294294"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653720"},{"key":"e_1_3_2_1_38_1","unstructured":"A. Shishkin and I. Smit. Bypassing intel smep on windows 8 x64 using return-oriented programming. Online http:\/\/blog.ptsecurity.com\/2012\/09\/bypassing-intel-smepon-windows-8-x64.html 2012.  A. Shishkin and I. Smit. Bypassing intel smep on windows 8 x64 using return-oriented programming. Online http:\/\/blog.ptsecurity.com\/2012\/09\/bypassing-intel-smepon-windows-8-x64.html 2012."},{"key":"e_1_3_2_1_39_1","first-page":"201","volume-title":"Proceedings of the Linux Symposium","volume":"2","author":"Siddha S.","year":"2007","unstructured":"S. Siddha , V. Pallipadi , and A. Ven . Getting maximum mileage out of tickless . In Proceedings of the Linux Symposium , volume 2 , pages 201 -- 207 . Citeseer , 2007 . S. Siddha, V. Pallipadi, and A. Ven. Getting maximum mileage out of tickless. In Proceedings of the Linux Symposium, volume 2, pages 201--207. Citeseer, 2007."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2731186.2731196"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2613087.2613107"},{"key":"e_1_3_2_1_42_1","volume-title":"Intel kernel guard technology. Online, https:\/\/01.org\/intel-kgt","author":"Tseng K.-l.","year":"2015","unstructured":"K.-l. Tseng . Intel kernel guard technology. Online, https:\/\/01.org\/intel-kgt , 2015 . K.-l. Tseng. Intel kernel guard technology. Online, https:\/\/01.org\/intel-kgt, 2015."},{"key":"e_1_3_2_1_43_1","unstructured":"S. J. Vaughan-Nichols. Ubuntu linux continues to rule the cloud. Online http:\/\/www.zdnet.com\/article\/ubuntu-linux-continues-to-rule-the-cloud\/ 2015.  S. J. Vaughan-Nichols. Ubuntu linux continues to rule the cloud. Online http:\/\/www.zdnet.com\/article\/ubuntu-linux-continues-to-rule-the-cloud\/ 2015."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818022"}],"event":{"name":"VEE '17: 13th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments","location":"Xi'an China","acronym":"VEE '17","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 13th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3050748.3050759","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3050748.3050759","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:54:38Z","timestamp":1750208078000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3050748.3050759"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,4,8]]},"references-count":44,"alternative-id":["10.1145\/3050748.3050759","10.1145\/3050748"],"URL":"https:\/\/doi.org\/10.1145\/3050748.3050759","relation":{"is-identical-to":[{"id-type":"doi","id":"10.1145\/3140607.3050759","asserted-by":"object"}]},"subject":[],"published":{"date-parts":[[2017,4,8]]},"assertion":[{"value":"2017-04-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}