{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:46:52Z","timestamp":1772041612062,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560592","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"1231-1242","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Hecate"],"prefix":"10.1145","author":[{"given":"Xinyang","family":"Ge","sequence":"first","affiliation":[{"name":"Microsoft Research & Databricks, Bellevue, WA, USA"}]},{"given":"Hsuan-Chi","family":"Kuo","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Champaign, IL, USA"}]},{"given":"Weidong","family":"Cui","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AMD64 Architecture Programmer's Manual Volume 2: System Programming. https:\/\/developer.amd.com\/resources\/developer-guides-manuals.  AMD64 Architecture Programmer's Manual Volume 2: System Programming. https:\/\/developer.amd.com\/resources\/developer-guides-manuals."},{"key":"e_1_3_2_1_2_1","unstructured":"ARM Confidential Compute Architecture. https:\/\/www.arm.com\/why-arm\/ architecture\/security-features\/arm-confidential-compute-architecture.  ARM Confidential Compute Architecture. https:\/\/www.arm.com\/why-arm\/ architecture\/security-features\/arm-confidential-compute-architecture."},{"key":"e_1_3_2_1_3_1","unstructured":"AWS Nitro Enclaves. https:\/\/aws.amazon.com\/ec2\/nitro\/nitro-enclaves\/.  AWS Nitro Enclaves. https:\/\/aws.amazon.com\/ec2\/nitro\/nitro-enclaves\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Hypervisor-Protected Code Integrity (HVCI). https:\/\/docs.microsoft.com\/en- us\/windows-hardware\/drivers\/bringup\/device-guard-and-credential-guard.  Hypervisor-Protected Code Integrity (HVCI). https:\/\/docs.microsoft.com\/en- us\/windows-hardware\/drivers\/bringup\/device-guard-and-credential-guard."},{"key":"e_1_3_2_1_5_1","unstructured":"Intel Trust Domain Extensions (Intel TDX). https:\/\/www.intel.com\/content\/ www\/us\/en\/developer\/articles\/technical\/intel-trust-domain-extensions.html.  Intel Trust Domain Extensions (Intel TDX). https:\/\/www.intel.com\/content\/ www\/us\/en\/developer\/articles\/technical\/intel-trust-domain-extensions.html."},{"key":"e_1_3_2_1_6_1","unstructured":"SEV-ES Guest-Hypervisor Communication Block Standardization. https:\/\/ developer.amd.com\/wp-content\/resources\/56421.pdf.  SEV-ES Guest-Hypervisor Communication Block Standardization. https:\/\/ developer.amd.com\/wp-content\/resources\/56421.pdf."},{"key":"e_1_3_2_1_7_1","unstructured":"MacVTap. https:\/\/virt.kernelnewbies.org\/MacVTap.  MacVTap. https:\/\/virt.kernelnewbies.org\/MacVTap."},{"key":"e_1_3_2_1_8_1","unstructured":"AMD SEV-SNP: Strengthening VM Isolation with Integrity Protection and More. https:\/\/www.amd.com\/system\/files\/TechDocs\/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf.  AMD SEV-SNP: Strengthening VM Isolation with Integrity Protection and More. https:\/\/www.amd.com\/system\/files\/TechDocs\/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf."},{"key":"e_1_3_2_1_9_1","unstructured":"AMD Server Vulnerabilities. https:\/\/www.amd.com\/en\/corporate\/product- security\/bulletin\/amd-sb-1021.  AMD Server Vulnerabilities. https:\/\/www.amd.com\/en\/corporate\/product- security\/bulletin\/amd-sb-1021."},{"key":"e_1_3_2_1_10_1","unstructured":"Using SQL Server in Windows. https:\/\/docs.microsoft.com\/en-us\/troubleshoot\/ sql\/general\/use-sql-server-in-windows.  Using SQL Server in Windows. https:\/\/docs.microsoft.com\/en-us\/troubleshoot\/ sql\/general\/use-sql-server-in-windows."},{"key":"e_1_3_2_1_11_1","unstructured":"SEV Secure Nested Paging Firmware ABI Specification. https:\/\/www.amd.com\/ system\/files\/TechDocs\/56860.pdf  SEV Secure Nested Paging Firmware ABI Specification. https:\/\/www.amd.com\/ system\/files\/TechDocs\/56860.pdf"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23009"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI).","author":"Baumann Andrew","year":"2014","unstructured":"Andrew Baumann , Marcus Peinado , and Galen Hunt . 2014 . Shielding Applications from an Untrusted Cloud with Haven . In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding Applications from an Untrusted Cloud with Haven. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI)."},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI).","author":"Ben-Yehuda Muli","year":"2010","unstructured":"Muli Ben-Yehuda , Michael D Day , Zvi Dubitzky , Michael Factor , Nadav Har'El , Abel Gordon , Anthony Liguori , Orit Wasserman , and Ben-Ami Yassour . 2010 . The Turtles Project: Design and Implementation of Nested Virtualization . In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Muli Ben-Yehuda, Michael D Day, Zvi Dubitzky, Michael Factor, Nadav Har'El, Abel Gordon, Anthony Liguori, Orit Wasserman, and Ben-Ami Yassour. 2010. The Turtles Project: Design and Implementation of Nested Virtualization. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_2"},{"key":"e_1_3_2_1_16_1","unstructured":"Cilium. BPF and XDP Reference Guide. https:\/\/docs.cilium.io\/en\/latest\/bpf\/.  Cilium. BPF and XDP Reference Guide. https:\/\/docs.cilium.io\/en\/latest\/bpf\/."},{"key":"e_1_3_2_1_17_1","unstructured":"Cilium. Cilium Network Policies. https:\/\/docs.cilium.io\/en\/stable\/policy\/.  Cilium. Cilium Network Policies. https:\/\/docs.cilium.io\/en\/stable\/policy\/."},{"key":"e_1_3_2_1_18_1","unstructured":"Cilium. eBPF-based Networking Observability and Security. https:\/\/cilium.io.  Cilium. eBPF-based Networking Observability and Security. https:\/\/cilium.io."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 2003 Network and Distributed System Security Symposium (NDSS).","author":"Garfinkel Tal","year":"2003","unstructured":"Tal Garfinkel and Mendel Rosenblum . 2003 . A Virtual Machine Introspection based Architecture for Intrusion Detection . In Proceedings of the 2003 Network and Distributed System Security Symposium (NDSS). Tal Garfinkel and Mendel Rosenblum. 2003. A Virtual Machine Introspection based Architecture for Intrusion Detection. In Proceedings of the 2003 Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_22_1","volume-title":"Proceedings of the 3rd Mobile Security Technology Workshop (MOST).","author":"Ge Xinyang","year":"2014","unstructured":"Xinyang Ge , Hayawardh Vijayakumar , and Trent Jaeger . 2014 . Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture . In Proceedings of the 3rd Mobile Security Technology Workshop (MOST). Xinyang Ge, Hayawardh Vijayakumar, and Trent Jaeger. 2014. Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture. In Proceedings of the 3rd Mobile Security Technology Workshop (MOST)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2011.26"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3081333.3081349"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23189"},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the 2007 Ottawa Linux Symposium.","author":"Kivity Avi","year":"2007","unstructured":"Avi Kivity , Yaniv Kamay , Dor Laor , Uri Lublin , and Anthony Liguori . 2007 . KVM: the Linux Virtual Machine Monitor . In Proceedings of the 2007 Ottawa Linux Symposium. Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, and Anthony Liguori. 2007. KVM: the Linux Virtual Machine Monitor. In Proceedings of the 2007 Ottawa Linux Symposium."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241233"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483554"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485253"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceed- ings of the 28th USENIX Security Symposium (Santa Clara, CA). 1257--1272. https: \/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li-mengyuan","author":"Li Mengyuan","unstructured":"Mengyuan Li , Yinqian Zhang , Zhiqiang Lin , and Yan Solihin . 2019. Exploiting Un- protected I\/O Operations in AMD's Secure Encrypted Virtualization . In Proceed- ings of the 28th USENIX Security Symposium (Santa Clara, CA). 1257--1272. https: \/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li-mengyuan Mengyuan Li, Yinqian Zhang, Zhiqiang Lin, and Yan Solihin. 2019. Exploiting Un- protected I\/O Operations in AMD's Secure Encrypted Virtualization. In Proceed- ings of the 28th USENIX Security Symposium (Santa Clara, CA). 1257--1272. https: \/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li-mengyuan"},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 30th USENIX Security Symposium.","author":"Li Mengyuan","year":"2021","unstructured":"Mengyuan Li , Yinqian Zhang , Huibo Wang , Kang Li , and Yueqiang Cheng . 2021 . CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel . In Proceedings of the 30th USENIX Security Symposium. Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, and Yueqiang Cheng. 2021. CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel. In Proceedings of the 30th USENIX Security Symposium."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378467"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the 20th International Symposium on High Performance Computer Architecture (HPCA).","author":"Liu Yutao","year":"2014","unstructured":"Yutao Liu , Yubin Xia , Haibing Guan , Binyu Zang , and Haibo Chen . 2014 . Concur- rent and Consistent Virtual Machine Introspection with Hardware Transactional Memory . In Proceedings of the 20th International Symposium on High Performance Computer Architecture (HPCA). Yutao Liu, Yubin Xia, Haibing Guan, Binyu Zang, and Haibo Chen. 2014. Concur- rent and Consistent Virtual Machine Introspection with Hardware Transactional Memory. In Proceedings of the 20th International Symposium on High Performance Computer Architecture (HPCA)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3292006.3300022"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23226"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653720"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378469"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046751"},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the 2017 USENIX Annual Technical Conference (ATC).","author":"Tsai Chia-Che","year":"2017","unstructured":"Chia-Che Tsai , Donald E Porter , and Mona Vij . 2017 . Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX . In Proceedings of the 2017 USENIX Annual Technical Conference (ATC). Chia-Che Tsai, Donald E Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC)."},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 27th USENIX Security Symposium.","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck , Marina Minkin , Ofir Weisse , Daniel Genkin , Baris Kasikci , Frank Piessens , Mark Silberstein , Thomas F Wenisch , Yuval Yarom , and Raoul Strackx . 2018 . Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution . In Proceedings of the 27th USENIX Security Symposium. Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In Proceedings of the 27th USENIX Security Symposium."},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the 26th USENIX Security Symposium.","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck , Nico Weichbrodt , R\u00fcdiger Kapitza , Frank Piessens , and Raoul Strackx . 2017 . Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution . In Proceedings of the 26th USENIX Security Symposium. Jo Van Bulck, Nico Weichbrodt, R\u00fcdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In Proceedings of the 26th USENIX Security Symposium."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043576"},{"key":"e_1_3_2_1_45_1","volume-title":"Proceedings of the 26th USENIX Security Symposium","author":"Zhao Siqi","year":"2017","unstructured":"Siqi Zhao , Xuhua Ding , Wen Xu , and Dawu Gu . 2017 . Seeing Through the Same Lens: Introspecting Guest Address Space at Native Speed . In Proceedings of the 26th USENIX Security Symposium Siqi Zhao, Xuhua Ding, Wen Xu, and Dawu Gu. 2017. Seeing Through the Same Lens: Introspecting Guest Address Space at Native Speed. In Proceedings of the 26th USENIX Security Symposium"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560592","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560592","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:50:58Z","timestamp":1750182658000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560592"}},"subtitle":["Lifting and Shifting On-Premises Workloads to an Untrusted Cloud"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":45,"alternative-id":["10.1145\/3548606.3560592","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560592","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}