{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T12:15:44Z","timestamp":1775736944578,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":84,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,4,15]],"date-time":"2020-04-15T00:00:00Z","timestamp":1586908800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["N66001-15-C-4066"],"award-info":[{"award-number":["N66001-15-C-4066"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100014718","name":"National Science Foundation","doi-asserted-by":"publisher","award":["TWC-1518899"],"award-info":[{"award-number":["TWC-1518899"]}],"id":[{"id":"10.13039\/100014718","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,4,15]]},"DOI":"10.1145\/3342195.3387532","type":"proceedings-article","created":{"date-parts":[[2020,5,4]],"date-time":"2020-05-04T07:19:58Z","timestamp":1588576798000},"page":"1-16","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":313,"title":["Keystone"],"prefix":"10.1145","author":[{"given":"Dayeol","family":"Lee","sequence":"first","affiliation":[{"name":"UC Berkeley"}]},{"given":"David","family":"Kohlbrenner","sequence":"additional","affiliation":[{"name":"UC Berkeley"}]},{"given":"Shweta","family":"Shinde","sequence":"additional","affiliation":[{"name":"UC Berkeley"}]},{"given":"Krste","family":"Asanovi\u0107","sequence":"additional","affiliation":[{"name":"UC Berkeley"}]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[{"name":"UC Berkeley"}]}],"member":"320","published-online":{"date-parts":[[2020,4,17]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2013. ARM TrustZone. infocenter.arm.com\/help\/topic\/com.arm.doc.prd29-genc-009492c\/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf.  2013. ARM TrustZone. infocenter.arm.com\/help\/topic\/com.arm.doc.prd29-genc-009492c\/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf."},{"key":"e_1_3_2_1_2_1","unstructured":"2015. AES. https:\/\/github.com\/B-Con\/crypto-algorithms.  2015. AES. https:\/\/github.com\/B-Con\/crypto-algorithms."},{"key":"e_1_3_2_1_3_1","unstructured":"2015. Torch Tensors. https:\/\/github.com\/torch\/TH.  2015. Torch Tensors. https:\/\/github.com\/torch\/TH."},{"key":"e_1_3_2_1_4_1","unstructured":"2016. Tiny SHA3. https:\/\/github.com\/mjosaarinen\/tiny_sha3\/.  2016. Tiny SHA3. https:\/\/github.com\/mjosaarinen\/tiny_sha3\/."},{"key":"e_1_3_2_1_5_1","unstructured":"2017. Torch NNs. https:\/\/github.com\/torch\/nn\/tree\/master\/lib\/THNN.  2017. Torch NNs. https:\/\/github.com\/torch\/nn\/tree\/master\/lib\/THNN."},{"key":"e_1_3_2_1_6_1","unstructured":"2019. Ed25519. https:\/\/github.com\/mit-sanctum\/ed25519.  2019. Ed25519. https:\/\/github.com\/mit-sanctum\/ed25519."},{"key":"e_1_3_2_1_7_1","unstructured":"2019. Hypervisor draft v0.5. https:\/\/github.com\/riscv\/riscv-isa-manual\/releases\/tag\/draft-20191030-899457c.  2019. Hypervisor draft v0.5. https:\/\/github.com\/riscv\/riscv-isa-manual\/releases\/tag\/draft-20191030-899457c."},{"key":"e_1_3_2_1_8_1","unstructured":"2020. cloc - count lines of code. https:\/\/github.com\/AlDanial\/cloc.  2020. cloc - count lines of code. https:\/\/github.com\/AlDanial\/cloc."},{"key":"e_1_3_2_1_9_1","unstructured":"2020. HiFive Unleashed. https:\/\/www.sifive.com\/boards\/hifive-unleashed.  2020. HiFive Unleashed. https:\/\/www.sifive.com\/boards\/hifive-unleashed."},{"key":"e_1_3_2_1_10_1","unstructured":"2020. MultiZone Hex Five Security. https:\/\/hex-five.com\/.  2020. MultiZone Hex Five Security. https:\/\/hex-five.com\/."},{"key":"e_1_3_2_1_11_1","unstructured":"2020. Open Enclave SDK. https:\/\/openenclave.io\/sdk\/.  2020. Open Enclave SDK. https:\/\/openenclave.io\/sdk\/."},{"key":"e_1_3_2_1_12_1","unstructured":"2020. Open Portable TEE. https:\/\/www.op-tee.org\/.  2020. Open Portable TEE. https:\/\/www.op-tee.org\/."},{"key":"e_1_3_2_1_13_1","unstructured":"2020. RISC-V Proxy Kernel. https:\/\/github.com\/riscv\/riscv-pk.  2020. RISC-V Proxy Kernel. https:\/\/github.com\/riscv\/riscv-pk."},{"key":"e_1_3_2_1_14_1","unstructured":"2020. unifdef. http:\/\/dotat.at\/prog\/unifdef\/.  2020. unifdef. http:\/\/dotat.at\/prog\/unifdef\/."},{"key":"e_1_3_2_1_15_1","unstructured":"Ittai Anati Shay Gueron Simon P Johnson and Vincent R Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. In HASP.  Ittai Anati Shay Gueron Simon P Johnson and Vincent R Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. In HASP."},{"key":"e_1_3_2_1_17_1","unstructured":"Krste Asanovi\u0107 Andrew Waterman. 2017. The RISC-V Instruction Set Manual Volume II: Privileged Architecture. https:\/\/content.riscv.org\/wp-content\/uploads\/2017\/05\/riscv-privileged-v1.10.pdf.  Krste Asanovi\u0107 Andrew Waterman. 2017. The RISC-V Instruction Set Manual Volume II: Privileged Architecture. https:\/\/content.riscv.org\/wp-content\/uploads\/2017\/05\/riscv-privileged-v1.10.pdf."},{"key":"e_1_3_2_1_18_1","volume-title":"SCONE: Secure Linux Containers with Intel SGX. In OSDI.","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov , Bohdan Trach , Franz Gregor , Thomas Knauth , Andre Martin , Christian Priebe , Joshua Lind , Divya Muthukumaran , Daniel O'Keeffe , Mark L Stillwell , David Goltzsche , Dave Eyers , R\u00fcdiger Kapitza , Peter Pietzuch , and Christof Fetzer . 2016 . SCONE: Secure Linux Containers with Intel SGX. In OSDI. Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, R\u00fcdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In OSDI."},{"key":"e_1_3_2_1_20_1","unstructured":"Pierre-Louis Aublin Florian Kelbert Dan O'Keeffe Divya Muthukumaran Christian Priebe Joshua Lind Robert Krahn Christof Fetzer David Eyers and Peter Pietzuch. 2018. LibSEAL: Revealing Service Integrity Violations Using Trusted Execution. In EuroSys.  Pierre-Louis Aublin Florian Kelbert Dan O'Keeffe Divya Muthukumaran Christian Priebe Joshua Lind Robert Krahn Christof Fetzer David Eyers and Peter Pietzuch. 2018. LibSEAL: Revealing Service Integrity Violations Using Trusted Execution. In EuroSys."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Ahmed M. Azab Peng Ning Jitesh Shah Quan Chen Rohan Bhutkar Guruprasad Ganesh Jia Ma and Wenbo Shen. 2014. Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. In CCS.  Ahmed M. Azab Peng Ning Jitesh Shah Quan Chen Rohan Bhutkar Guruprasad Ganesh Jia Ma and Wenbo Shen. 2014. Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. In CCS.","DOI":"10.1145\/2660267.2660350"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Andrew Baumann Marcus Peinado and Galen Hunt. 2014. Shielding Applications from an Untrusted Cloud with Haven. In OSDI.  Andrew Baumann Marcus Peinado and Galen Hunt. 2014. Shielding Applications from an Untrusted Cloud with Haven. In OSDI.","DOI":"10.1145\/2799647"},{"key":"e_1_3_2_1_23_1","unstructured":"Muli Ben-Yehuda Michael D. Day Zvi Dubitzky Michael Factor Nadav Har'El Abel Gordon Anthony Liguori Orit Wasserman and Ben-Ami Yassour. 2010. The Turtles Project: Design and Implementation of Nested Virtualization. In OSDI.  Muli Ben-Yehuda Michael D. Day Zvi Dubitzky Michael Factor Nadav Har'El Abel Gordon Anthony Liguori Orit Wasserman and Ben-Ami Yassour. 2010. The Turtles Project: Design and Implementation of Nested Virtualization. In OSDI."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Thomas Bourgeat Ilia A. Lebedev Andrew Wright Sizhuo Zhang Arvind and Srinivas Devadas. 2019. MI6: Secure Enclaves in a Speculative Out-of-Order Processor. In MICRO.  Thomas Bourgeat Ilia A. Lebedev Andrew Wright Sizhuo Zhang Arvind and Srinivas Devadas. 2019. MI6: Secure Enclaves in a Speculative Out-of-Order Processor. In MICRO.","DOI":"10.1145\/3352460.3358310"},{"key":"e_1_3_2_1_25_1","volume-title":"Sanctuary: ARMing TrustZone with User-space Enclaves. In NDSS.","author":"Brasser Ferdinand","year":"2019","unstructured":"Ferdinand Brasser , David Gens , Patrick Jauernig , Ahmad-Reza Sadeghi , and Emmanuel Stapf . 2019 . Sanctuary: ARMing TrustZone with User-space Enclaves. In NDSS. Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2019. Sanctuary: ARMing TrustZone with User-space Enclaves. In NDSS."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Ernie Brickell Jan Camenisch and Liqun Chen. 2004. Direct Anonymous Attestation. In CCS.  Ernie Brickell Jan Camenisch and Liqun Chen. 2004. Direct Anonymous Attestation. In CCS.","DOI":"10.1145\/1030083.1030103"},{"key":"e_1_3_2_1_27_1","volume-title":"Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In USENIX Security.","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck , Marina Minkin , Ofir Weisse , Daniel Genkin , Baris Kasikci , Frank Piessens , Mark Silberstein , Thomas F. Wenisch , Yuval Yarom , and Raoul Strackx . 2018 . Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In USENIX Security. Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In USENIX Security."},{"key":"e_1_3_2_1_28_1","unstructured":"Jo Van Bulck Nico Weichbrodt R\u00fcdiger Kapitza Frank Piessens and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In USENIX Security.  Jo Van Bulck Nico Weichbrodt R\u00fcdiger Kapitza Frank Piessens and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In USENIX Security."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"D. Champagne and R. B. Lee. 2010. Scalable architectural support for trusted software. In HPCA.  D. Champagne and R. B. Lee. 2010. Scalable architectural support for trusted software. In HPCA.","DOI":"10.1109\/HPCA.2010.5416657"},{"key":"e_1_3_2_1_31_1","unstructured":"Chia che Tsai Donald E. Porter and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In ATC.  Chia che Tsai Donald E. Porter and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In ATC."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Stephen Checkoway and Hovav Shacham. 2013. Iago attacks: Why the System Call API is a Bad Untrusted RPC Interface. In ASPLOS.  Stephen Checkoway and Hovav Shacham. 2013. Iago attacks: Why the System Call API is a Bad Untrusted RPC Interface. In ASPLOS.","DOI":"10.1145\/2451116.2451145"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Xi Chen Robert P Dick and Alok Choudhary. 2008. Operating system controlled processor-memory bus encryption. In DATE.  Xi Chen Robert P Dick and Alok Choudhary. 2008. Operating system controlled processor-memory bus encryption. In DATE.","DOI":"10.1109\/DATE.2008.4484834"},{"key":"e_1_3_2_1_34_1","volume-title":"Ports","author":"Chen Xiaoxin","year":"2008","unstructured":"Xiaoxin Chen , Tal Garfinkel , E. Christopher Lewis , Pratap Subrahmanyam , Carl A. Waldspurger , Dan Boneh , Jeffrey Dwoskin , and Dan R.K . Ports . 2008 . Overshadow : A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. In ASP-LOS. Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R.K. Ports. 2008. Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. In ASP-LOS."},{"key":"e_1_3_2_1_36_1","volume-title":"Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In USENIX Security.","author":"Costan Victor","year":"2016","unstructured":"Victor Costan , Ilia Lebedev , and Srinivas Devadas . 2016 . Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In USENIX Security. Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In USENIX Security."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2541940.2541986"},{"key":"e_1_3_2_1_38_1","unstructured":"Mark Horowitz David Lie Chandramohan A. Thekkath. 2003. Implementing an Untrusted Operating System on Trusted Hardware. In SOSP.  Mark Horowitz David Lie Chandramohan A. Thekkath. 2003. Implementing an Untrusted Operating System on Trusted Hardware. In SOSP."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"J. Deng W. Dong R. Socher L.-J. Li K. Li and L. Fei-Fei. 2009. ImageNet: A Large-Scale Hierarchical Image Database. In CVPR09.  J. Deng W. Dong R. Socher L.-J. Li K. Li and L. Fei-Fei. 2009. ImageNet: A Large-Scale Hierarchical Image Database. In CVPR09.","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_1_41_1","volume-title":"Komodo: Using verification to disentangle secure-enclave hardware from software. In SOSP.","author":"Ferraiuolo Andrew","year":"2017","unstructured":"Andrew Ferraiuolo , Andrew Baumann , Chris Hawblitzel , and Bryan Parno . 2017 . Komodo: Using verification to disentangle secure-enclave hardware from software. In SOSP. Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. 2017. Komodo: Using verification to disentangle secure-enclave hardware from software. In SOSP."},{"key":"e_1_3_2_1_42_1","volume-title":"A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering","author":"Ge Qian","year":"2018","unstructured":"Qian Ge , Yuval Yarom , David Cock , and Gernot Heiser . 2018. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering ( 2018 ). Qian Ge, Yuval Yarom, David Cock, and Gernot Heiser. 2018. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering (2018)."},{"key":"e_1_3_2_1_43_1","unstructured":"Ronghui Gu Zhong Shao Hao Chen Xiongnan Wu Jieung Kim Vilhelm Sj\u00f6berg and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In OSDI.  Ronghui Gu Zhong Shao Hao Chen Xiongnan Wu Jieung Kim Vilhelm Sj\u00f6berg and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In OSDI."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Owen S. Hofmann Sangman Kim Alan M. Dunn Michael Z. Lee and Emmett Witchel. 2013. InkTag: Secure Applications on an Untrusted Operating System. In ASPLOS.  Owen S. Hofmann Sangman Kim Alan M. Dunn Michael Z. Lee and Emmett Witchel. 2013. InkTag: Secure Applications on an Untrusted Operating System. In ASPLOS.","DOI":"10.1145\/2451116.2451146"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"R. Housley W. Polk W. Ford and D. Solo. 2002. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile.  R. Housley W. Polk W. Ford and D. Solo. 2002. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile.","DOI":"10.17487\/rfc3280"},{"key":"e_1_3_2_1_47_1","unstructured":"Zhichao Hua Jinyu Gu Yubin Xia Haibo Chen Binyu Zang and Haibing Guan. 2017. vTZ: Virtualizing ARM TrustZone. In USENIX Security.  Zhichao Hua Jinyu Gu Yubin Xia Haibo Chen Binyu Zang and Haibing Guan. 2017. vTZ: Virtualizing ARM TrustZone. In USENIX Security."},{"key":"e_1_3_2_1_49_1","unstructured":"Simon Johnson Vinnie Scarlata Carlos Rozas Ernie Brickell and Frank Mckeen. 2016. Intel Software Guard Extensions: EPID Provisioning and Attestation Services.  Simon Johnson Vinnie Scarlata Carlos Rozas Ernie Brickell and Frank Mckeen. 2016. Intel Software Guard Extensions: EPID Provisioning and Attestation Services."},{"key":"e_1_3_2_1_50_1","unstructured":"David Kaplan. 2017. AMD SEV-ES. http:\/\/support.amd.com\/TechDocs\/ProtectingVMRegisterStatewithSEV-ES.pdf.  David Kaplan. 2017. AMD SEV-ES. http:\/\/support.amd.com\/TechDocs\/ProtectingVMRegisterStatewithSEV-ES.pdf."},{"key":"e_1_3_2_1_51_1","unstructured":"David Kaplan Jeremy Powell and Tom Woller. 2016. http:\/\/amd-dev.wpengine.netdna-cdn.com\/wordpress\/media\/2013\/12\/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf  David Kaplan Jeremy Powell and Tom Woller. 2016. http:\/\/amd-dev.wpengine.netdna-cdn.com\/wordpress\/media\/2013\/12\/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf"},{"key":"e_1_3_2_1_52_1","volume-title":"Firesim: FPGA-accelerated Cycle-exact Scale-out System Simulation in the Public Cloud. In ISCA.","author":"Karandikar Sagar","year":"2018","unstructured":"Sagar Karandikar , Howard Mao , Donggyu Kim , David Biancolin , Alon Amid , Dayeol Lee , Nathan Pemberton , Emmanuel Amaro , Colin Schmidt , Aditya Chopra , Qijing Huang , Kyle Kovacs , Borivoje Nikolic , Randy Katz , Jonathan Bachrach , and Krste Asanovi\u0107 . 2018 . Firesim: FPGA-accelerated Cycle-exact Scale-out System Simulation in the Public Cloud. In ISCA. Sagar Karandikar, Howard Mao, Donggyu Kim, David Biancolin, Alon Amid, Dayeol Lee, Nathan Pemberton, Emmanuel Amaro, Colin Schmidt, Aditya Chopra, Qijing Huang, Kyle Kovacs, Borivoje Nikolic, Randy Katz, Jonathan Bachrach, and Krste Asanovi\u0107. 2018. Firesim: FPGA-accelerated Cycle-exact Scale-out System Simulation in the Public Cloud. In ISCA."},{"key":"e_1_3_2_1_53_1","unstructured":"Pierre Selwan Ken Irving. 2018. Revolutionizing the Computing Landscape and Beyond. https:\/\/content.riscv.org\/wp-content\/uploads\/2018\/12\/RISC-V-MultiCore-Secure-Boot-Ken-Irvining-and-Pierre-Selwan.pdf.  Pierre Selwan Ken Irving. 2018. Revolutionizing the Computing Landscape and Beyond. https:\/\/content.riscv.org\/wp-content\/uploads\/2018\/12\/RISC-V-MultiCore-Secure-Boot-Ken-Irvining-and-Pierre-Selwan.pdf."},{"key":"e_1_3_2_1_54_1","volume-title":"DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. In MICRO.","author":"Kiriansky Vladimir","year":"2018","unstructured":"Vladimir Kiriansky , Ilia Lebedev , Saman Amarasinghe , Srinivas Devadas , and Joel Emer . 2018 . DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. In MICRO. Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, and Joel Emer. 2018. DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. In MICRO."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish Thomas Sewell Harvey Tuch and Simon Winwood. 2009. seL4: Formal Verification of an OS Kernel. In SOSP.  Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish Thomas Sewell Harvey Tuch and Simon Winwood. 2009. seL4: Formal Verification of an OS Kernel. In SOSP.","DOI":"10.1145\/1629575.1629596"},{"key":"e_1_3_2_1_56_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher , Daniel Genkin , Daniel Gruss , Werner Haas , Mike Hamburg , Moritz Lipp , Stefan Mangard , Thomas Prescher , Michael Schwarz , and Yuval Yarom . 2019 . Spectre Attacks: Exploiting Speculative Execution . In IEEE S &P. Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In IEEE S&P."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Patrick Koeberl Steffen Schulz Ahmad-Reza Sadeghi and Vijay Varadharajan. 2014. TrustLite: A Security Architecture for Tiny Embedded Devices. In EuroSys.  Patrick Koeberl Steffen Schulz Ahmad-Reza Sadeghi and Vijay Varadharajan. 2014. TrustLite: A Security Architecture for Tiny Embedded Devices. In EuroSys.","DOI":"10.1145\/2592798.2592824"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Ilia Lebedev Kyle Hogan and Srinivas Devadas. 2018. Secure Boot and Remote Attestation in the Sanctum Processor. In CSF.  Ilia Lebedev Kyle Hogan and Srinivas Devadas. 2018. Secure Boot and Remote Attestation in the Sanctum Processor. In CSF.","DOI":"10.1109\/CSF.2018.00011"},{"key":"e_1_3_2_1_59_1","unstructured":"Dayeol Lee Dongha Jung Ian T. Fang Chia-Che Tsai and Raluca Ada Popa. 2020. An Off-Chip Attack on Hardware Enclaves via the Memory Bus. In USENIX Security.  Dayeol Lee Dongha Jung Ian T. Fang Chia-Che Tsai and Raluca Ada Popa. 2020. An Off-Chip Attack on Hardware Enclaves via the Memory Bus. In USENIX Security."},{"key":"e_1_3_2_1_60_1","unstructured":"J. Liedtke. 199"},{"key":"e_1_3_2_1_61_1","volume-title":"TrustVisor: Efficient TCB Reduction and Attestation","author":"McCune Jonathan M.","unstructured":"Jonathan M. McCune , Yanlin Li , Ning Qu , Zongwei Zhou , Anupam Datta , Virgil Gligor , and Adrian Perrig . 2010. TrustVisor: Efficient TCB Reduction and Attestation . In IEEE S &P. Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB Reduction and Attestation. In IEEE S&P."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352625"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"crossref","unstructured":"Frank McKeen Ilya Alexandrovich Ittai Anati Dror Caspi Simon Johnson Rebekah Leslie-Hurd and Carlos Rozas. 2016. Intel Software Guard Extensions Support for Dynamic Memory Management Inside an Enclave. In HASP.  Frank McKeen Ilya Alexandrovich Ittai Anati Dror Caspi Simon Johnson Rebekah Leslie-Hurd and Carlos Rozas. 2016. Intel Software Guard Extensions Support for Dynamic Memory Management Inside an Enclave. In HASP.","DOI":"10.1145\/2948618.2954331"},{"key":"e_1_3_2_1_64_1","volume-title":"Savagaonkar","author":"McKeen Frank","year":"2013","unstructured":"Frank McKeen , Ilya Alexandrovich , Alex Berenzon , Carlos V. Rozas , Hisham Shafi , Vedvyas Shanbhogue , and Uday R . Savagaonkar . 2013 . Innovative Instructions and Software Model for Isolated Execution. In HASP. Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative Instructions and Software Model for Isolated Execution. In HASP."},{"key":"e_1_3_2_1_65_1","volume-title":"Conference on the theory and application of cryptographic techniques. Springer, 369--378","author":"Merkle Ralph C","year":"1987","unstructured":"Ralph C Merkle . 1987 . A digital signature based on a conventional encryption function . In Conference on the theory and application of cryptographic techniques. Springer, 369--378 . Ralph C Merkle. 1987. A digital signature based on a conventional encryption function. In Conference on the theory and application of cryptographic techniques. Springer, 369--378."},{"key":"e_1_3_2_1_66_1","volume-title":"Welcome to the Entropics: Boot-time entropy in embedded devices","author":"Mowery Keaton","unstructured":"Keaton Mowery , Michael Wei , David Kohlbrenner , Hovav Shacham , and Steven Swanson . 2013. Welcome to the Entropics: Boot-time entropy in embedded devices . In IEEE S &P. Keaton Mowery, Michael Wei, David Kohlbrenner, Hovav Shacham, and Steven Swanson. 2013. Welcome to the Entropics: Boot-time entropy in embedded devices. In IEEE S&P."},{"key":"e_1_3_2_1_67_1","unstructured":"Jason Garms Nelly Porter. 2019. Advancing confidential computing with Asylo and the Confidential Computing Challenge. https:\/\/cloud.google.com\/blog\/products\/identity-security\/advancing-confidential-computing-with-asylo-and-the-confidential-computing-challenge.  Jason Garms Nelly Porter. 2019. Advancing confidential computing with Asylo and the Confidential Computing Challenge. https:\/\/cloud.google.com\/blog\/products\/identity-security\/advancing-confidential-computing-with-asylo-and-the-confidential-computing-challenge."},{"key":"e_1_3_2_1_68_1","volume-title":"Serval: Scaling Symbolic Evaluation for Automated Verification of Systems Code. In SOSP.","author":"Nelson Luke","year":"2019","unstructured":"Luke Nelson , James Bornholt , Ronghui Gu , Andrew Baumann , Emina Torlak , and Xi Wang . 2019 . Serval: Scaling Symbolic Evaluation for Automated Verification of Systems Code. In SOSP. Luke Nelson, James Bornholt, Ronghui Gu, Andrew Baumann, Emina Torlak, and Xi Wang. 2019. Serval: Scaling Symbolic Evaluation for Automated Verification of Systems Code. In SOSP."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132748"},{"key":"e_1_3_2_1_70_1","unstructured":"Khang T Nguyen. 2016. Introduction to Cache Allocation Technology in the Intel\u00c2\u0151 Xeon\u00c2\u0151 Processor E5 v4 Family. https:\/\/software.intel.com\/en-us\/articles\/introduction-to-cache-allocation-technology.  Khang T Nguyen. 2016. Introduction to Cache Allocation Technology in the Intel\u00c2\u0151 Xeon\u00c2\u0151 Processor E5 v4 Family. https:\/\/software.intel.com\/en-us\/articles\/introduction-to-cache-allocation-technology."},{"key":"e_1_3_2_1_71_1","volume-title":"Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In ATC.","author":"Oleksenko Oleksii","year":"2018","unstructured":"Oleksii Oleksenko , Bohdan Trach , Robert Krahn , Mark Silberstein , and Christof Fetzer . 2018 . Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In ATC. Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In ATC."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064219"},{"key":"e_1_3_2_1_73_1","unstructured":"Meni Orenbach Yan Michalevsky Christof Fetzer and Mark Silberstein. 2019. CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves. In ATC.  Meni Orenbach Yan Michalevsky Christof Fetzer and Mark Silberstein. 2019. CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves. In ATC."},{"key":"e_1_3_2_1_74_1","unstructured":"Nate Graff Palmer Dabbelt. 2018. SiFive's Trusted Execution Reference Platform. https:\/\/content.riscv.org\/wp-content\/uploads\/2018\/12\/SiFives-Trusted-Execution-Reference-Platform-Palmer-Dabbelt-1-1.pdf.  Nate Graff Palmer Dabbelt. 2018. SiFive's Trusted Execution Reference Platform. https:\/\/content.riscv.org\/wp-content\/uploads\/2018\/12\/SiFives-Trusted-Execution-Reference-Platform-Palmer-Dabbelt-1-1.pdf."},{"key":"e_1_3_2_1_75_1","volume-title":"Boot-strapping Trust in Commodity Computers","author":"Parno Bryan","unstructured":"Bryan Parno , Jonathan M. McCune , and Adrian Perrig . 2010. Boot-strapping Trust in Commodity Computers . In IEEE S &P. Bryan Parno, Jonathan M. McCune, and Adrian Perrig. 2010. Boot-strapping Trust in Commodity Computers. In IEEE S&P."},{"key":"e_1_3_2_1_76_1","volume-title":"Hunt","author":"Porter Donald E.","year":"2011","unstructured":"Donald E. Porter , Silas Boyd-Wickizer , Jon Howell , Reuben Olinsky , and Galen C . Hunt . 2011 . Rethinking the Library OS from the Top Down. In ASPLOS. Donald E. Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinsky, and Galen C. Hunt. 2011. Rethinking the Library OS from the Top Down. In ASPLOS."},{"key":"e_1_3_2_1_77_1","volume-title":"Ports and Tal Garfinkel","author":"Dan R.","year":"2008","unstructured":"Dan R. K. Ports and Tal Garfinkel . 2008 . Towards Application Security on Untrusted Operating Systems. In HOTSEC. Dan R. K. Ports and Tal Garfinkel. 2008. Towards Application Security on Untrusted Operating Systems. In HOTSEC."},{"key":"e_1_3_2_1_78_1","volume-title":"R. Schell, and M. Gasser.","author":"S.","year":"1983","unstructured":"S. r. Ames , R. Schell, and M. Gasser. 1983 . Security Kernel Design and Implementation: An Introduction . Computer 16, 07 (1983). S. r. Ames, R. Schell, and M. Gasser. 1983. Security Kernel Design and Implementation: An Introduction. Computer 16, 07 (1983)."},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"crossref","unstructured":"B. Rogers S. Chhabra M. Prvulovic and Y. Solihin. 2007. Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly. In MICRO.  B. Rogers S. Chhabra M. Prvulovic and Y. Solihin. 2007. Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly. In MICRO.","DOI":"10.1109\/MICRO.2007.16"},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"crossref","unstructured":"Samuel Weiser and Mario Werner and Ferdinand Brasser and Maja Malenko and Stefan Mangard and Ahmad-Reza Sadeghi. 2019. TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V. In NDSS.  Samuel Weiser and Mario Werner and Ferdinand Brasser and Maja Malenko and Stefan Mangard and Ahmad-Reza Sadeghi. 2019. TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V. In NDSS.","DOI":"10.14722\/ndss.2019.23068"},{"key":"e_1_3_2_1_81_1","volume-title":"Shruti Tople, and Prateek Saxena.","author":"Shinde Shweta","year":"2017","unstructured":"Shweta Shinde , Dat Le Tien , Shruti Tople, and Prateek Saxena. 2017 . Panoply : Low-TCB Linux Applications With SGX Enclaves. In NDSS. Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. Panoply: Low-TCB Linux Applications With SGX Enclaves. In NDSS."},{"key":"e_1_3_2_1_82_1","unstructured":"Shweta Shinde Shengi Wang Pinghai Yuan Aquinas Hobor Abhik Roychoudhury and Prateek Saxena. 2020. BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof. In USENIX Security.  Shweta Shinde Shengi Wang Pinghai Yuan Aquinas Hobor Abhik Roychoudhury and Prateek Saxena. 2020. BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof. In USENIX Security."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"crossref","unstructured":"Rohit Sinha Manuel Costa Akash Lal Nuno Lopes Sanjit Seshia Sriram Rajamani and Kapil Vaswani. 2016. A Design and Verification Methodology for Secure Isolated Regions. In PLDI.  Rohit Sinha Manuel Costa Akash Lal Nuno Lopes Sanjit Seshia Sriram Rajamani and Kapil Vaswani. 2016. A Design and Verification Methodology for Secure Isolated Regions. In PLDI.","DOI":"10.1145\/2908080.2908113"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813608"},{"key":"e_1_3_2_1_85_1","volume-title":"Seshia","author":"Subramanyan Pramod","year":"2017","unstructured":"Pramod Subramanyan , Rohit Sinha , Ilia Lebedev , Srinivas Devadas , and Sanjit A . Seshia . 2017 . A Formal Foundation for Secure Remote Execution of Enclaves. In CCS. Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, and Sanjit A. Seshia. 2017. A Formal Foundation for Secure Remote Execution of Enclaves. In CCS."},{"key":"e_1_3_2_1_86_1","volume-title":"Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions. SIGARCH Comput. Archit. News","author":"Suh G. Edward","year":"2005","unstructured":"G. Edward Suh , Charles W. O'Donnell , Ishan Sachdev , and Srinivas Devadas . 2005. Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions. SIGARCH Comput. Archit. News ( 2005 ). G. Edward Suh, Charles W. O'Donnell, Ishan Sachdev, and Srinivas Devadas. 2005. Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions. SIGARCH Comput. Archit. News (2005)."},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"crossref","unstructured":"David Lie Chandramohan Thekkath Mark Mitchell Patrick Lincoln Dan Boneh John Mitchell and Mark Horowitz. 2000. Architectural Support for Copy and Tamper Resistant Software. In ASPLOS.  David Lie Chandramohan Thekkath Mark Mitchell Patrick Lincoln Dan Boneh John Mitchell and Mark Horowitz. 2000. Architectural Support for Copy and Tamper Resistant Software. In ASPLOS.","DOI":"10.21236\/ADA419599"},{"key":"e_1_3_2_1_88_1","volume-title":"Privado: Practical and Secure DNN Inference. ArXiv","author":"Tople Shruti","year":"2018","unstructured":"Shruti Tople , Karan Grover , Shweta Shinde , Ranjita Bhagwan , and Ramachandran Ramjee . 2018 . Privado: Practical and Secure DNN Inference. ArXiv (2018). arXiv:1810.00602 Shruti Tople, Karan Grover, Shweta Shinde, Ranjita Bhagwan, and Ramachandran Ramjee. 2018. Privado: Practical and Secure DNN Inference. ArXiv (2018). arXiv:1810.00602"},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"crossref","unstructured":"Ofir Weisse Valeria Bertacco and Todd Austin. 2017. Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves. In ISCA.  Ofir Weisse Valeria Bertacco and Todd Austin. 2017. Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves. In ISCA.","DOI":"10.1145\/3079856.3080208"},{"key":"e_1_3_2_1_90_1","volume-title":"Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems","author":"Xu Yuanzhong","unstructured":"Yuanzhong Xu , Weidong Cui , and Marcus Peinado . 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems . In IEEE S &P. Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In IEEE S&P."},{"key":"e_1_3_2_1_91_1","volume":"201","author":"Yan M.","unstructured":"M. Yan , J. Choi , D. Skarlatos , A. Morrison , C. Fletcher , and J. Torrellas. 201 8. InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy. In MICRO. M. Yan, J. Choi, D. Skarlatos, A. Morrison, C. Fletcher, and J. Torrellas. 2018. InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy. In MICRO.","journal-title":"J. Torrellas."}],"event":{"name":"EuroSys '20: Fifteenth EuroSys Conference 2020","location":"Heraklion Greece","acronym":"EuroSys '20","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the Fifteenth European Conference on Computer Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3342195.3387532","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3342195.3387532","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3342195.3387532","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:43:26Z","timestamp":1750207406000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3342195.3387532"}},"subtitle":["an open framework for architecting trusted execution environments"],"short-title":[],"issued":{"date-parts":[[2020,4,15]]},"references-count":84,"alternative-id":["10.1145\/3342195.3387532","10.1145\/3342195"],"URL":"https:\/\/doi.org\/10.1145\/3342195.3387532","relation":{},"subject":[],"published":{"date-parts":[[2020,4,15]]},"assertion":[{"value":"2020-04-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}