{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:40:07Z","timestamp":1750210807186,"version":"3.41.0"},"reference-count":42,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2018,5,21]],"date-time":"2018-05-21T00:00:00Z","timestamp":1526860800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NCR Award","award":["NRF2014NCR-NCR001-012"],"award-info":[{"award-number":["NRF2014NCR-NCR001-012"]}]},{"DOI":"10.13039\/501100001381","name":"Singapore National Research Foundation","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100001381","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2018,8,31]]},"abstract":"<jats:p>Virtualization-based memory isolation has been widely used as a security primitive in various security systems to counter kernel-level attacks. In this article, our in-depth analysis on this primitive shows that its security is significantly undermined in the multicore setting when other hardware resources for computing are not enclosed within the isolation boundary. We thus propose to construct a fully isolated micro-computing environment (FIMCE) as a new primitive. By virtue of its architectural niche, FIMCE not only offers stronger security assurance than its predecessor, but also features a flexible and composable environment with support for peripheral device isolation, thus greatly expanding the scope of applications. In addition, FIMCE can be integrated with recent technologies such as Intel Software Guard Extensions (SGX) to attain even stronger security guarantees. We have built a prototype of FIMCE with a bare-metal hypervisor. To show the benefits of using FIMCE as a building block, we have also implemented four applications which are difficult to construct using the existing memory isolation method. Experiments with these applications demonstrate that FIMCE imposes less than 1% overhead on single-threaded applications, while the maximum performance loss on multithreaded applications is bounded by the degree of parallelism at the processor level.<\/jats:p>","DOI":"10.1145\/3195181","type":"journal-article","created":{"date-parts":[[2018,5,22]],"date-time":"2018-05-22T12:05:28Z","timestamp":1526990728000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["FIMCE"],"prefix":"10.1145","volume":"21","author":[{"given":"Siqi","family":"Zhao","sequence":"first","affiliation":[{"name":"Singapore Management University, Singapore"}]},{"given":"Xuhua","family":"Ding","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2018,5,21]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201916)","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov , Bohdan Trach , Franz Gregor , Thomas Knauth , Andre Martin , Christian Priebe , Joshua Lind , Divya Muthukumaran , Dan O\u2019Keeffe , Mark L. Stillwell , David Goltzsche , David Eyers , R\u00fcdiger Kapitza , Peter Pietzuch , and Christof Fetzer . 2016 . SCONE: Secure Linux containers with intel SGX . In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201916) . USENIX Association, Berkeley, CA, 689--703. Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O\u2019Keeffe, Mark L. Stillwell, David Goltzsche, David Eyers, R\u00fcdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux containers with intel SGX. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201916). USENIX Association, Berkeley, CA, 689--703."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660350"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046752"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451145"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346284"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38908-5_2"},{"volume-title":"Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS), Vijay Atluri and Claudia Diaz (Eds.). Springer","author":"Cheng Yueqiang","key":"e_1_2_1_8_1","unstructured":"Yueqiang Cheng , Xuhua Ding , and Robert H. Deng . 2011. DriverGuard: A fine-grained protection on I\/O flows . In Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS), Vijay Atluri and Claudia Diaz (Eds.). Springer , Berlin, 227--244. Yueqiang Cheng, Xuhua Ding, and Robert H. Deng. 2011. DriverGuard: A fine-grained protection on I\/O flows. In Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS), Vijay Atluri and Claudia Diaz (Eds.). Springer, Berlin, 227--244."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714618"},{"key":"e_1_2_1_10_1","volume-title":"2016 USENIX Annual Technical Conference (USENIX ATC'16)","author":"Cho Yeongpil","year":"2016","unstructured":"Yeongpil Cho , Junbum Shin , Donghyun Kwon , MyungJoo Ham , Yuna Kim , and Yunheung Paek . 2016 . Hardware-assisted on-demand hypervisor activation for efficient security critical code execution on mobile devices . In 2016 USENIX Annual Technical Conference (USENIX ATC'16) . USENIX Association, Denver, CO, 565--578. Yeongpil Cho, Junbum Shin, Donghyun Kwon, MyungJoo Ham, Yuna Kim, and Yunheung Paek. 2016. Hardware-assisted on-demand hypervisor activation for efficient security critical code execution on mobile devices. In 2016 USENIX Annual Technical Conference (USENIX ATC'16). USENIX Association, Denver, CO, 565--578."},{"key":"e_1_2_1_11_1","volume-title":"Intel SGX explained. IACR Cryptology ePrint Archive","author":"Costan Victor","year":"2016","unstructured":"Victor Costan and Srinivas Devadas . 2016. Intel SGX explained. IACR Cryptology ePrint Archive ( 2016 ), 86. Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. IACR Cryptology ePrint Archive (2016), 86."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2541940.2541986"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523675"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945464"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2150976.2151020"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451146"},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the 2011 Annual Symposium on Information Assurance. University at Albany, State University of New York (SUNY)","author":"Inoue Hajime","year":"2011","unstructured":"Hajime Inoue , Frank Adelstein , Matthew Donovan , and Stephen Brueckner . 2011 . Automatically bridging the semantic gap using C interpreter . In Proceedings of the 2011 Annual Symposium on Information Assurance. University at Albany, State University of New York (SUNY) , Albany, NY, 51--58. Hajime Inoue, Frank Adelstein, Matthew Donovan, and Stephen Brueckner. 2011. Automatically bridging the semantic gap using C interpreter. In Proceedings of the 2011 Annual Symposium on Information Assurance. University at Albany, State University of New York (SUNY), Albany, NY, 51--58."},{"key":"e_1_2_1_20_1","unstructured":"Intel Corporation. 2013. Innovative Instructions and Software Model for Isolated Execution. Retrieved from http:\/\/privatecore.com\/wp-content\/uploads\/2013\/06\/HASP-instruction-presentation-release.pdf.  Intel Corporation. 2013. Innovative Instructions and Software Model for Isolated Execution. Retrieved from http:\/\/privatecore.com\/wp-content\/uploads\/2013\/06\/HASP-instruction-presentation-release.pdf."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133058.1133063"},{"key":"e_1_2_1_22_1","volume-title":"2014 USENIX Annual Technical Conference (USENIX ATC 14)","author":"Li Yanlin","year":"2014","unstructured":"Yanlin Li , Jonathan McCune , James Newsome , Adrian Perrig , Brandon Baker , and Will Drewry . 2014 . MiniBox: A two-way sandbox for x86 native code . In 2014 USENIX Annual Technical Conference (USENIX ATC 14) . USENIX Association, Philadelphia, PA, 409--420. Yanlin Li, Jonathan McCune, James Newsome, Adrian Perrig, Brandon Baker, and Will Drewry. 2014. MiniBox: A two-way sandbox for x86 native code. In 2014 USENIX Annual Technical Conference (USENIX ATC 14). USENIX Association, Philadelphia, PA, 409--420."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813690"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.17"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352625"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251375.1251391"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1508293.1508311"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2731186.2731196"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI\u201906)","author":"Ta-Min Richard","year":"2006","unstructured":"Richard Ta-Min , Lionel Litty , and David Lie . 2006 . Splitting interfaces: Making trust between applications and operating systems configurable . In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI\u201906) . USENIX Association, Berkeley, CA, 279--292. Richard Ta-Min, Lionel Litty, and David Lie. 2006. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI\u201906). USENIX Association, Berkeley, CA, 279--292."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813685"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2731186.2731189"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660316"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.36"},{"key":"e_1_2_1_36_1","volume-title":"Lockdown: A safe and practical environment for security applications. CMU-CyLab-09-011 14","author":"Vasudevan Amit","year":"2009","unstructured":"Amit Vasudevan , Bryan Parno , Ning Qu , Virgil D. Gligor , and Adrian Perrig . 2009 . Lockdown: A safe and practical environment for security applications. CMU-CyLab-09-011 14 (2009). Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, and Adrian Perrig. 2009. Lockdown: A safe and practical environment for security applications. CMU-CyLab-09-011 14 (2009)."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346267"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.25"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.42"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.27"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3195181","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3195181","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:08:51Z","timestamp":1750208931000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3195181"}},"subtitle":["A Fully Isolated Micro-Computing Environment for Multicore Systems"],"short-title":[],"issued":{"date-parts":[[2018,5,21]]},"references-count":42,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2018,8,31]]}},"alternative-id":["10.1145\/3195181"],"URL":"https:\/\/doi.org\/10.1145\/3195181","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2018,5,21]]},"assertion":[{"value":"2017-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-03-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-05-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}