{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T15:33:54Z","timestamp":1772724834421,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,30]],"date-time":"2023-10-30T00:00:00Z","timestamp":1698624000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,30]]},"DOI":"10.1145\/3620678.3624659","type":"proceedings-article","created":{"date-parts":[[2023,10,31]],"date-time":"2023-10-31T13:58:07Z","timestamp":1698760687000},"page":"249-264","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Building GPU TEEs using CPU Secure Enclaves with GEVisor"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0975-5624","authenticated-orcid":false,"given":"Xiaolong","family":"Wu","sequence":"first","affiliation":[{"name":"Purdue University"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7506-9593","authenticated-orcid":false,"given":"Dave Jing","family":"Tian","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0985-8439","authenticated-orcid":false,"given":"Chung Hwan","family":"Kim","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas"}]}],"member":"320","published-online":{"date-parts":[[2023,10,31]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2010. Intel Inc. Intel trusted execution technology. www.intel.com\/technology\/security\/"},{"key":"e_1_3_2_1_2_1","unstructured":"2012. Nouveau Open-Source Driver. http:\/\/nouveau.freedesktop.org\/"},{"key":"e_1_3_2_1_3_1","unstructured":"2020. Bareflank Hypervisor SDK. http:\/\/bareflank.github.io\/hypervisor\/"},{"key":"e_1_3_2_1_4_1","unstructured":"2021. A deep dive into cma. https:\/\/lwn.net\/Articles\/486301\/."},{"key":"e_1_3_2_1_5_1","unstructured":"2022. Microsoft confidential cloud using Nvidia GPUs. https:\/\/www.microsoft.com\/en-us\/research\/blog\/powering-the-next-generation-of-trustworthy-ai-in-a-confidential-cloud-using-nvidia-gpus\/"},{"key":"e_1_3_2_1_6_1","unstructured":"2022. NVIDIA H100 Tensor Core GPU Architecture. https:\/\/resources.nvidia.com\/en-us-tensor-core"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1168918.1168860"},{"key":"e_1_3_2_1_8_1","volume-title":"A Practical Guide to TPM 2.0","author":"Arthur Will","unstructured":"Will Arthur, David Challener, and Kenneth Goldman. 2015. Platform security technologies that use TPM 2.0. In A Practical Guide to TPM 2.0. Springer, 331--348."},{"key":"e_1_3_2_1_9_1","volume-title":"Xen and the art of virtualization. ACM SIGOPS operating systems review 37, 5","author":"Barham Paul","year":"2003","unstructured":"Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the art of virtualization. ACM SIGOPS operating systems review 37, 5 (2003), 164--177."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1017\/S0960129511000193"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2384616.2384625"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1281500.1281647"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/IISWC.2009.5306797"},{"key":"e_1_3_2_1_15_1","volume-title":"Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17)","author":"Tsai Chia","year":"2017","unstructured":"Chia che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17). USENIX Association, Santa Clara, CA, 645--658. https:\/\/www.usenix.org\/conference\/atc17\/technical-sessions\/presentation\/tsai"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1353535.1346284"},{"key":"e_1_3_2_1_17_1","volume-title":"Intel TDX Demystified: A Top-Down Approach. arXiv preprint arXiv:2303.15540","author":"Cheng Pau-Chen","year":"2023","unstructured":"Pau-Chen Cheng, Wojciech Ozga, Enriquillo Valdez, Salman Ahmed, Zhongshu Gu, Hani Jamjoom, Hubertus Franke, and James Bottomley. 2023. Intel TDX Demystified: A Top-Down Approach. arXiv preprint arXiv:2303.15540 (2023)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24730-2_15"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2654822.2541986"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560627"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132782"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.1982.10014"},{"key":"e_1_3_2_1_23_1","volume-title":"12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16)","author":"Gu Ronghui","year":"2016","unstructured":"Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan Newman Wu, Jieung Kim, Vilhelm Sj\u00f6berg, and David Costanzo. 2016. {CertiKOS}: An Extensible Architecture for Building Certified Concurrent {OS} Kernels. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). 653--669."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920300"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451146"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485497"},{"key":"e_1_3_2_1_27_1","volume-title":"Heterogeneous Isolated Execution for Commodity GPUs. In 24th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS","author":"Jang Insu","year":"2019","unstructured":"Insu Jang, Adrian Tang, Taehoon Kim, Simha Sethumadhavan, and Jaehyuk Huh. 2019. Heterogeneous Isolated Execution for Commodity GPUs. In 24th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2019). ACM, Providence, RI, 455--468. http:\/\/doi.acm.org\/10.1145\/3297858.3304021"},{"key":"e_1_3_2_1_28_1","volume-title":"Gdev: First-Class GPU Resource Management in the Operating System. In Presented as part of the 2012 USENIX Annual Technical Conference (USENIX ATC 12)","author":"Kato Shinpei","year":"2012","unstructured":"Shinpei Kato, Michael McThrow, Carlos Maltzahn, and Scott Brandt. 2012. Gdev: First-Class GPU Resource Management in the Operating System. In Presented as part of the 2012 USENIX Annual Technical Conference (USENIX ATC 12). USENIX, Boston, MA, 401--412. https:\/\/www.usenix.org\/conference\/atc12\/technical-sessions\/presentation\/kato"},{"key":"e_1_3_2_1_29_1","volume-title":"Vessels: Efficient and Scalable Deep Learning Prediction on Trusted Processors. In 11th ACM Symposium on Cloud Computing (SoCC '20)","author":"Kim Kyungtae","year":"2020","unstructured":"Kyungtae Kim, Chung Hwan Kim, Junghwan \"John\" Rhee, Xiao Yu, Haifeng Chen, Dave (Jing) Tian, and Byoungyoung Lee. 2020. Vessels: Efficient and Scalable Deep Learning Prediction on Trusted Processors. In 11th ACM Symposium on Cloud Computing (SoCC '20)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2560537"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2980024.2872372"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.9"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/1939141.1939161"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451148"},{"key":"e_1_3_2_1_35_1","unstructured":"Richard Maliszewski Ning Sun Shane Wang Jimmy Wei and Ren Qiaowei. 2015. Trusted boot (tboot)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.17"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium. 1695--1712","author":"Mi Zeyu","year":"2020","unstructured":"Zeyu Mi, Dingji Li, Haibo Chen, Binyu Zang, and Haibing Guan. 2020. (Mostly) Exitless VM protection from untrusted hypervisor through disaggregated nested virtualization. In Proceedings of the 29th USENIX Conference on Security Symposium. 1695--1712."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1535\/itj.1003.01"},{"key":"e_1_3_2_1_40_1","unstructured":"Cong Nie. 2007. Dynamic root of trust in trusted computing. In TKK T1105290 Seminar on Network Security. Citeseer."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2801153"},{"key":"e_1_3_2_1_42_1","volume-title":"SCONE: Secure Linux Containers with Intel SGX. USENIX.","author":"Pietzuch PR","year":"2016","unstructured":"PR Pietzuch, S Arnautov, B Trach, F Gregor, T Knauth, A Martin, C Priebe, J Lind, D Muthukumaran, D O'Keeffe, et al. 2016. SCONE: Secure Linux Containers with Intel SGX. USENIX."},{"key":"e_1_3_2_1_43_1","unstructured":"Joseph Redmon. 2013--2016. Darknet: Open Source Neural Networks in C. http:\/\/pjreddie.com\/darknet\/."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Olga Russakovsky Jia Deng Hao Su Jonathan Krause Sanjeev Satheesh Sean Ma Zhiheng Huang Andrej Karpathy Aditya Khosla Michael Bernstein et al. 2015. Imagenet large scale visual recognition challenge. International journal of computer vision 115 3 (2015) 211--252.","DOI":"10.1007\/s11263-015-0816-y"},{"key":"e_1_3_2_1_45_1","volume-title":"White Paper","author":"Sev-Snp AMD","year":"2020","unstructured":"AMD Sev-Snp. 2020. Strengthening VM isolation with integrity protection and more. White Paper, January (2020), 8."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1508293.1508311"},{"key":"e_1_3_2_1_47_1","unstructured":"T. Simonite. 2016. Intel puts the brakes on Moore's Law. https:\/\/www.technologyreview.com\/s\/601102\/."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/UIC-ATC.2009.44"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2015.2506582"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.36"},{"key":"e_1_3_2_1_51_1","volume-title":"Graviton: Trusted Execution Environments on GPUs. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI","author":"Volos Stavros","year":"2018","unstructured":"Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted Execution Environments on GPUs. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2018). USENIX Association, Carlsbad, CA, 681--696. https:\/\/www.usenix.org\/conference\/osdi18\/presentation\/volos"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346267"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043576"},{"key":"e_1_3_2_1_54_1","volume-title":"USENIX Security Symposium","volume":"20","author":"Zhang Kehuan","year":"2009","unstructured":"Kehuan Zhang and XiaoFeng Wang. 2009. Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems.. In USENIX Security Symposium, Vol. 20. 23."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.42"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00054"}],"event":{"name":"SoCC '23: ACM Symposium on Cloud Computing","location":"Santa Cruz CA USA","acronym":"SoCC '23","sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 2023 ACM Symposium on Cloud Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3620678.3624659","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3620678.3624659","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T15:52:52Z","timestamp":1755877972000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3620678.3624659"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,30]]},"references-count":56,"alternative-id":["10.1145\/3620678.3624659","10.1145\/3620678"],"URL":"https:\/\/doi.org\/10.1145\/3620678.3624659","relation":{},"subject":[],"published":{"date-parts":[[2023,10,30]]},"assertion":[{"value":"2023-10-31","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}