{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:34:43Z","timestamp":1750221283897,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,9,2]],"date-time":"2017-09-02T00:00:00Z","timestamp":1504310400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1700544"],"award-info":[{"award-number":["1700544"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,9,2]]},"DOI":"10.1145\/3124680.3124720","type":"proceedings-article","created":{"date-parts":[[2017,9,5]],"date-time":"2017-09-05T12:23:44Z","timestamp":1504614224000},"page":"1-8","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Building a Security OS With Software Defined Infrastructure"],"prefix":"10.1145","author":[{"given":"Guofei","family":"Gu","sequence":"first","affiliation":[{"name":"Texas A&M University"}]},{"given":"Hongxin","family":"Hu","sequence":"additional","affiliation":[{"name":"Clemson University"}]},{"given":"Eric","family":"Keller","sequence":"additional","affiliation":[{"name":"University of Colorado at Boulder"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas"}]},{"given":"Donald E.","family":"Porter","sequence":"additional","affiliation":[{"name":"The University of North Carolina at Chapel Hill"}]}],"member":"320","published-online":{"date-parts":[[2017,9,2]]},"reference":[{"volume-title":"https:\/\/www.internet2.edu\/","year":"1996","key":"e_1_3_2_1_1_1","unstructured":"1996. Internet2. ( 1996 ). https:\/\/www.internet2.edu\/ . 1996. Internet2. (1996). https:\/\/www.internet2.edu\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2012. Network Function Virtualisation - Introductory White Paper. https:\/\/portal.etsi.org\/nfv\/nfv_white_paper.pdf. (2012).  2012. Network Function Virtualisation - Introductory White Paper. https:\/\/portal.etsi.org\/nfv\/nfv_white_paper.pdf. (2012)."},{"volume-title":"https:\/\/www.cloudlab.us\/","year":"2014","key":"e_1_3_2_1_3_1","unstructured":"2014. CloudLab. ( 2014 ). https:\/\/www.cloudlab.us\/ . 2014. CloudLab. (2014). https:\/\/www.cloudlab.us\/."},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy","volume":"13","author":"Anati Ittai","year":"2013","unstructured":"Ittai Anati , Shay Gueron , Simon Johnson , and Vincent Scarlata . 2013 . Innovative technology for CPU based attestation and sealing . In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy , Vol. 13 . Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, Vol. 13."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.29"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_3_2_1_7_1","volume-title":"Article 10 (Aug.","author":"Bauman Erick","year":"2015","unstructured":"Erick Bauman , Gbadebo Ayoade , and Zhiqiang Lin . 2015. A Survey on Hypervisor Based Monitoring: Approaches, Applications, and Evolutions. Comput. Surveys 48, 1 , Article 10 (Aug. 2015 ), 33 pages. Erick Bauman, Gbadebo Ayoade, and Zhiqiang Lin. 2015. A Survey on Hypervisor Based Monitoring: Approaches, Applications, and Evolutions. Comput. Surveys 48, 1, Article 10 (Aug. 2015), 33 pages."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"volume-title":"Proceedings of the Eighth Workshop on Hot Topics in Operating Systems (HOTOS '01)","author":"Peter","key":"e_1_3_2_1_9_1","unstructured":"Peter M. Chen and Brian D. Noble. 2001. When Virtual Is Better Than Real . In Proceedings of the Eighth Workshop on Hot Topics in Operating Systems (HOTOS '01) . 133-. http:\/\/dl.acm.org\/citation.cfm?id=874075.876409 Peter M. Chen and Brian D. Noble. 2001. When Virtual Is Better Than Real. In Proceedings of the Eighth Workshop on Hot Topics in Operating Systems (HOTOS '01). 133-. http:\/\/dl.acm.org\/citation.cfm?id=874075.876409"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1187976.1187977"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23013"},{"key":"e_1_3_2_1_12_1","volume-title":"The structure of the THE-multiprogramming system. Commun. ACM 11 (May","author":"Dijkstra Edsger W.","year":"1968","unstructured":"Edsger W. Dijkstra . 1968. The structure of the THE-multiprogramming system. Commun. ACM 11 (May 1968 ), 341--346. Issue 5. https:\/\/doi.org\/10.1145\/357980.357999 10.1145\/357980.357999 Edsger W. Dijkstra. 1968. The structure of the THE-multiprogramming system. Commun. ACM 11 (May 1968), 341--346. Issue 5. https:\/\/doi.org\/10.1145\/357980.357999"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_14_1","volume-title":"Manuel Mazzara, Fabrizio Montesi, Ruslan Mustafin, and Larisa Safina.","author":"Dragoni Nicola","year":"2016","unstructured":"Nicola Dragoni , Saverio Giallorenzo , Alberto Lluch Lafuente , Manuel Mazzara, Fabrizio Montesi, Ruslan Mustafin, and Larisa Safina. 2016 . Microservices : yesterday, today, and tomorrow. arXiv preprint arXiv: 1606.04036 (2016). Nicola Dragoni, Saverio Giallorenzo, Alberto Lluch Lafuente, Manuel Mazzara, Fabrizio Montesi, Ruslan Mustafin, and Larisa Safina. 2016. Microservices: yesterday, today, and tomorrow. arXiv preprint arXiv: 1606.04036 (2016)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2516951.2505124"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 2014 USENIX Conference on USENIX Annual Technical Conference (USENIX ATC'14). USENIX Association","author":"Fu Yangchun","year":"2014","unstructured":"Yangchun Fu , Junyuan Zeng , and Zhiqiang Lin . 2014 . HYPERSHELL: A Practical Hypervisor Layer Guest OS Shell for Automated in-VM Management . In Proceedings of the 2014 USENIX Conference on USENIX Annual Technical Conference (USENIX ATC'14). USENIX Association , Berkeley, CA, USA, 85--96. http:\/\/dl.acm.org\/citation.cfm?id=2643634.2643644 Yangchun Fu, Junyuan Zeng, and Zhiqiang Lin. 2014. HYPERSHELL: A Practical Hypervisor Layer Guest OS Shell for Automated in-VM Management. In Proceedings of the 2014 USENIX Conference on USENIX Annual Technical Conference (USENIX ATC'14). USENIX Association, Berkeley, CA, USA, 85--96. http:\/\/dl.acm.org\/citation.cfm?id=2643634.2643644"},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings Network and Distributed Systems Security Symposium.","author":"Garfinkel Tal","year":"2003","unstructured":"Tal Garfinkel and Mendel Rosenblum . 2003 . A virtual machine introspection based architecture for intrusion detection . In Proceedings Network and Distributed Systems Security Symposium. Tal Garfinkel and Mendel Rosenblum. 2003. A virtual machine introspection based architecture for intrusion detection. In Proceedings Network and Distributed Systems Security Symposium."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2011.26"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23458"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23283"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620749"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.45"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2798729"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2006.69"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1147\/JRD.2014.2298133"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"E. Kohler R. Morris B. Chen J. Jannotti and F. Kaashoek. 2000. The Click Modular Router. ACM Transactions on Computer Systems (August 2000).  E. Kohler R. Morris B. Chen J. Jannotti and F. Kaashoek. 2000. The Click Modular Router. ACM Transactions on Computer Systems (August 2000).","DOI":"10.1145\/319151.319166"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-77422-5_25"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11)","author":"Lin Zhiqiang","year":"2011","unstructured":"Zhiqiang Lin , Junghwan Rhee , Xiangyu Zhang , Dongyan Xu , and Xuxian Jiang . 2011 . SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures . In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11) . San Diego, CA. http:\/\/www.isoc.org\/isoc\/conferences\/ndss\/11\/pdf\/3_3.pdf Zhiqiang Lin, Junghwan Rhee, Xiangyu Zhang, Dongyan Xu, and Xuxian Jiang. 2011. SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11). San Diego, CA. http:\/\/www.isoc.org\/isoc\/conferences\/ndss\/11\/pdf\/3_3.pdf"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1355734.1355746"},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS'05)","author":"Newsome James","year":"2005","unstructured":"James Newsome and Dawn Song . 2005 . Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software . In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS'05) . San Diego, CA. James Newsome and Dawn Song. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS'05). San Diego, CA."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315260"},{"key":"e_1_3_2_1_34_1","volume-title":"In Proceedings of the","author":"Pike Rob","year":"1990","unstructured":"Rob Pike , Dave Presotto , Ken Thompson , and Howard Trickey . 1990 . Plan 9 from Bell Labs . In In Proceedings of the Summer 1990 UKUUG Conference. 1--9. Rob Pike, Dave Presotto, Ken Thompson, and Howard Trickey. 1990. Plan 9 from Bell Labs. In In Proceedings of the Summer 1990 UKUUG Conference. 1--9."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361073"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23222"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342466"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519072"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23226"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653720"},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13)","author":"Shin Seungwon","year":"2013","unstructured":"Seungwon Shin , Phil Porras , Vinod Yegneswaran , Martin Fong , Guofei Gu , and Mabry Tyson . 2013 . FRESCO: Modular Composable Security Services for Software-Defined Networks . In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13) . Seungwon Shin, Phil Porras, Vinod Yegneswaran, Martin Fong, Guofei Gu, and Mabry Tyson. 2013. FRESCO: Modular Composable Security Services for Software-Defined Networks. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516684"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23309"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046751"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2592798.2592812"},{"key":"e_1_3_2_1_46_1","unstructured":"Chia-Che Tsai Donald E. Porter and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In USENIX.  Chia-Che Tsai Donald E. Porter and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In USENIX."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2010.032910.00019"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.27"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23200"},{"key":"e_1_3_2_1_50_1","volume-title":"Porter","author":"Yuan Jun","year":"2016","unstructured":"Jun Yuan , Yang Zhan , William Jannen , Prashant Pandey , Amogh Akshintala , Kanchan Chandnani , Pooja Deo , Zardosht Kasheff , Michael Bender , Martin Farach-Colton , Rob Johnson , Bradley C. Kuszmaul , and Donald E . Porter . 2016 . Optimizing Every Operation in a Write-Optimized File System. In FAST. Jun Yuan, Yang Zhan, William Jannen, Prashant Pandey, Amogh Akshintala, Kanchan Chandnani, Pooja Deo, Zardosht Kasheff, Michael Bender, Martin Farach-Colton, Rob Johnson, Bradley C. Kuszmaul, and Donald E. Porter. 2016. Optimizing Every Operation in a Write-Optimized File System. In FAST."},{"key":"e_1_3_2_1_51_1","unstructured":"N. Zeldovich S. Boyd-Wickizer and D. Mazi\u00e8res. 2008. Securing distributed systems with information flow control. In NSDI.  N. Zeldovich S. Boyd-Wickizer and D. Mazi\u00e8res. 2008. Securing distributed systems with information flow control. In NSDI."}],"event":{"name":"APSys '17: 8th Asia-Pacific Workshop on Systems","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"],"location":"Mumbai India","acronym":"APSys '17"},"container-title":["Proceedings of the 8th Asia-Pacific Workshop on Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3124680.3124720","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3124680.3124720","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3124680.3124720","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:23Z","timestamp":1750212683000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3124680.3124720"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,9,2]]},"references-count":51,"alternative-id":["10.1145\/3124680.3124720","10.1145\/3124680"],"URL":"https:\/\/doi.org\/10.1145\/3124680.3124720","relation":{},"subject":[],"published":{"date-parts":[[2017,9,2]]},"assertion":[{"value":"2017-09-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}