{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T14:22:56Z","timestamp":1766067776102,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":58,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,6,22]],"date-time":"2023-06-22T00:00:00Z","timestamp":1687392000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,6,22]]},"DOI":"10.1145\/3593856.3595900","type":"proceedings-article","created":{"date-parts":[[2023,6,22]],"date-time":"2023-06-22T22:20:41Z","timestamp":1687472441000},"page":"231-238","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Creating Trust by Abolishing Hierarchies"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-7021-158X","authenticated-orcid":false,"given":"Charly","family":"Castes","sequence":"first","affiliation":[{"name":"EPFL, Lausanne, Vaud, Switzerland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-6872-6525","authenticated-orcid":false,"given":"Adrien","family":"Ghosn","sequence":"additional","affiliation":[{"name":"Microsoft, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-1507-5787","authenticated-orcid":false,"given":"Neelu S.","family":"Kalani","sequence":"additional","affiliation":[{"name":"EPFL, Lausanne, Vaud, Switzerland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6567-8792","authenticated-orcid":false,"given":"Yuchen","family":"Qian","sequence":"additional","affiliation":[{"name":"EPFL, Lausanne, Vaud, Switzerland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7034-5284","authenticated-orcid":false,"given":"Marios","family":"Kogias","sequence":"additional","affiliation":[{"name":"Imperial College London, London, United Kingdom"},{"name":"Microsoft, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5054-7547","authenticated-orcid":false,"given":"Mathias","family":"Payer","sequence":"additional","affiliation":[{"name":"EPFL, Lausanne, Vaud, Switzerland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7237-6929","authenticated-orcid":false,"given":"Edouard","family":"Bugnion","sequence":"additional","affiliation":[{"name":"EPFL, Lausanne, Vaud, Switzerland"}]}],"member":"320","published-online":{"date-parts":[[2023,6,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AMD. Secure virtual machine architecture reference manual 2005."},{"key":"e_1_3_2_1_2_1","volume-title":"https:\/\/developer.amd.com\/sev\/","author":"Secure Encrypted Virtualization","year":"2018","unstructured":"AMD. Secure Encrypted Virtualization (SEV). https:\/\/developer.amd.com\/sev\/, 2018."},{"key":"e_1_3_2_1_3_1","volume-title":"White Paper","author":"Sev","year":"2020","unstructured":"AMD. Sev-snp: Strengthening vm isolation with integrity protection and more. White Paper, January (2020)."},{"key":"e_1_3_2_1_4_1","volume-title":"White Paper","author":"Building","year":"2009","unstructured":"ARM. Building a secure system using trustzone technology. White Paper, April (2009)."},{"key":"e_1_3_2_1_5_1","first-page":"689","volume-title":"SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th Symposium on Operating System Design and Implementation (OSDI)","author":"Arnautov S.","year":"2016","unstructured":"Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., O'Keeffe, D., Stillwell, M., Goltzsche, D., Eyers, D. M., Kapitza, R., Pietzuch, P. R., and Fetzer, C. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th Symposium on Operating System Design and Implementation (OSDI) (2016), pp. 689--703."},{"key":"e_1_3_2_1_6_1","first-page":"1073","volume-title":"CURE: A Security Architecture with CUstomizable and Resilient Enclaves. In Proceedings of the 30th USENIX Security Symposium","author":"Bahmani R.","year":"2021","unstructured":"Bahmani, R., Brasser, F., Dessouky, G., Jauernig, P., Klimmek, M., Sadeghi, A.-R., and Stapf, E. CURE: A Security Architecture with CUstomizable and Resilient Enclaves. In Proceedings of the 30th USENIX Security Symposium (2021), pp. 1073--1090."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3102980.3103002"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"e_1_3_2_1_9_1","first-page":"267","volume-title":"Safety and Performance in the SPIN Operating System. In Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP)","author":"Bershad B. N.","year":"1995","unstructured":"Bershad, B. N., Savage, S., Pardyak, P., Sirer, E. G., Fiuczynski, M. E., Becker, D., Chambers, C., and Eggers, S. J. Extensibility, Safety and Performance in the SPIN Operating System. In Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP) (1995), pp. 267--284."},{"key":"e_1_3_2_1_10_1","first-page":"309","volume-title":"Proceedings of the 5th Symposium on Networked Systems Design and Implementation (NSDI)","author":"Bittau A.","year":"2008","unstructured":"Bittau, A., Marchenko, P., Handley, M., and Karp, B. Wedge: Splitting Applications into Reduced-Privilege Compartments. In Proceedings of the 5th Symposium on Networked Systems Design and Implementation (NSDI) (2008), pp. 309--322."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2592798.2592812"},{"key":"e_1_3_2_1_12_1","first-page":"645","volume-title":"Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC)","author":"Tsai C.","year":"2017","unstructured":"che Tsai, C., Porter, D. E., and Vij, M. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC) (2017), pp. 645--658."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346284"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1463891.1463912"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2694344.2694386"},{"key":"e_1_3_2_1_16_1","first-page":"251","volume-title":"J. W. O. Exokernel: An Operating System Architecture for Application-Level Resource Management. In Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP)","author":"Engler D. R.","year":"1995","unstructured":"Engler, D. R., Kaashoek, M. F., and Jr., J. W. O. Exokernel: An Operating System Architecture for Application-Level Resource Management. In Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP) (1995), pp. 251--266."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132782"},{"key":"e_1_3_2_1_18_1","first-page":"137","volume-title":"Microkernels Meet Recursive Virtual Machines. In Proceedings of the 2nd Symposium on Operating System Design and Implementation (OSDI)","author":"Ford B.","year":"1996","unstructured":"Ford, B., Hibler, M., Lepreau, J., Tullmann, P., Back, G., and Clawson, S. Microkernels Meet Recursive Virtual Machines. In Proceedings of the 2nd Symposium on Operating System Design and Implementation (OSDI) (1996), pp. 137--151."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446728"},{"key":"e_1_3_2_1_20_1","first-page":"571","volume-title":"Secured Routines: Language-based Construction of Trusted Execution Environments. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC)","author":"Ghosn A.","year":"2019","unstructured":"Ghosn, A., Larus, J. R., and Bugnion, E. Secured Routines: Language-based Construction of Trusted Execution Environments. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC) (2019), pp. 571--586."},{"key":"e_1_3_2_1_21_1","first-page":"1016","volume-title":"Clean Application Compartmentalization with SOAAP. In Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Gudka K.","year":"2015","unstructured":"Gudka, K., Watson, R. N. M., Anderson, J., Chisnall, D., Davis, B., Laurie, B., Marinos, I., Neumann, P. G., and Richardson, A. Clean Application Compartmentalization with SOAAP. In Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security (CCS) (2015), pp. 1016--1031."},{"key":"e_1_3_2_1_22_1","first-page":"489","volume-title":"Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC)","author":"Hedayati M.","year":"2019","unstructured":"Hedayati, M., Gravani, S., Johnson, E., Criswell, J., Scott, M. L., Shen, K., and Marty, M. Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC) (2019), pp. 489--504."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451146"},{"key":"e_1_3_2_1_24_1","first-page":"393","volume-title":"Enforcing Least Privilege Memory Views for Multithreaded Applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Hsu T. C.-H.","year":"2016","unstructured":"Hsu, T. C.-H., Hoffman, K. J., Eugster, P., and Payer, M. Enforcing Least Privilege Memory Views for Multithreaded Applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS) (2016), pp. 393--405."},{"key":"e_1_3_2_1_25_1","volume-title":"Trusted execution technology. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/tool\/intel-trusted-execution-technology.html","author":"Intel","year":"2014","unstructured":"Intel. Trusted execution technology. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/tool\/intel-trusted-execution-technology.html, 2014."},{"key":"e_1_3_2_1_26_1","unstructured":"Intel. Multi-key total memory encryption. https:\/\/edc.intel.com\/content\/www\/us\/en\/design\/ipla\/software-development-platforms\/client\/platforms\/alder-lake-desktop\/12th-generation-intel-core-processors-datasheet-volume-1-of-2\/002\/intel-multi-key-total-memory-encryption\/ 2017."},{"key":"e_1_3_2_1_27_1","volume-title":"Intel memory protection keys (intel mpk). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-sdm.html","author":"Intel","year":"2020","unstructured":"Intel. Intel memory protection keys (intel mpk). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-sdm.html, 2020."},{"key":"e_1_3_2_1_28_1","volume-title":"Intel\u00ae64 and IA-32 Architectures Software Developer's Manual. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-sdm.html","author":"Intel","year":"2022","unstructured":"Intel. Intel\u00ae64 and IA-32 Architectures Software Developer's Manual. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-sdm.html, 2022."},{"key":"e_1_3_2_1_29_1","volume-title":"Architecture specification: Intel trust domain extensions (intel tdx) module. https:\/\/software.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/intel-tdx-module-1eas.pdf","author":"Intel","year":"2023","unstructured":"Intel. Architecture specification: Intel trust domain extensions (intel tdx) module. https:\/\/software.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/intel-tdx-module-1eas.pdf, 2023."},{"key":"e_1_3_2_1_30_1","volume-title":"Intel software guard extensions (intel sgx). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/tools\/software-guard-extensions\/overview.html","author":"Intel","year":"2023","unstructured":"Intel. Intel software guard extensions (intel sgx). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/tools\/software-guard-extensions\/overview.html, 2023."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2009.09.042"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1815961.1816010"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360074"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387532"},{"key":"e_1_3_2_1_36_1","first-page":"350","volume-title":"Program Evolution and Its Impact on Software Engineering. In Proceedings of the 2nd International Conference on Software Engineering (ISCE)","author":"Lehman M. M.","year":"1976","unstructured":"Lehman, M. M., and Parr, F. N. Program Evolution and Its Impact on Software Engineering. In Proceedings of the 2nd International Conference on Software Engineering (ISCE) (1976), pp. 350--357."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/224056.224075"},{"key":"e_1_3_2_1_38_1","first-page":"285","volume-title":"Glamdring: Automatic Application Partitioning for Intel SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC)","author":"Lind J.","year":"2017","unstructured":"Lind, J., Priebe, C., Muthukumaran, D., O'Keeffe, D., Aublin, P.-L., Kelbert, F., Reiher, T., Goltzsche, D., Eyers, D. M., Kapitza, R., Fetzer, C., and Pietzuch, P. R. Glamdring: Automatic Application Partitioning for Intel SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC) (2017), pp. 285--298."},{"key":"e_1_3_2_1_39_1","first-page":"49","volume-title":"Light-Weight Contexts: An OS Abstraction for Safety and Performance. In Proceedings of the 12th Symposium on Operating System Design and Implementation (OSDI)","author":"Litton J.","year":"2016","unstructured":"Litton, J., Vahldiek-Oberwagner, A., Elnikety, E., Garg, D., Bhattacharjee, B., and Druschel, P. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In Proceedings of the 12th Symposium on Operating System Design and Implementation (OSDI) (2016), pp. 49--64."},{"key":"e_1_3_2_1_40_1","first-page":"143","volume-title":"TrustVisor: Efficient TCB Reduction and Attestation. In IEEE Symposium on Security and Privacy","author":"McCune J. M.","year":"2010","unstructured":"McCune, J. M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V. D., and Perrig, A. TrustVisor: Efficient TCB Reduction and Attestation. In IEEE Symposium on Security and Privacy (2010), pp. 143--158."},{"key":"e_1_3_2_1_41_1","unstructured":"Montesqieu. The Spirit of Laws (De l'esprit des lois). 1748."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3341301.3359641"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_44_1","volume-title":"JavaScript Growing Pains: From 0 to 13,000 Dependencies. https:\/\/blog.appsignal.com\/2020\/05\/14\/javascript-growing-pains-from-0-to-13000-dependencies.html","author":"Nikola \u00d0uza","year":"2020","unstructured":"Nikola \u00d0uza. JavaScript Growing Pains: From 0 to 13,000 Dependencies. https:\/\/blog.appsignal.com\/2020\/05\/14\/javascript-growing-pains-from-0-to-13000-dependencies.html, 2020."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361073"},{"key":"e_1_3_2_1_46_1","volume-title":"https:\/\/github.com\/project-oak\/oak","author":"Project Oak","year":"2019","unstructured":"Project Oak. Oak (SEV). https:\/\/github.com\/project-oak\/oak, 2019."},{"key":"e_1_3_2_1_47_1","volume-title":"RISC-V SBI specification. https:\/\/github.com\/riscv-non-isa\/riscv-sbi-doc","author":"Foundation","year":"2023","unstructured":"RISC-V Foundation. RISC-V SBI specification. https:\/\/github.com\/riscv-non-isa\/riscv-sbi-doc, 2023."},{"key":"e_1_3_2_1_48_1","volume-title":"The rustonomicon - meet safe and unsafe. https:\/\/doc.rust-lang.org\/nomicon\/meet-safe-and-unsafe.html","author":"Rust Foundation","year":"2023","unstructured":"Rust Foundation. The rustonomicon - meet safe and unsafe. https:\/\/doc.rust-lang.org\/nomicon\/meet-safe-and-unsafe.html, 2023."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133373.1133393"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/358198.358210"},{"key":"e_1_3_2_1_51_1","volume-title":"Trusted Platform Module (TPM) - ISO\/IEC 11889. https:\/\/www.iso.org\/standard\/66510.html","author":"Trusted Computing Group","year":"2015","unstructured":"Trusted Computing Group. Trusted Platform Module (TPM) - ISO\/IEC 11889. https:\/\/www.iso.org\/standard\/66510.html, 2015."},{"key":"e_1_3_2_1_52_1","first-page":"5","volume":"38","author":"Uhlig R.","year":"2005","unstructured":"Uhlig, R., Neiger, G., Rodgers, D., Santoni, A. L., Martins, F. C. M., Anderson, A. V., Bennett, S. M., K\u00e4gi, A., Leung, F. H., and Smith, L. Intel Virtualization Technology. Computer 38, 5 (2005), 48--56.","journal-title":"Intel Virtualization Technology. Computer"},{"key":"e_1_3_2_1_53_1","first-page":"1221","volume-title":"Proceedings of the 28th USENIX Security Symposium","author":"Vahldiek-Oberwagner A.","year":"2019","unstructured":"Vahldiek-Oberwagner, A., Elnikety, E., Duarte, N. O., Sammler, M., Druschel, P., and Garg, D. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In Proceedings of the 28th USENIX Security Symposium (2019), pp. 1221--1238."},{"key":"e_1_3_2_1_54_1","volume-title":"EuroS&P-8th IEEE European Symposium on Security and Privacy","author":"Van Strydonck T.","year":"2023","unstructured":"Van Strydonck, T., Noorman, J., Jackson, J., Dias, L., Vanderstraeten, R., Oswald, D., Piessens, F., and Devriese, D. Cheritree: Flexible enclaves on capability machines. In EuroS&P-8th IEEE European Symposium on Security and Privacy (2023), IEEE."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2678373.2665741"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2014.6853201"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043576"},{"key":"e_1_3_2_1_58_1","volume-title":"Proceedings of the 17th Symposium on Operating System Design and Implementation (OSDI)","author":"Zhou Z.","year":"2023","unstructured":"Zhou, Z., Shan, Y., Cui, W., Ge, X., Peinado, M., and Baumann, A. Core slicing: closing the gap between leaky confidential VMs and bare-metal cloud. In Proceedings of the 17th Symposium on Operating System Design and Implementation (OSDI) (2023)."}],"event":{"name":"HotOS '23: 19th Workshop on Hot Topics in Operating Systems","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"],"location":"Providence RI USA","acronym":"HOTOS '23"},"container-title":["Proceedings of the 19th Workshop on Hot Topics in Operating Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3593856.3595900","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3593856.3595900","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:47:50Z","timestamp":1750178870000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3593856.3595900"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,22]]},"references-count":58,"alternative-id":["10.1145\/3593856.3595900","10.1145\/3593856"],"URL":"https:\/\/doi.org\/10.1145\/3593856.3595900","relation":{},"subject":[],"published":{"date-parts":[[2023,6,22]]},"assertion":[{"value":"2023-06-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}