{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T10:37:36Z","timestamp":1779359856232,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":89,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,27]],"date-time":"2024-04-27T00:00:00Z","timestamp":1714176000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"the National Key R&D Program of China","award":["2023YFB4502200"],"award-info":[{"award-number":["2023YFB4502200"]}]},{"name":"the NSF of China","award":["U22A2028"],"award-info":[{"award-number":["U22A2028"]}]},{"name":"the NSF of China","award":["61925208"],"award-info":[{"award-number":["61925208"]}]},{"name":"the NSF of China","award":["62222214"],"award-info":[{"award-number":["62222214"]}]},{"name":"the NSF of China","award":["62341411"],"award-info":[{"award-number":["62341411"]}]},{"name":"the NSF of China","award":["62302478"],"award-info":[{"award-number":["62302478"]}]},{"name":"the NSF of China","award":["62372436"],"award-info":[{"award-number":["62372436"]}]},{"name":"the NSF of China","award":["62302482"],"award-info":[{"award-number":["62302482"]}]},{"name":"the NSF of China","award":["62102398"],"award-info":[{"award-number":["62102398"]}]},{"name":"the NSF of China","award":["62102399"],"award-info":[{"award-number":["62102399"]}]},{"name":"the NSF of China","award":["U20A20227"],"award-info":[{"award-number":["U20A20227"]}]},{"name":"the NSF of China","award":["62302483"],"award-info":[{"award-number":["62302483"]}]},{"name":"the NSF of China","award":["62302480"],"award-info":[{"award-number":["62302480"]}]},{"name":"Strategic Priority Research Program of the Chinese Academy of Sciences","award":["XDB0660300"],"award-info":[{"award-number":["XDB0660300"]}]},{"name":"Strategic Priority Research Program of the Chinese Academy of Sciences","award":["XDB0660301"],"award-info":[{"award-number":["XDB0660301"]}]},{"name":"Strategic Priority Research Program of the Chinese Academy of Sciences","award":["XDB0660302"],"award-info":[{"award-number":["XDB0660302"]}]},{"name":"CAS Project for Young Scientists in Basic Research","award":["YSBR-029"],"award-info":[{"award-number":["YSBR-029"]}]},{"name":"Youth Innovation Promotion Association CAS"},{"name":"Xplore Prize"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,27]]},"DOI":"10.1145\/3622781.3674168","type":"proceedings-article","created":{"date-parts":[[2025,4,10]],"date-time":"2025-04-10T15:31:01Z","timestamp":1744299061000},"page":"282-297","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["TensorTEE: Unifying Heterogeneous TEE Granularity for Efficient Secure Collaborative Tensor Computing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0873-3471","authenticated-orcid":false,"given":"Husheng","family":"Han","sequence":"first","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"},{"name":"University of Chinese Academy of Sciences, Beijing, China"},{"name":"Cambricon Technologies, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-7727-440X","authenticated-orcid":false,"given":"Xinyao","family":"Zheng","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"},{"name":"University of Chinese Academy of Sciences, Beijing, China"},{"name":"Cambricon Technologies, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7775-2724","authenticated-orcid":false,"given":"Yuanbo","family":"Wen","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-9823-2573","authenticated-orcid":false,"given":"Yifan","family":"Hao","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-5957-3024","authenticated-orcid":false,"given":"Erhu","family":"Feng","sequence":"additional","affiliation":[{"name":"IPADS, Shanghai Jiao Tong University, Shanghai, China"},{"name":"Engineering Research Center for Domain-specific Operating Systems (MoE), Shanghai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8534-6494","authenticated-orcid":false,"given":"Ling","family":"Liang","sequence":"additional","affiliation":[{"name":"Peking university, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8513-0792","authenticated-orcid":false,"given":"Jianan","family":"Mu","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"},{"name":"University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7748-7967","authenticated-orcid":false,"given":"Xiaqing","family":"Li","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4204-0686","authenticated-orcid":false,"given":"Tianyun","family":"Ma","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"},{"name":"Cambricon Technologies, Beijing, China"},{"name":"University of Science and Technology of China, Hefei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8267-9824","authenticated-orcid":false,"given":"Pengwei","family":"Jin","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"},{"name":"University of Chinese Academy of Sciences, Beijing, China"},{"name":"Cambricon Technologies, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3458-1555","authenticated-orcid":false,"given":"Xinkai","family":"Song","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7603-4210","authenticated-orcid":false,"given":"Zidong","family":"Du","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"},{"name":"Shanghai Innovation Center for Processor Technologies, SHIC, Shanghai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2530-5874","authenticated-orcid":false,"given":"Qi","family":"Guo","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9979-0561","authenticated-orcid":false,"given":"Xing","family":"Hu","sequence":"additional","affiliation":[{"name":"SKLP, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"},{"name":"ZGC LAB, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,4,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/developer.amd.com\/sev\/","author":"Amd","year":"2019","unstructured":"Amd secure encrypted virtualization (sev) - amd. https:\/\/developer.amd.com\/sev\/, 2019."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","first-page":"543","DOI":"10.1109\/HPCA56546.2023.10071100","volume-title":"2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)","author":"Abdullah Rahaf","year":"2023","unstructured":"Rahaf Abdullah, Huiyang Zhou, and Amro Awad. Plutus: Bandwidth-efficient memory security for gpus. In 2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA), pages 543--555. IEEE, 2023."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","first-page":"392","DOI":"10.1109\/EuroSP57164.2023.00031","volume-title":"2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)","author":"Akimoto Yoshimasa","year":"2023","unstructured":"Yoshimasa Akimoto, Kazuto Fukuchi, Youhei Akimoto, and Jun Sakuma. Privformer: Privacy-preserving transformer with mpc. In 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), pages 392--410. IEEE, 2023."},{"key":"e_1_3_2_1_4_1","volume-title":"2023 56th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO). IEEE","author":"Alam Faiz","year":"2023","unstructured":"Faiz Alam, Hyokeun Lee, Abhishek Bhattacharjee, and Amro Awad. Cryptommu: Enabling scalable and secure access control of third-party accelerators. In 2023 56th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO). IEEE, 2023."},{"key":"e_1_3_2_1_5_1","unstructured":"AMD. Amd instinct mi300 series accelerators. www.amd.com\/en\/products\/accelerators\/instinct\/mi300\/mi300a.html."},{"key":"e_1_3_2_1_6_1","volume-title":"whilte paper","author":"ARM.","year":"2021","unstructured":"ARM. Arm cca security model 1.0. whilte paper, 2021."},{"key":"e_1_3_2_1_7_1","volume-title":"Cacti 7: New tools for interconnect exploration in innovative off-chip memories. ACM Transactions on Architecture and Code Optimization (TACO), 14(2):1--25","author":"Balasubramonian Rajeev","year":"2017","unstructured":"Rajeev Balasubramonian, Andrew B Kahng, Naveen Muralimanohar, Ali Shafiee, and Vaishnav Srinivas. Cacti 7: New tools for interconnect exploration in innovative off-chip memories. ACM Transactions on Architecture and Code Optimization (TACO), 14(2):1--25, 2017."},{"key":"e_1_3_2_1_8_1","volume-title":"The gem5 simulator. ACM SIGARCH computer architecture news, 39(2):1--7","author":"Binkert Nathan","year":"2011","unstructured":"Nathan Binkert, Bradford Beckmann, Gabriel Black, Steven K Reinhardt, Ali Saidi, Arkaprava Basu, Joel Hestness, Derek R Hower, Tushar Krishna, Somayeh Sardashti, et al. The gem5 simulator. ACM SIGARCH computer architecture news, 39(2):1--7, 2011."},{"key":"e_1_3_2_1_9_1","volume-title":"Adversarial attacks and defences: A survey. arXiv preprint arXiv:1810.00069","author":"Chakraborty Anirban","year":"2018","unstructured":"Anirban Chakraborty, Manaar Alam, Vishal Dey, Anupam Chattopadhyay, and Debdeep Mukhopadhyay. Adversarial attacks and defences: A survey. arXiv preprint arXiv:1810.00069, 2018."},{"key":"e_1_3_2_1_10_1","unstructured":"Mingyu Chen and Yungang Bao. Hmtt: Hybrid memory trace toolkit. http:\/\/asg.ict.ac.cn\/hmtt\/ 2019."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","first-page":"185","DOI":"10.1109\/EuroSP.2019.00023","volume-title":"2019 IEEE European Symposium on Security and Privacy (EuroS&P)","author":"Cheng Raymond","year":"2019","unstructured":"Raymond Cheng, Fan Zhang, Jernej Kos, Warren He, Nicholas Hynes, Noah Johnson, Ari Juels, Andrew Miller, and Dawn Song. Ekiden: A platform for confidentiality-preserving, trustworthy, and performant smart contracts. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pages 185--200. IEEE, 2019."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","first-page":"926","DOI":"10.1109\/ISCA45697.2020.00080","volume-title":"2020 ACM\/IEEE 47th Annual International Symposium on Computer Architecture (ISCA)","author":"Choukse Esha","year":"2020","unstructured":"Esha Choukse, Michael B Sullivan, Mike O'Connor, Mattan Erez, Jeff Pool, David Nellans, and Stephen W Keckler. Buddy compression: Enabling larger memory for deep learning and hpc workloads on gpus. In 2020 ACM\/IEEE 47th Annual International Symposium on Computer Architecture (ISCA), pages 926--939. IEEE, 2020."},{"key":"e_1_3_2_1_13_1","volume-title":"Intel sgx explained. Cryptology ePrint Archive","author":"Costan Victor","year":"2016","unstructured":"Victor Costan and Srinivas Devadas. Intel sgx explained. Cryptology ePrint Archive, 2016."},{"key":"e_1_3_2_1_14_1","first-page":"801","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Das Poulami","year":"2019","unstructured":"Poulami Das, Lisa Eckey, Tommaso Frassetto, David Gens, Kristina Host\u00e1kov\u00e1, Patrick Jauernig, Sebastian Faust, and Ahmad-Reza Sadeghi. {FastKitten}: Practical smart contracts on bitcoin. In 28th USENIX Security Symposium (USENIX Security 19), pages 801--818, 2019."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","first-page":"769","DOI":"10.1145\/3548606.3560627","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","author":"Deng Yunjie","year":"2022","unstructured":"Yunjie Deng, Chenxu Wang, Shunchang Yu, Shiqing Liu, Zhenyu Ning, Kevin Leach, Jin Li, Shoumeng Yan, Zhengyu He, Jiannong Cao, et al. Strongbox: A gpu tee on arm endpoints. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pages 769--783, 2022."},{"key":"e_1_3_2_1_16_1","volume-title":"System programming.","author":"Devices A Micro","year":"2006","unstructured":"A Micro Devices. Amd64 architecture programmer's manual volume 2: System programming. 2006, 2006."},{"key":"e_1_3_2_1_17_1","volume-title":"East: Efficient and accurate secure transformer framework for inference. arXiv preprint arXiv:2308.09923","author":"Ding Yuanchao","year":"2023","unstructured":"Yuanchao Ding, Hua Guo, Yewei Guan, Weixin Liu, Jiarong Huo, Zhenyu Guan, and Xiyong Zhang. East: Efficient and accurate secure transformer framework for inference. arXiv preprint arXiv:2308.09923, 2023."},{"key":"e_1_3_2_1_18_1","volume-title":"Puma: Secure inference of llama-7b in five minutes. arXiv preprint arXiv:2307.12533","author":"Dong Ye","year":"2023","unstructured":"Ye Dong, Wen-jie Lu, Yancheng Zheng, Haoqi Wu, Derun Zhao, Jin Tan, Zhicong Huang, Cheng Hong, Tao Wei, and Wenguang Cheng. Puma: Secure inference of llama-7b in five minutes. arXiv preprint arXiv:2307.12533, 2023."},{"key":"e_1_3_2_1_19_1","volume-title":"The algorithmic foundations of differential privacy. Foundations and Trends\u00ae in Theoretical Computer Science, 9(3--4):211--407","author":"Dwork Cynthia","year":"2014","unstructured":"Cynthia Dwork, Aaron Roth, et al. The algorithmic foundations of differential privacy. Foundations and Trends\u00ae in Theoretical Computer Science, 9(3--4):211--407, 2014."},{"key":"e_1_3_2_1_20_1","unstructured":"Ashraf Eassa Ashwin Nanjappa Jinho Suh Yiheng Zhang and Zhihan Jiang. Leading mlperf inference v3.1 results with nvidia gh200 grace hopper superchip debut. https:\/\/developer.nvidia.com\/blog\/leading-mlperf-inference-v3-1-results-gh200-grace-hopper-superchip-debut\/."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1109\/HPCA56546.2023.10071130","volume-title":"2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)","author":"Feng Erhu","year":"2023","unstructured":"Erhu Feng, Dong Du, Yubin Xia, and Haibo Chen. Efficient distributed secure memory with migratable merkle tree. In 2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA), pages 347--360. IEEE, 2023."},{"key":"e_1_3_2_1_22_1","first-page":"275","volume-title":"15th USENIX Symposium on Operating Systems Design and Implementation (OSDI 21)","author":"Feng Erhu","year":"2021","unstructured":"Erhu Feng, Xu Lu, Dong Du, Bicheng Yang, Xueqiang Jiang, Yubin Xia, Binyu Zang, and Haibo Chen. Scalable memory protection in the penglai enclave. In 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI 21), pages 275--294, 2021."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1109\/HPCA.2003.1183547","volume-title":"The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings.","author":"Gassend Blaise","year":"2003","unstructured":"Blaise Gassend, G Edward Suh, Dwaine Clarke, Marten Van Dijk, and Srinivas Devadas. Caches and hash trees for efficient memory integrity verification. In The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings., pages 295--306. IEEE, 2003."},{"key":"e_1_3_2_1_24_1","volume-title":"A memory encryption engine suitable for general purpose processors.(2016)","author":"Gueron Shay","year":"2016","unstructured":"Shay Gueron. A memory encryption engine suitable for general purpose processors.(2016), 2016."},{"issue":"6","key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1109\/MSP.2016.124","article-title":"Memory encryption for general-purpose processors","volume":"14","author":"Gueron Shay","year":"2016","unstructured":"Shay Gueron. Memory encryption for general-purpose processors. IEEE Security & Privacy, 14(6):54--62, 2016.","journal-title":"IEEE Security & Privacy"},{"key":"e_1_3_2_1_26_1","volume-title":"Sigma: Secure gpt inference with function secret sharing. Cryptology ePrint Archive","author":"Gupta Kanav","year":"2023","unstructured":"Kanav Gupta, Neha Jawalkar, Ananta Mukherjee, Nishanth Chandran, Divya Gupta, Ashish Panwar, and Rahul Sharma. Sigma: Secure gpt inference with function secret sharing. Cryptology ePrint Archive, 2023."},{"key":"e_1_3_2_1_27_1","article-title":"Realtime robust video object detection system against physical-world adversarial attacks","author":"Han Husheng","year":"2023","unstructured":"Husheng Han, Xing Hu, Yifan Hao, Kaidi Xu, Pucheng Dang, Ying Wang, Yongwei Zhao, Zidong Du, Qi Guo, Yanzhi Wang, et al. Realtime robust video object detection system against physical-world adversarial attacks. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2023.","journal-title":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems"},{"key":"e_1_3_2_1_28_1","first-page":"28169","article-title":"Scalable certified defense against adversarial patches with sparse superficial layers","volume":"34","author":"Han Husheng","year":"2021","unstructured":"Husheng Han, Kaidi Xu, Xing Hu, Xiaobing Chen, Ling Liang, Zidong Du, Qi Guo, Yanzhi Wang, and Yunji Chen. Scalecert: Scalable certified defense against adversarial patches with sparse superficial layers. Advances in Neural Information Processing Systems, 34:28169--28181, 2021.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_29_1","first-page":"15718","article-title":"Private inference on transformers","volume":"35","author":"Hao Meng","year":"2022","unstructured":"Meng Hao, Hongwei Li, Hanxiao Chen, Pengzhi Xing, Guowen Xu, and Tianwei Zhang. Iron: Private inference on transformers. Advances in Neural Information Processing Systems, 35:15718--15731, 2022.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","first-page":"875","DOI":"10.1145\/3373376.3378465","volume-title":"Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems","author":"Hildebrand Mark","year":"2020","unstructured":"Mark Hildebrand, Jawad Khan, Sanjeev Trika, Jason Lowe-Power, and Venkatesh Akella. Autotm: Automatic tensor movement in heterogeneous memory systems using integer linear programming. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 875--890, 2020."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","first-page":"1178","DOI":"10.18653\/v1\/2021.findings-emnlp.102","volume-title":"Findings of the Association for Computational Linguistics: EMNLP 2021","author":"Hoory Shlomo","year":"2021","unstructured":"Shlomo Hoory, Amir Feder, Avichai Tendler, Sofia Erell, Alon Peled-Cohen, Itay Laish, Hootan Nakhost, Uri Stemmer, Ayelet Benjamini, Avinatan Hassidim, et al. Learning and evaluating a differentially private pre-trained language model. In Findings of the Association for Computational Linguistics: EMNLP 2021, pages 1178--1189, 2021."},{"key":"e_1_3_2_1_32_1","volume-title":"Ciphergpt: Secure two-party gpt inference. Cryptology ePrint Archive","author":"Hou Xiaoyang","year":"2023","unstructured":"Xiaoyang Hou, Jian Liu, Jingyu Li, Yuhan Li, Wen-jie Lu, Cheng Hong, and Kui Ren. Ciphergpt: Secure two-party gpt inference. Cryptology ePrint Archive, 2023."},{"key":"e_1_3_2_1_33_1","first-page":"349","volume-title":"Proceedings of the 59th ACM\/IEEE Design Automation Conference","author":"Hua Weizhe","year":"2022","unstructured":"Weizhe Hua, Muhammad Umar, Zhiru Zhang, and G Edward Suh. Guardnn: secure accelerator architecture for privacy-preserving deep learning. In Proceedings of the 59th ACM\/IEEE Design Automation Conference, pages 349--354, 2022."},{"key":"e_1_3_2_1_34_1","first-page":"726","volume-title":"Proceedings of the 49th Annual International Symposium on Computer Architecture","author":"Hua Weizhe","year":"2022","unstructured":"Weizhe Hua, Muhammad Umar, Zhiru Zhang, and G Edward Suh. Mgx: Near-zero overhead memory protection for data-intensive accelerators. In Proceedings of the 49th Annual International Symposium on Computer Architecture, pages 726--741, 2022."},{"key":"e_1_3_2_1_35_1","first-page":"213","volume-title":"International Workshop on Cryptographic Hardware and Embedded Systems","author":"Huang Andrew","year":"2002","unstructured":"Andrew Huang. Keeping secrets in hardware: The microsoft xboxtm case study. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 213--227. Springer, 2002."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","first-page":"1341","DOI":"10.1145\/3373376.3378530","volume-title":"Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems","author":"Huang Chien-Chin","year":"2020","unstructured":"Chien-Chin Huang, Gu Jin, and Jinyang Li. Swapadvisor: Pushing deep learning beyond the gpu memory limit via smart swapping. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 1341--1355, 2020."},{"key":"e_1_3_2_1_37_1","volume-title":"Hmtt: A hybrid hardware\/software tracing system for bridging the dram access trace's semantic gap. ACM Transactions on Architecture and Code Optimization (TACO), 11(1):1--25","author":"Huang Yongbing","year":"2014","unstructured":"Yongbing Huang, Licheng Chen, Zehan Cui, Yuan Ruan, Yungang Bao, Mingyu Chen, and Ninghui Sun. Hmtt: A hybrid hardware\/software tracing system for bridging the dram access trace's semantic gap. ACM Transactions on Architecture and Code Optimization (TACO), 11(1):1--25, 2014."},{"key":"e_1_3_2_1_38_1","first-page":"809","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Huang Zhicong","year":"2022","unstructured":"Zhicong Huang, Wen-jie Lu, Cheng Hong, and Jiansheng Ding. Cheetah: Lean and fast secure two-party deep neural network inference. In 31st USENIX Security Symposium (USENIX Security 22), pages 809--826, 2022."},{"key":"e_1_3_2_1_39_1","first-page":"817","volume-title":"17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20)","author":"Hunt Tyler","year":"2020","unstructured":"Tyler Hunt, Zhipeng Jia, Vance Miller, Ariel Szekely, Yige Hu, Christopher J Rossbach, and Emmett Witchel. Telekine: Secure computing with cloud gpus. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20), pages 817--833, 2020."},{"key":"e_1_3_2_1_40_1","unstructured":"Intel. Intel china financial privacy computing gallery. https:\/\/www.intel.cn\/content\/www\/cn\/zh\/artificial-intelligence\/china-financial-privacy-computing-gallery.html."},{"key":"e_1_3_2_1_41_1","unstructured":"Intel. Sgx bank customer story. https:\/\/www.intel.com\/content\/www\/us\/en\/customer-spotlight\/stories\/eperi-sgx-customer-story.html."},{"key":"e_1_3_2_1_42_1","volume-title":"Intel trust domain extensions. white paper","year":"2023","unstructured":"Intel. Intel trust domain extensions. white paper, 2023."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","first-page":"455","DOI":"10.1145\/3297858.3304021","volume-title":"Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems","author":"Jang Insu","year":"2019","unstructured":"Insu Jang, Adrian Tang, Taehoon Kim, Simha Sethumadhavan, and Jaehyuk Huh. Heterogeneous isolated execution for commodity gpus. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 455--468, 2019."},{"key":"e_1_3_2_1_44_1","volume-title":"Layer-centric memory reuse and data migration for extreme-scale deep learning on many-core architectures. ACM Transactions on Architecture and Code Optimization (TACO), 15(3):1--26","author":"Jin Hai","year":"2018","unstructured":"Hai Jin, Bo Liu, Wenbin Jiang, Yang Ma, Xuanhua Shi, Bingsheng He, and Shaofeng Zhao. Layer-centric memory reuse and data migration for extreme-scale deep learning on many-core architectures. ACM Transactions on Architecture and Code Optimization (TACO), 15(3):1--26, 2018."},{"key":"e_1_3_2_1_45_1","first-page":"1","volume-title":"Proceedings of the 44th annual international symposium on computer architecture","author":"Jouppi Norman P","year":"2017","unstructured":"Norman P Jouppi, Cliff Young, Nishant Patil, David Patterson, Gaurav Agrawal, Raminder Bajwa, Sarah Bates, Suresh Bhatia, Nan Boden, Al Borchers, et al. In-datacenter performance analysis of a tensor processing unit. In Proceedings of the 44th annual international symposium on computer architecture, pages 1--12, 2017."},{"issue":"7873","key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","first-page":"583","DOI":"10.1038\/s41586-021-03819-2","article-title":"Highly accurate protein structure prediction with AlphaFold","volume":"596","author":"Jumper John","year":"2021","unstructured":"John Jumper, Richard Evans, Alexander Pritzel, Tim Green, Michael Figurnov, Olaf Ronneberger, Kathryn Tunyasuvunakool, Russ Bates, Augustin \u017d\u00eddek, Anna Potapenko, Alex Bridgland, Clemens Meyer, Simon A A Kohl, Andrew J Ballard, Andrew Cowie, Bernardino Romera-Paredes, Stanislav Nikolov, Rishub Jain, Jonas Adler, Trevor Back, Stig Petersen, David Reiman, Ellen Clancy, Michal Zielinski, Martin Steinegger, Michalina Pacholska, Tamas Berghammer, Sebastian Bodenstein, David Silver, Oriol Vinyals, Andrew W Senior, Koray Kavukcuoglu, Pushmeet Kohli, and Demis Hassabis. Highly accurate protein structure prediction with AlphaFold. Nature, 596(7873):583--589, 2021.","journal-title":"Nature"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1109\/HPCA.2018.00023","volume-title":"2018 IEEE international symposium on high performance computer architecture (HPCA)","author":"Kadam Gurunath","year":"2018","unstructured":"Gurunath Kadam, Danfeng Zhang, and Adwait Jog. Rcoal: mitigating gpu timing attack via subwarp-based randomized coalescing techniques. In 2018 IEEE international symposium on high performance computer architecture (HPCA), pages 156--167. IEEE, 2018."},{"key":"e_1_3_2_1_48_1","volume-title":"Amd memory encryption. White paper","author":"Kaplan David","year":"2021","unstructured":"David Kaplan, Jeremy Powell, and Tom Woller. Amd memory encryption. White paper, 2021."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1109\/ICCD.2018.00020","volume-title":"2018 IEEE 36th International Conference on Computer Design (ICCD)","author":"Karimi Elmira","year":"2018","unstructured":"Elmira Karimi, Zhen Hang Jiang, Yunsi Fei, and David Kaeli. A timing side-channel attack on a mobile gpu. In 2018 IEEE 36th International Conference on Computer Design (ICCD), pages 67--74. IEEE, 2018."},{"key":"e_1_3_2_1_50_1","first-page":"462","volume-title":"Proceedings of the 11th ACM Symposium on Cloud Computing","author":"Kim Kyungtae","year":"2020","unstructured":"Kyungtae Kim, Chung Hwan Kim, Junghwan\" John\" Rhee, Xiao Yu, Haifeng Chen, Dave Tian, and Byoungyoung Lee. Vessels: Efficient and scalable deep learning prediction on trusted processors. In Proceedings of the 11th ACM Symposium on Cloud Computing, pages 462--476, 2020."},{"key":"e_1_3_2_1_51_1","volume-title":"Ramulator: A fast and extensible dram simulator","author":"Kim Yoongu","year":"2015","unstructured":"Yoongu Kim, Weikun Yang, and Onur Mutlu. Ramulator: A fast and extensible dram simulator. IEEE Computer architecture letters, 15(1):45--49, 2015."},{"key":"e_1_3_2_1_52_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Lee Dayeol","year":"2020","unstructured":"Dayeol Lee, Dongha Jung, Ian T Fang, Chia-Che Tsai, and Raluca Ada Popa. An off-chip attack on hardware enclaves via the memory bus. In 29th USENIX Security Symposium (USENIX Security 20), 2020."},{"key":"e_1_3_2_1_53_1","first-page":"1","volume-title":"Proceedings of the Fifteenth European Conference on Computer Systems","author":"Lee Dayeol","year":"2020","unstructured":"Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanovi\u0107, and Dawn Song. Keystone: An open framework for architecting trusted execution environments. In Proceedings of the Fifteenth European Conference on Computer Systems, pages 1--16, 2020."},{"issue":"11","key":"e_1_3_2_1_54_1","doi-asserted-by":"crossref","first-page":"3384","DOI":"10.1109\/TC.2016.2538218","article-title":"Reducing the memory bandwidth overheads of hardware security support for multi-core processors","volume":"65","author":"Lee Junghoon","year":"2016","unstructured":"Junghoon Lee, Taehoon Kim, and Jaehyuk Huh. Reducing the memory bandwidth overheads of hardware security support for multi-core processors. IEEE Transactions on Computers, 65(11):3384--3397, 2016.","journal-title":"IEEE Transactions on Computers"},{"key":"e_1_3_2_1_55_1","first-page":"194","volume-title":"Proceedings of the 56th Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Lee Kyungmi","year":"2023","unstructured":"Kyungmi Lee, Mengjia Yan, Joel Emer, and Anantha Chandrakasan. Secureloop: Design space exploration of secure dnn accelerators. In Proceedings of the 56th Annual IEEE\/ACM International Symposium on Microarchitecture, pages 194--208, 2023."},{"key":"e_1_3_2_1_56_1","first-page":"229","volume-title":"2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA)","author":"Lee Sunho","year":"2022","unstructured":"Sunho Lee, Jungwoo Kim, Seonjin Na, Jongse Park, and Jaehyuk Huh. Tnpu: Supporting trusted execution with tree-less integrity protection for neural processing unit. In 2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA), pages 229--243. IEEE, 2022."},{"key":"e_1_3_2_1_57_1","first-page":"1","volume-title":"2016 49th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO)","author":"Lehman Tamara Silbergleit","year":"2016","unstructured":"Tamara Silbergleit Lehman, Andrew D Hilton, and Benjamin C Lee. Poisonivy: Safe speculation for secure memory. In 2016 49th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO), pages 1--13. IEEE, 2016."},{"key":"e_1_3_2_1_58_1","volume-title":"Large language models can be strong differentially private learners. arXiv preprint arXiv:2110.05679","author":"Li Xuechen","year":"2021","unstructured":"Xuechen Li, Florian Tramer, Percy Liang, and Tatsunori Hashimoto. Large language models can be strong differentially private learners. arXiv preprint arXiv:2110.05679, 2021."},{"key":"e_1_3_2_1_59_1","first-page":"29468","article-title":"Differentially private model compression","volume":"35","author":"Mireshghallah Fatemehsadat","year":"2022","unstructured":"Fatemehsadat Mireshghallah, Arturs Backurs, Huseyin A Inan, Lukas Wutschitz, and Janardhan Kulkarni. Differentially private model compression. Advances in Neural Information Processing Systems, 35:29468--29483, 2022.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_60_1","first-page":"1","volume-title":"Proceedings of the 50th Annual International Symposium on Computer Architecture","author":"Mo Jianqiao","year":"2023","unstructured":"Jianqiao Mo, Jayanth Gopinath, and Brandon Reagen. Haac: A hardware-software co-design to accelerate garbled circuits. In Proceedings of the 50th Annual International Symposium on Computer Architecture, pages 1--13, 2023."},{"key":"e_1_3_2_1_61_1","first-page":"1","volume-title":"2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA)","author":"Na Seonjin","year":"2021","unstructured":"Seonjin Na, Sunho Lee, Yeonjae Kim, Jongse Park, and Jaehyuk Huh. Common counters: Compressed encryption counters for secure gpu memory. In 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA), pages 1--13. IEEE, 2021."},{"key":"e_1_3_2_1_62_1","first-page":"2139","volume-title":"Proceedings of the 2018 ACM SIGSAC conference on computer and communications security","author":"Naghibijouybari Hoda","year":"2018","unstructured":"Hoda Naghibijouybari, Ajaya Neupane, Zhiyun Qian, and Nael Abu-Ghazaleh. Rendered insecure: Gpu side channel attacks are practical. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, pages 2139--2153, 2018."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"crossref","first-page":"891","DOI":"10.1145\/3373376.3378505","volume-title":"Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems","author":"Peng Xuan","year":"2020","unstructured":"Xuan Peng, Xuanhua Shi, Hulin Dai, Hai Jin, Weiliang Ma, Qian Xiong, Fan Yang, and Xuehai Qian. Capuchin: Tensor-based gpu memory management for deep learning. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 891--905, 2020."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"crossref","first-page":"2182","DOI":"10.18653\/v1\/2022.findings-acl.171","volume-title":"Findings of the Association for Computational Linguistics: ACL 2022","author":"Ponomareva Natalia","year":"2022","unstructured":"Natalia Ponomareva, Jasmijn Bastings, and Sergei Vassilvitskii. Training text-to-text transformers with privacy guarantees. In Findings of the Association for Computational Linguistics: ACL 2022, pages 2182--2193, 2022."},{"key":"e_1_3_2_1_65_1","volume-title":"Privacy-preserving large language models (ppllms). Available at SSRN 4512071","author":"Raeini Mohammad","year":"2023","unstructured":"Mohammad Raeini. Privacy-preserving large language models (ppllms). Available at SSRN 4512071, 2023."},{"key":"e_1_3_2_1_66_1","first-page":"1","volume-title":"SC20: International Conference for High Performance Computing, Networking, Storage and Analysis","author":"Rajbhandari Samyam","year":"2020","unstructured":"Samyam Rajbhandari, Jeff Rasley, Olatunji Ruwase, and Yuxiong He. Zero: Memory optimizations toward training trillion parameter models. In SC20: International Conference for High Performance Computing, Networking, Storage and Analysis, pages 1--16. IEEE, 2020."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"crossref","first-page":"3505","DOI":"10.1145\/3394486.3406703","volume-title":"Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining","author":"Rasley Jeff","year":"2020","unstructured":"Jeff Rasley, Samyam Rajbhandari, Olatunji Ruwase, and Yuxiong He. Deepspeed: System optimizations enable training deep learning models with over 100 billion parameters. In Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pages 3505--3506, 2020."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"crossref","first-page":"598","DOI":"10.1109\/HPCA51647.2021.00057","volume-title":"2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA)","author":"Ren Jie","year":"2021","unstructured":"Jie Ren, Jiaolin Luo, Kai Wu, Minjia Zhang, Hyeran Jeon, and Dong Li. Sentinel: Efficient tensor migration and allocation on heterogeneous memory systems for deep learning. In 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA), pages 598--611. IEEE, 2021."},{"key":"e_1_3_2_1_69_1","first-page":"551","volume-title":"2021 USENIX Annual Technical Conference (USENIX ATC 21)","author":"Ren Jie","year":"2021","unstructured":"Jie Ren, Samyam Rajbhandari, Reza Yazdani Aminabadi, Olatunji Ruwase, Shuangyan Yang, Minjia Zhang, Dong Li, and Yuxiong He. Zero-offload: Democratizing billion-scale model training. In 2021 USENIX Annual Technical Conference (USENIX ATC 21), pages 551--564, 2021."},{"key":"e_1_3_2_1_70_1","first-page":"1","volume-title":"2016 49th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO)","author":"Rhu Minsoo","year":"2016","unstructured":"Minsoo Rhu, Natalia Gimelshein, Jason Clemons, Arslan Zulfiqar, and Stephen W Keckler. vdnn: Virtualized deep neural networks for scalable, memory-efficient neural network design. In 2016 49th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO), pages 1--13. IEEE, 2016."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1109\/MICRO.2007.16","volume-title":"40th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO 2007","author":"Rogers Brian","year":"2007","unstructured":"Brian Rogers, Siddhartha Chhabra, Milos Prvulovic, and Yan Solihin. Using address independent seed encryption and bonsai merkle trees to make secure processors os-and performance-friendly. In 40th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO 2007), pages 183--196. IEEE, 2007."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"crossref","first-page":"416","DOI":"10.1109\/MICRO.2018.00041","volume-title":"2018 51st Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO)","author":"Saileshwar Gururaj","year":"2018","unstructured":"Gururaj Saileshwar, Prashant J Nair, Prakash Ramrakhyani, Wendy Elsasser, Jose A Joao, and Moinuddin K Qureshi. Morphable counters: Enabling compact integrity trees for low-overhead secure memories. In 2018 51st Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO), pages 416--427. IEEE, 2018."},{"key":"e_1_3_2_1_73_1","first-page":"238","volume-title":"MICRO-54:  54th Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Samardzic Nikola","year":"2021","unstructured":"Nikola Samardzic, Axel Feldmann, Aleksandar Krastev, Srinivas Devadas, Ronald Dreslinski, Christopher Peikert, and Daniel Sanchez. F1: A fast and programmable accelerator for fully homomorphic encryption. In MICRO-54: 54th Annual IEEE\/ACM International Symposium on Microarchitecture, pages 238--252, 2021."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/ISCA.2005.30","volume-title":"32nd International Symposium on Computer Architecture (ISCA'05)","author":"Shi Weidong","year":"2005","unstructured":"Weidong Shi, H-h S Lee, Mrinmoy Ghosh, Chenghuai Lu, and Alexandra Boldyreva. High efficiency counter mode security architecture via prediction and precomputation. In 32nd International Symposium on Computer Architecture (ISCA'05), pages 14--24. IEEE, 2005."},{"key":"e_1_3_2_1_75_1","first-page":"103","volume-title":"2006 39th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO'06)","author":"Shi Weidong","year":"2006","unstructured":"Weidong Shi and Hsien-Hsin S Lee. Authentication control point and its implications for secure processor design. In 2006 39th Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO'06), pages 103--112. IEEE, 2006."},{"issue":"1","key":"e_1_3_2_1_76_1","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1145\/1055626.1055629","article-title":"Towards the issues in architectural support for protection of software execution","volume":"33","author":"Shi Weidong","year":"2005","unstructured":"Weidong Shi, Hsien-Hsin S Lee, Chenghuai Lu, and Mrinmoy Ghosh. Towards the issues in architectural support for protection of software execution. ACM SIGARCH Computer Architecture News, 33(1):6--15, 2005.","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"crossref","first-page":"1127","DOI":"10.1109\/HPCA56546.2023.10071091","volume-title":"2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)","author":"Shrivastava Nivedita","year":"2023","unstructured":"Nivedita Shrivastava and Smruti Ranjan Sarangi. Securator: A fast and secure neural processing unit. In 2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA), pages 1127--1139. IEEE, 2023."},{"key":"e_1_3_2_1_78_1","unstructured":"Tobin South Guy Zuskind Robert Mahari and Thomas Hardjono. Secure community transformers: Private pooled data for llms. https:\/\/transformers.mit.edu\/SecureCommunityTransfomersMITSouth.pdf."},{"key":"e_1_3_2_1_79_1","volume-title":"Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. Path oram: an extremely simple oblivious ram protocol. Journal of the ACM (JACM), 65(4):1--26","author":"Stefanov Emil","year":"2018","unstructured":"Emil Stefanov, Marten van Dijk, Elaine Shi, T-H Hubert Chan, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. Path oram: an extremely simple oblivious ram protocol. Journal of the ACM (JACM), 65(4):1--26, 2018."},{"key":"e_1_3_2_1_80_1","first-page":"339","volume-title":"Proceedings. 36th Annual IEEE\/ACM International Symposium on Microarchitecture, 2003","author":"Suh G Edward","year":"2003","unstructured":"G Edward Suh, Dwaine Clarke, Blaise Gasend, Marten Van Dijk, and Srinivas Devadas. Efficient memory integrity verification and encryption for secure processors. In Proceedings. 36th Annual IEEE\/ACM International Symposium on Microarchitecture, 2003. MICRO-36., pages 339--350. IEEE, 2003."},{"key":"e_1_3_2_1_81_1","volume-title":"Tesla hardware news. https:\/\/www.autopilotreview.com\/tesla-hardware-4-rolling-out-to-new-vehicles\/","year":"2023","unstructured":"Tesla. Tesla hardware news. https:\/\/www.autopilotreview.com\/tesla-hardware-4-rolling-out-to-new-vehicles\/, 2023."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"crossref","first-page":"160","DOI":"10.1145\/3470496.3527378","volume-title":"Proceedings of the 49th Annual International Symposium on Computer Architecture","author":"Umar Muhammad","year":"2022","unstructured":"Muhammad Umar, Weizhe Hua, Zhiru Zhang, and G Edward Suh. Softvn: Efficient memory protection via software-provided version numbers. In Proceedings of the 49th Annual International Symposium on Computer Architecture, pages 160--172, 2022."},{"key":"e_1_3_2_1_83_1","first-page":"681","volume-title":"13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18)","author":"Volos Stavros","year":"2018","unstructured":"Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. Graviton: Trusted execution environments on gpus. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18), pages 681--696, 2018."},{"key":"e_1_3_2_1_84_1","volume-title":"New hash functions and their use in authentication and set equality. Journal of computer and system sciences, 22(3):265--279","author":"Wegman Mark N","year":"1981","unstructured":"Mark N Wegman and J Lawrence Carter. New hash functions and their use in authentication and set equality. Journal of computer and system sciences, 22(3):265--279, 1981."},{"issue":"2","key":"e_1_3_2_1_85_1","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1145\/1150019.1136502","article-title":"Improving cost, performance, and security of memory encryption and authentication","volume":"34","author":"Yan Chenyu","year":"2006","unstructured":"Chenyu Yan, Daniel Englender, Milos Prvulovic, Brian Rogers, and Yan Solihin. Improving cost, performance, and security of memory encryption and authentication. ACM SIGARCH Computer Architecture News, 34(2):179--190, 2006.","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"e_1_3_2_1_86_1","unstructured":"Wei Yu Zhiqiang Li Qingqing Li and Qiyuan Long. Effectively address large language model privacy and security challenges with a trusted execution environment based on intel sgx. https:\/\/www.intel.cn\/content\/www\/cn\/zh\/customer-spotlight\/cases\/privacy-security-challenge-large-language-model.html."},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1109\/HPCA53966.2022.00024","volume-title":"2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA)","author":"Yuan Shougang","year":"2022","unstructured":"Shougang Yuan, Amro Awad, Ardhi Wiratama Baskara Yudha, Yan Solihin, and Huiyang Zhou. Adaptive security support for heterogeneous memory on gpus. In 2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA), pages 213--228. IEEE, 2022."},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"crossref","first-page":"546","DOI":"10.1145\/3472883.3486998","volume-title":"Proceedings of the ACM Symposium on Cloud Computing","author":"Zhang Chengliang","year":"2021","unstructured":"Chengliang Zhang, Junzhe Xia, Baichen Yang, Huancheng Puyang, Wei Wang, Ruichuan Chen, Istemi Ekin Akkus, Paarijaat Aditya, and Feng Yan. Citadel: Protecting data privacy and model confidentiality for collaborative learning. In Proceedings of the ACM Symposium on Cloud Computing, pages 546--561, 2021."},{"key":"e_1_3_2_1_89_1","first-page":"1255","volume-title":"2021 58th ACM\/IEEE Design Automation Conference (DAC)","author":"Zuo Pengfei","year":"2021","unstructured":"Pengfei Zuo, Yu Hua, Ling Liang, Xinfeng Xie, Xing Hu, and Yuan Xie. Sealing neural network models in encrypted deep learning accelerators. In 2021 58th ACM\/IEEE Design Automation Conference (DAC), pages 1255--1260. IEEE, 2021."}],"event":{"name":"ASPLOS '24: 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4","location":"Hilton La Jolla Torrey Pines La Jolla CA USA","acronym":"ASPLOS '24","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems","SIGPLAN ACM Special Interest Group on Programming Languages","SIGARCH ACM Special Interest Group on Computer Architecture","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3622781.3674168","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3622781.3674168","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:03Z","timestamp":1750178223000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3622781.3674168"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,27]]},"references-count":89,"alternative-id":["10.1145\/3622781.3674168","10.1145\/3622781"],"URL":"https:\/\/doi.org\/10.1145\/3622781.3674168","relation":{},"subject":[],"published":{"date-parts":[[2024,4,27]]},"assertion":[{"value":"2025-04-10","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}