{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T03:46:10Z","timestamp":1776743170959,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,27]],"date-time":"2024-04-27T00:00:00Z","timestamp":1714176000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,27]]},"DOI":"10.1145\/3620665.3640424","type":"proceedings-article","created":{"date-parts":[[2024,4,22]],"date-time":"2024-04-22T14:18:06Z","timestamp":1713795486000},"page":"1045-1060","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["SEVeriFast: Minimizing the root of trust for fast startup of SEV microVMs"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-1250-0835","authenticated-orcid":false,"given":"Benjamin","family":"Holmes","sequence":"first","affiliation":[{"name":"Massachusetts Institute of Technology, Cambridge, MA, United States of America"},{"name":"Vassar College, Poughkeepsie, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2891-3173","authenticated-orcid":false,"given":"Jason","family":"Waterman","sequence":"additional","affiliation":[{"name":"Vassar College, Poughkeepsie, NY, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1537-0525","authenticated-orcid":false,"given":"Dan","family":"Williams","sequence":"additional","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,4,27]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AMD SEV-SNP: Strengthening VM Isolation with Integrity Protection and More. https:\/\/www.amd.com\/system\/files\/TechDocs\/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf. (Accessed on 2022-15-11)."},{"key":"e_1_3_2_1_2_1","unstructured":"Docker. http:\/\/docs.docker.io\/en\/latest\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Intel\u00ae Trust Domain extensions. https:\/\/www.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/tdx-whitepaper-v4.pdf."},{"key":"e_1_3_2_1_4_1","unstructured":"Penglai enclave. https:\/\/github.com\/Penglai-Enclave."},{"key":"e_1_3_2_1_5_1","unstructured":"Protecting VM Register State with SEV-ES. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-business-docs\/white-papers\/Protecting-VM-Register-State-with-SEV-ES.pdf. (Accessed on 2022-15-11)."},{"key":"e_1_3_2_1_6_1","unstructured":"SEV Secure Nested Paging Firmware ABI Specification. https:\/\/www.amd.com\/system\/files\/TechDocs\/56860.pdf. (Accessed on 2022-15-11)."},{"key":"e_1_3_2_1_7_1","volume-title":"USENIX Symposium on Networked Systems Design and Implementation","author":"Agache Alexandru","year":"2020","unstructured":"Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. Firecracker: Lightweight virtualization for serverless applications. In USENIX Symposium on Networked Systems Design and Implementation, Santa Clara, CA, February 2020."},{"key":"e_1_3_2_1_8_1","volume-title":"Volker Hilt. SAND: Towards High-Performance Serverless Computing. In 2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Akkus Istemi Ekin","year":"2018","unstructured":"Istemi Ekin Akkus, Ruichuan Chen, Ivica Rimac, Manuel Stein, Klaus Satzke, Andre Beck, Paarijaat Aditya, and Volker Hilt. SAND: Towards High-Performance Serverless Computing. In 2018 USENIX Annual Technical Conference (USENIX ATC 18), Boston, MA, July 2018. USENIX Association."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Amazon Web Services. Aws lambda. https:\/\/aws.amazon.com\/lambda\/. Accessed on 2022-12-05.","DOI":"10.1002\/nba.31230"},{"key":"e_1_3_2_1_10_1","volume-title":"Dec","author":"Advanced Micro","year":"2022","unstructured":"Advanced Micro Devices (AMD). AMD secure encrypted virtualization (SEV). https:\/\/developer.amd.com\/sev\/, Dec 2022."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3524270"},{"key":"e_1_3_2_1_12_1","first-page":"689","volume-title":"Christof Fetzer. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI'16","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L. Stillwell, David Goltzsche, David Eyers, R\u00fcdiger Kapitza, Peter Pietzuch, and Christof Fetzer. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI'16, page 689--703, USA, 2016. USENIX Association."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/2685048.2685070"},{"key":"e_1_3_2_1_14_1","volume-title":"R\u00fcdiger Kapitza. SecureKeeper: Confidential ZooKeeper Using Intel SGX. In Proceedings of the 17th International Middleware Conference, Middleware '16","author":"Brenner Stefan","year":"2016","unstructured":"Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and R\u00fcdiger Kapitza. SecureKeeper: Confidential ZooKeeper Using Intel SGX. In Proceedings of the 17th International Middleware Conference, Middleware '16, New York, NY, USA, 2016. Association for Computing Machinery."},{"key":"e_1_3_2_1_15_1","first-page":"315","volume-title":"2023 USENIX Annual Technical Conference (USENIX ATC 23)","author":"Brooker Marc","year":"2023","unstructured":"Marc Brooker, Mike Danilov, Chris Greenwood, and Phil Piwonka. On-demand container loading in AWS lambda. In 2023 USENIX Annual Technical Conference (USENIX ATC 23), pages 315--328, Boston, MA, July 2023. USENIX Association."},{"key":"e_1_3_2_1_16_1","first-page":"315","volume-title":"Phil Piwonka. On-demand Container Loading in AWS Lambda. In 2023 USENIX Annual Technical Conference (USENIX ATC 23)","author":"Brooker Marc","year":"2023","unstructured":"Marc Brooker, Mike Danilov, Chris Greenwood, and Phil Piwonka. On-demand Container Loading in AWS Lambda. In 2023 USENIX Annual Technical Conference (USENIX ATC 23), pages 315--328, Boston, MA, July 2023. USENIX Association."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3392698"},{"key":"e_1_3_2_1_18_1","unstructured":"Linux Containers. https:\/\/linuxcontainers.org\/."},{"key":"e_1_3_2_1_19_1","volume-title":"Ion Stoica. Oblivious Coopetitive Analytics Using Hardware Enclaves. In Proceedings of the Fifteenth European Conference on Computer Systems, EuroSys '20","author":"Dave Ankur","year":"2020","unstructured":"Ankur Dave, Chester Leung, Raluca Ada Popa, Joseph E. Gonzalez, and Ion Stoica. Oblivious Coopetitive Analytics Using Hardware Enclaves. In Proceedings of the Fifteenth European Conference on Computer Systems, EuroSys '20, New York, NY, USA, 2020. Association for Computing Machinery."},{"key":"e_1_3_2_1_20_1","first-page":"467","volume-title":"Haibo Chen. Catalyzer: Sub-Millisecond Startup for Serverless Computing with Initialization-Less Booting. ASPLOS '20","author":"Du Dong","year":"2020","unstructured":"Dong Du, Tianyi Yu, Yubin Xia, Binyu Zang, Guanglu Yan, Chenggang Qin, Qixuan Wu, and Haibo Chen. Catalyzer: Sub-Millisecond Startup for Serverless Computing with Initialization-Less Booting. ASPLOS '20, page 467--481, 2020."},{"key":"e_1_3_2_1_21_1","first-page":"275","volume-title":"Xueqiang Jiang. Scalable Memory Protection in the PENGLAI Enclave. In 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Feng Erhu","year":"2021","unstructured":"Erhu Feng, Xu Lu, Dong Du, Bicheng Yang, and Xueqiang Jiang. Scalable Memory Protection in the PENGLAI Enclave. In 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 275--294. USENIX Association, July 2021."},{"key":"e_1_3_2_1_22_1","volume-title":"Apache openwhisk: Open source server-less cloud platform","author":"Foundation Apache Software","unstructured":"Apache Software Foundation. Apache openwhisk: Open source server-less cloud platform. http:\/\/openwhisk.apache.org\/. Accessed on 2021-01-04."},{"key":"e_1_3_2_1_23_1","first-page":"3129","volume-title":"Haibo Chen. A Hardware-Software Co-design for Efficient Intra-Enclave Isolation. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Gu Jinyu","year":"2022","unstructured":"Jinyu Gu, Bojun Zhu, Mingyu Li, Wentai Li, Yubin Xia, and Haibo Chen. A Hardware-Software Co-design for Efficient Intra-Enclave Isolation. In 31st USENIX Security Symposium (USENIX Security 22), pages 3129--3145, Boston, MA, August 2022. USENIX Association."},{"key":"e_1_3_2_1_24_1","volume-title":"Dan Williams. KASLR in the Age of MicroVMs. In Proceedings of the Seventeenth European Conference on Computer Systems","author":"Holmes Benjamin","year":"2022","unstructured":"Benjamin Holmes, Jason Waterman, and Dan Williams. KASLR in the Age of MicroVMs. In Proceedings of the Seventeenth European Conference on Computer Systems, 2022."},{"key":"e_1_3_2_1_25_1","unstructured":"The International Business Machines Corporation (IBM). IBM Cloud Functions. https:\/\/www.ibm.com\/cloud\/functions. Accessed on 2021-01-04."},{"key":"e_1_3_2_1_26_1","unstructured":"Intel. Intel\u00ae Software Guard extensions (Intel\u00ae SGX). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/videos\/intel-software-guard-extensions-sgx.html?wapkw=intel+sgx."},{"key":"e_1_3_2_1_27_1","unstructured":"Intel Cloud Hypervisor. https:\/\/www.cloudhypervisor.org\/. (Accessed on 2023-01-10)."},{"key":"e_1_3_2_1_28_1","unstructured":"Intel NEMU: Modern Hypervisor for the Cloud. https:\/\/github.com\/intel\/nemu."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3620678.3624783"},{"key":"e_1_3_2_1_30_1","unstructured":"Kata Containers: The speed of containers the security of VMs. https:\/\/katacontainers.io\/. Accessed on 2022-01-04."},{"key":"e_1_3_2_1_31_1","volume-title":"Sibin Mohan. A Linux in Unikernel Clothing. In Proceedings of the Fifteenth European Conference on Computer Systems","author":"Kuo Hsuan-Chi","year":"2020","unstructured":"Hsuan-Chi Kuo, Dan Williams, Ricardo Koller, and Sibin Mohan. A Linux in Unikernel Clothing. In Proceedings of the Fifteenth European Conference on Computer Systems, Heraklion, Greece, April 2020."},{"key":"e_1_3_2_1_32_1","first-page":"306","volume-title":"Haibo Chen. Confidential Serverless Made Efficient with Plug-In Enclaves. In 2021 ACM\/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)","author":"Li Mingyu","year":"2021","unstructured":"Mingyu Li, Yubin Xia, and Haibo Chen. Confidential Serverless Made Efficient with Plug-In Enclaves. In 2021 ACM\/IEEE 48th Annual International Symposium on Computer Architecture (ISCA), pages 306--318, 2021."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132763"},{"key":"e_1_3_2_1_34_1","unstructured":"Microsoft. Azure Functions Serverless Compute. https:\/\/azure.microsoft.com\/en-us\/services\/functions\/. Accessed on 2021-01-04."},{"key":"e_1_3_2_1_35_1","first-page":"423","volume-title":"Mao and Marty Humphrey. A Performance Study on the VM Startup Time in the Cloud. In 2012 IEEE Fifth International Conference on Cloud Computing","author":"Ming","year":"2012","unstructured":"Ming Mao and Marty Humphrey. A Performance Study on the VM Startup Time in the Cloud. In 2012 IEEE Fifth International Conference on Cloud Computing, pages 423--430, 2012."},{"key":"e_1_3_2_1_36_1","unstructured":"Dov Murik and Hubertus Franke. Securing Linux VM boot with AMD SEV measurement. https:\/\/kvmforum2021.sched.com\/event\/ke4h\/securing-linux-vm-boot-with-amd-sev-measurement-dov-murik-hubertus-franke-ibm-research."},{"key":"e_1_3_2_1_37_1","first-page":"57","volume-title":"Proceedings of the 2018 USENIX Conference on Usenix Annual Technical Conference, USENIX ATC '18","author":"Oakes Edward","year":"2018","unstructured":"Edward Oakes, Leon Yang, Dennis Zhou, Kevin Houck, Tyler Harter, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. SOCK: Rapid Task Provisioning with Serverless-Optimized Containers. In Proceedings of the 2018 USENIX Conference on Usenix Annual Technical Conference, USENIX ATC '18, page 57--69, USA, 2018. USENIX Association."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3524272"},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference, USENIX ATC'20, USA","author":"Shahrad Mohammad","year":"2020","unstructured":"Mohammad Shahrad, Rodrigo Fonseca, \u00cd nigo Goiri, Gohar Chaudhry, Paul Batum, Jason Cooke, Eduardo Laureano, Colby Tresness, Mark Russinovich, and Ricardo Bianchini. Serverless in the Wild: Characterizing and Optimizing the Serverless Workload at a Large Cloud Provider. In Proceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference, USENIX ATC'20, USA, 2020. USENIX Association."},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference, USENIX ATC'20","author":"Shillaker Simon","year":"2020","unstructured":"Simon Shillaker and Peter Pietzuch. FAASM: Lightweight Isolation for Efficient Stateful Serverless Computing. In Proceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference, USENIX ATC'20, USA, 2020. USENIX Association."},{"key":"e_1_3_2_1_41_1","first-page":"645","volume-title":"Mona Vij. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of the 2017 USENIX Conference on Usenix Annual Technical Conference, USENIX ATC '17","author":"Tsai Chia-Che","year":"2017","unstructured":"Chia-Che Tsai, Donald E. Porter, and Mona Vij. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of the 2017 USENIX Conference on Usenix Annual Technical Conference, USENIX ATC '17, page 645--658, USA, 2017. USENIX Association."},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium, SEC'20, USA","author":"Tsai Chia-Che","year":"2020","unstructured":"Chia-Che Tsai, Jeongseok Son, Bhushan Jain, John McAvey, Raluca Ada Popa, and Donald E. Porter. Civet: An Efficient Java Partitioning Framework for Hardware Enclaves. In Proceedings of the 29th USENIX Conference on Security Symposium, SEC'20, USA, 2020. USENIX Association."},{"key":"e_1_3_2_1_43_1","unstructured":"Unified Extensible Firmware Interface. https:\/\/uefi.org\/sites\/default\/files\/resources\/PI_Spec_1_6.pdf."},{"key":"e_1_3_2_1_44_1","first-page":"559","volume-title":"Optimization of Serverless Function Snapshots. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '21","author":"Ustiugov Dmitrii","year":"2021","unstructured":"Dmitrii Ustiugov, Plamen Petrov, Marios Kogias, Edouard Bugnion, and Boris Grot. Benchmarking, Analysis, and Optimization of Serverless Function Snapshots. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '21, page 559--572, New York, NY, USA, 2021. Association for Computing Machinery."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.5555\/3277355.3277369"},{"key":"e_1_3_2_1_46_1","volume-title":"Proceedings of the 5th International Workshop on Hardware and Architectural Support for Security and Privacy (HASP'16)","author":"Xing Bin","year":"2016","unstructured":"Bin (Cedric) Xing, Mark Shanahan, and Rebekah Leslie-Hurd. Intel\u00ae Software Guard Extensions (Intel\u00ae SGX) Software Support for Dynamic Memory Allocation inside an Enclave. In Proceedings of the 5th International Workshop on Hardware and Architectural Support for Security and Privacy (HASP'16). Association for Computing Machinery, 2016."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483580"}],"event":{"name":"ASPLOS '24: 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2","location":"La Jolla CA USA","acronym":"ASPLOS '24","sponsor":["SIGARCH ACM Special Interest Group on Computer Architecture","SIGOPS ACM Special Interest Group on Operating Systems","SIGPLAN ACM Special Interest Group on Programming Languages","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3620665.3640424","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3620665.3640424","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:03:42Z","timestamp":1750291422000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3620665.3640424"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,27]]},"references-count":47,"alternative-id":["10.1145\/3620665.3640424","10.1145\/3620665"],"URL":"https:\/\/doi.org\/10.1145\/3620665.3640424","relation":{},"subject":[],"published":{"date-parts":[[2024,4,27]]},"assertion":[{"value":"2024-04-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}