{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T10:37:36Z","timestamp":1779359856953,"version":"3.51.4"},"reference-count":14,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2021,2,28]],"date-time":"2021-02-28T00:00:00Z","timestamp":1614470400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Queue"],"published-print":{"date-parts":[[2021,2,28]]},"abstract":"<jats:p>Although largely driven by economies of scale, the development of the modern cloud also enables increased security. Large data centers provide aggregate availability, reliability, and security assurances. The operational cost of ensuring that operating systems, databases, and other services have secure configurations can be amortized among all tenants, allowing the cloud provider to employ experts who are responsible for security; this is often unfeasible for smaller businesses, where the role of systems administrator is often conflated with many others.<\/jats:p>","DOI":"10.1145\/3454122.3456125","type":"journal-article","created":{"date-parts":[[2021,3,9]],"date-time":"2021-03-09T23:40:15Z","timestamp":1615333215000},"page":"49-76","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Toward Confidential Cloud Computing"],"prefix":"10.1145","volume":"19","author":[{"given":"Mark","family":"Russinovich","sequence":"first","affiliation":[{"name":"Microsoft Azure"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Manuel","family":"Costa","sequence":"additional","affiliation":[{"name":"Microsoft Research Cambridge"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"C\u00e9dric","family":"Fournet","sequence":"additional","affiliation":[{"name":"Microsoft Research"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Chisnall","sequence":"additional","affiliation":[{"name":"Microsoft Research Cambridge"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Antoine","family":"Delignat-Lavaud","sequence":"additional","affiliation":[{"name":"Microsoft Research Cambridge"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sylvan","family":"Clebsch","sequence":"additional","affiliation":[{"name":"Microsoft Research Cambridge"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kapil","family":"Vaswani","sequence":"additional","affiliation":[{"name":"Microsoft Research"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vikas","family":"Bhatia","sequence":"additional","affiliation":[{"name":"Azure Confidential Computing"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,3,9]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"AWS Nitro Enclaves. AWS; https:\/\/aws.amazon.com\/ec2\/nitro\/nitro-enclaves\/."},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the 11th Usenix Symposium on Operating Systems Design and Implementation; https:\/\/www.usenix.org\/conference\/osdi14\/technical-sessions\/presentation\/baumann.","author":"Baumann A.","year":"2014","unstructured":"Baumann, A., Peinado, M., Hunt, G. 2014. Shielding applications from an untrusted cloud with Haven. Proceedings of the 11th Usenix Symposium on Operating Systems Design and Implementation; https:\/\/www.usenix.org\/conference\/osdi14\/technical-sessions\/presentation\/baumann."},{"key":"e_1_2_1_3_1","unstructured":"Carruth C. 2018. Speculative load hardening. LLVM Compiler Infrastructure; https:\/\/llvm.org\/docs\/SpeculativeLoadHardening.html."},{"key":"e_1_2_1_4_1","unstructured":"Confidential Consortium Framework. GitHub; https:\/\/github.com\/microsoft\/CCF."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 25th Usenix Security Symposium, 619-636; https:\/\/dl.acm.org\/doi\/10","author":"Ohrimenko O.","year":"2016","unstructured":"Ohrimenko, O., et al. 2016. Oblivious multi-party machine learning on trusted processors. Proceedings of the 25th Usenix Security Symposium, 619-636; https:\/\/dl.acm.org\/doi\/10.5555\/3241094.3241143."},{"key":"e_1_2_1_6_1","unstructured":"Open Enclave SDK. GitHub; https:\/\/github.com\/openenclave\/openenclave."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00025"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3322246"},{"key":"e_1_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Sakalis C. et al. 2019. Efficient invisible speculative execution through selective delay and value prediction. Proceedings of the International Symposium on Computer Architecture; https:\/\/www.researchgate.net\/publication\/333755760_Efficient_Invisible_Speculative_Execution_through_Selective_Delay_and_Value_Prediction.","DOI":"10.1145\/3307650.3322216"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.10"},{"key":"e_1_2_1_11_1","unstructured":"SGX-LKL. GitHub; https:\/\/github.com\/lsds\/sgx-lkl."},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of the 13th Usenix Symposium on Operating Systems Design and Implementation; https:\/\/www.usenix.org\/system\/files\/osdi18-volos.pdf.","author":"Volos S.","year":"2018","unstructured":"Volos, S., et al. 2018. Graviton: trusted execution environments on GPUs. Proceedings of the 13th Usenix Symposium on Operating Systems Design and Implementation; https:\/\/www.usenix.org\/system\/files\/osdi18-volos.pdf."},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the 28th Usenix Security Symposium; https:\/\/www.usenix.org\/system\/files\/sec19-werner.pdf.","author":"Werner M.","year":"2019","unstructured":"Werner, M., et al. 2019. ScatterCache: thwarting cache attacks via cache set randomization. Proceedings of the 28th Usenix Security Symposium; https:\/\/www.usenix.org\/system\/files\/sec19-werner.pdf."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00042"}],"container-title":["Queue"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3454122.3456125","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3454122.3456125","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:47:51Z","timestamp":1750193271000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3454122.3456125"}},"subtitle":["Extending hardware-enforced cryptographic protection to data while in use"],"short-title":[],"issued":{"date-parts":[[2021,2,28]]},"references-count":14,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,2,28]]}},"alternative-id":["10.1145\/3454122.3456125"],"URL":"https:\/\/doi.org\/10.1145\/3454122.3456125","relation":{},"ISSN":["1542-7730","1542-7749"],"issn-type":[{"value":"1542-7730","type":"print"},{"value":"1542-7749","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,2,28]]},"assertion":[{"value":"2021-03-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}