{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T15:32:55Z","timestamp":1770996775427,"version":"3.50.1"},"reference-count":95,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2024,1,18]],"date-time":"2024-01-18T00:00:00Z","timestamp":1705536000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Institute of Information & communications Technology Planning & Evaluation","award":["IITP2017-0-00466, IITP2021-0-01817"],"award-info":[{"award-number":["IITP2017-0-00466, IITP2021-0-01817"]}]},{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"crossref","award":["NRF-2022R1A2B5B01002133"],"award-info":[{"award-number":["NRF-2022R1A2B5B01002133"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Ministry of Science and ICT, Korea"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Archit. Code Optim."],"published-print":{"date-parts":[[2024,3,31]]},"abstract":"<jats:p>\n            In cloud-based serverless computing, an application consists of multiple functions provided by mutually distrusting parties. For secure serverless computing, the hardware-based trusted execution environment (TEE) can provide strong isolation among functions. However, not only protecting each function from the host OS and other functions, but also protecting the host system from the functions, is critical for the security of the cloud servers. Such an emerging trusted serverless computing poses new challenges: Each TEE must be isolated from the host system bi-directionally, and the system calls from it must be validated. In addition, the resource utilization of each TEE must be accountable in a mutually trusted way. However, the current TEE model cannot efficiently represent such trusted serverless applications. To overcome the lack of such hardware support, this article proposes an extended TEE model called\n            <jats:sc>Cloister<\/jats:sc>\n            , designed for trusted serverless computing.\n            <jats:sc>Cloister<\/jats:sc>\n            proposes four new key techniques. First, it extends the hardware-based memory isolation in SGX to confine a deployed function only within its TEE (enclave). Second, it proposes a trusted monitor enclave that filters and validates system calls from enclaves. Third, it provides a trusted resource accounting mechanism for enclaves that is agreeable to both service developers and cloud providers. Finally,\n            <jats:sc>Cloister<\/jats:sc>\n            accelerates enclave loading by redesigning its memory verification for fast function deployment. Using an emulated Intel SGX platform with the proposed extensions, this article shows that trusted serverless applications can be effectively supported with small changes in the SGX hardware.\n          <\/jats:p>","DOI":"10.1145\/3632954","type":"journal-article","created":{"date-parts":[[2023,11,14]],"date-time":"2023-11-14T11:54:16Z","timestamp":1699962856000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Hardware-hardened Sandbox Enclaves for Trusted Serverless Computing"],"prefix":"10.1145","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-8406-0817","authenticated-orcid":false,"given":"Joongun","family":"Park","sequence":"first","affiliation":[{"name":"KAIST, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-6471-2183","authenticated-orcid":false,"given":"Seunghyo","family":"Kang","sequence":"additional","affiliation":[{"name":"KAIST, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-7060-6315","authenticated-orcid":false,"given":"Sanghyeon","family":"Lee","sequence":"additional","affiliation":[{"name":"KAIST, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1819-968X","authenticated-orcid":false,"given":"Taehoon","family":"Kim","sequence":"additional","affiliation":[{"name":"ETRI, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6629-449X","authenticated-orcid":false,"given":"Jongse","family":"Park","sequence":"additional","affiliation":[{"name":"KAIST, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5602-2397","authenticated-orcid":false,"given":"Youngjin","family":"Kwon","sequence":"additional","affiliation":[{"name":"KAIST, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1742-047X","authenticated-orcid":false,"given":"Jaehyuk","family":"Huh","sequence":"additional","affiliation":[{"name":"KAIST, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,1,18]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"MITRE Corp. 2021. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33097"},{"key":"e_1_3_1_3_2","unstructured":"MITRE Corp. 2021. An attacker with JavaScript execution may be able to execute arbitrary code. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33097"},{"key":"e_1_3_1_4_2","unstructured":"Google Cloud. 2023. Choosing an App Engine environment. Retrieved from https:\/\/cloud.google.com\/appengine\/docs\/the-appengine-environments"},{"key":"e_1_3_1_5_2","unstructured":"MITRE Corp. 2019. Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent\u2019s handling of COM clients. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-3969"},{"key":"e_1_3_1_6_2","unstructured":"MITRE Corp. 2023. CVE lists. Retrieved from https:\/\/cve.mitre.org\/"},{"key":"e_1_3_1_7_2","unstructured":"Firejail Project. 2023. Firejail. Retrieved from https:\/\/firejail.wordpress.com\/"},{"key":"e_1_3_1_8_2","unstructured":"MITRE Corp. 2016. How to Run Intel Software Guard Extensions\u2019 Simulation Mode. Retrieved from https:\/\/software.intel.com\/content\/www\/us\/en\/develop\/blogs\/usage-of-simulation-mode-in-sgx-enhanced-application.html"},{"key":"e_1_3_1_9_2","unstructured":"Amazon.com Inc. 2022. Instructions for RVS Sandbox Environment. Retrieved from https:\/\/developer.amazon.com\/docs\/in-app-purchasing\/iap-rvs-setup-sandbox.html"},{"key":"e_1_3_1_10_2","unstructured":"Mozilla. 2020. Mozilla Security\/Sandbox. Retrieved from https:\/\/wiki.mozilla.org\/Security\/Sandbox"},{"key":"e_1_3_1_11_2","unstructured":"MITRE Corp. 2021. Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33097"},{"key":"e_1_3_1_12_2","unstructured":"NIST. 2019. Possible seccomp bypass due to SECCOMP policies that allow the use of ptrace. Retrieved from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-2054"},{"key":"e_1_3_1_13_2","unstructured":"MITRE Corp. 2021. Process-injection: Ptrace System Calls. Retrieved from https:\/\/attack.mitre.org\/techniques\/T1055\/008\/"},{"key":"e_1_3_1_14_2","unstructured":"MITRE Corp. 2014. Setting the environment occurs across a privilege boundary from Bash execution aka \u201cShellShock.\u201d Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-6271"},{"key":"e_1_3_1_15_2","unstructured":"MITRE Corp. 2020. Windows Kernel Local Elevation of Privilege Vulnerability. Retrieved from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-17087"},{"key":"e_1_3_1_16_2","unstructured":"Microsoft Corp. 2013. Building Your Dev and Test Sandbox with Windows Azure Infrastructure Services. Retrieved from https:\/\/azure.microsoft.com\/ko-kr\/resources\/videos\/build2013-dev-test-sandbox-with-windows-azure-infrastructure-services\/"},{"key":"e_1_3_1_17_2","unstructured":"Intel Corp. 2016. Intel(R) Software Guard Extensions SDK Developer Reference for Linux* OS."},{"key":"e_1_3_1_18_2","unstructured":"Intel Corp. 2016. Intel\u00ae 64 and IA-32 Architectures Software Developer\u2019s Manual Volume 3C: System Programming Guide Part 3."},{"key":"e_1_3_1_19_2","unstructured":"Intel Corp. 2019. Intel 64 and IA-32 architectures software developer\u2019s manual Volume 3."},{"key":"e_1_3_1_20_2","unstructured":"Intel Corp. 2021. Affected Processors: Transient Execution Attacks & Related Security Issues by CPU. Retrieved from https:\/\/software.intel.com\/security-software-guidance\/processors-affected-transient-execution-attack-mitigation-product-cpu-model"},{"key":"e_1_3_1_21_2","unstructured":"RaulQT. 2017. SGX-NBench. Retrieved from https:\/\/github.com\/utds3lab\/sgx-nbench"},{"key":"e_1_3_1_22_2","volume-title":"Network and Distributed System Security Symposium (NDSS\u201919)","author":"Ahmad Adil","year":"2019","unstructured":"Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Insik Shin, and Byoungyoung Lee. 2019. Obfuscuro: A commodity obfuscation engine on Intel SGX. In Network and Distributed System Security Symposium (NDSS\u201919)."},{"key":"e_1_3_1_23_2","volume-title":"Network and Distributed System Security Symposium (NDSS\u201921)","author":"Ahmad Adil","year":"2021","unstructured":"Adil Ahmad, Juhee Kim, Jaebaek Seo, Insik Shin, Pedro Fonseca, and Byoungyoung Lee. 2021. CHANCEL: Efficient multi-client isolation under adversarial programs. In Network and Distributed System Security Symposium (NDSS\u201921)."},{"key":"e_1_3_1_24_2","volume-title":"ACM SIGSAC Conference on Cloud Computing Security Workshop","author":"Alder Fritz","year":"2019","unstructured":"Fritz Alder, N. Asokan, Arseny Kurnikov, Andrew Paverd, and Michael Steiner. 2019. S-FaaS: Trustworthy and accountable function-as-a-service using Intel SGX. In ACM SIGSAC Conference on Cloud Computing Security Workshop."},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/DEST.2010.5610586"},{"key":"e_1_3_1_26_2","unstructured":"Amazon.com Inc. Amazon. Retrieved from https:\/\/aws.amazon.com\/lambda\/pricing\/"},{"key":"e_1_3_1_27_2","volume-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201916)","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O\u2019Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, R\u00fcdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux containers with Intel SGX. In USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201916)."},{"key":"e_1_3_1_28_2","unstructured":"Adam Barth Collin Jackson Charles Reis and The Google Chrome Team. 2008. The Security Architecture of the Chromium Browser Stanford Technical Report."},{"key":"e_1_3_1_29_2","volume-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201914)","author":"Baumann Andrew","year":"2014","unstructured":"Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with Haven. In USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201914)."},{"key":"e_1_3_1_30_2","volume-title":"USENIX Security Symposium (USENIX Security\u201918)","author":"Biondo Andrea","year":"2018","unstructured":"Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2018. The guard\u2019s dilemma: Efficient code-reuse attacks against Intel SGX. In USENIX Security Symposium (USENIX Security\u201918)."},{"key":"e_1_3_1_31_2","volume-title":"USENIX Workshop on Offensive Technologies (WOOT\u201917)","author":"Brasser Ferdinand","year":"2017","unstructured":"Ferdinand Brasser, Urs M\u00fcller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure: SGX cache attacks are practical. In USENIX Workshop on Offensive Technologies (WOOT\u201917)."},{"key":"e_1_3_1_32_2","volume-title":"USENIX Security Symposium (USENIX Security\u201918)","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In USENIX Security Symposium (USENIX Security\u201918)."},{"key":"e_1_3_1_33_2","article-title":"LIBSVM: A library for support vector machines","author":"Chang Chih-Chung","year":"2011","unstructured":"Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: A library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 3 (2011).","journal-title":"ACM Trans. Intell. Syst. Technol."},{"key":"e_1_3_1_34_2","volume-title":"International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201913)","author":"Checkoway Stephen","year":"2013","unstructured":"Stephen Checkoway and Hovav Shacham. 2013. Iago attacks: Why the system call API is a bad untrusted RPC interface. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201913)."},{"key":"e_1_3_1_35_2","volume-title":"USENIX Security Symposium (USENIX Security\u201922)","author":"Chen Yuan","year":"2022","unstructured":"Yuan Chen, Jiaqi Li, Guorui Xu, Yajin Zhou, Zhi Wang, Cong Wang, and Kui Ren. 2022. SGXLock: Towards efficiently establishing mutual distrust between host application and enclave for SGX. In USENIX Security Symposium (USENIX Security\u201922)."},{"key":"e_1_3_1_36_2","unstructured":"Yueqiang Cheng Zhi Zhang and S. Nepal. 2018. CATTmew: Defeating software-only physical kernel isolation. ArXiv:1802.07060."},{"key":"e_1_3_1_37_2","volume-title":"ACM Symposium on Cloud Computing (SoCC\u201910)","author":"Cooper Brian F.","year":"2010","unstructured":"Brian F. Cooper, Adam Silberstein, Erwin Tam, Raghu Ramakrishnan, and Russell Sears. 2010. Benchmarking cloud serving systems with YCSB. In ACM Symposium on Cloud Computing (SoCC\u201910)."},{"key":"e_1_3_1_38_2","article-title":"SECCOMP and sandboxing","volume":"25","author":"Corbet Jonathan","year":"2009","unstructured":"Jonathan Corbet. 2009. SECCOMP and sandboxing. LWN. net, May 25 (2009).","journal-title":"LWN. net, May"},{"key":"e_1_3_1_39_2","unstructured":"Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. In IACR Cryptology ePrint Archive Paper 2016\/086."},{"key":"e_1_3_1_40_2","volume-title":"USENIX Security Symposium (USENIX Security\u201916)","author":"Costan Victor","year":"2016","unstructured":"Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal hardware extensions for strong software isolation. In USENIX Security Symposium (USENIX Security\u201916)."},{"key":"e_1_3_1_41_2","volume-title":"Network and Distributed System Security Symposium (NDSS\u201915)","author":"Crane Stephen","year":"2015","unstructured":"Stephen Crane, Andrei Homescu, Stefan Brunthaler, Per Larsen, and Michael Franz. 2015. Thwarting cache side-channel attacks through dynamic software diversity. In Network and Distributed System Security Symposium (NDSS\u201915)."},{"key":"e_1_3_1_42_2","volume-title":"Network and Distributed System Security Symposium (NDSS\u201922)","author":"Cui Rongzhen","year":"2022","unstructured":"Rongzhen Cui, Lianying Zhao, and David Lie. 2022. Emilia: Catching Iago in legacy code. In Network and Distributed System Security Symposium (NDSS\u201922)."},{"key":"e_1_3_1_43_2","volume-title":"31st USENIX Security Symposium (USENIX Security\u201922)","author":"Datta Pubali","year":"2022","unstructured":"Pubali Datta, Isaac Polinsky, Muhammad Adil Inam, Adam Bates, and William Enck. 2022. ALASTOR: Reconstructing the provenance of serverless intrusions. In 31st USENIX Security Symposium (USENIX Security\u201922)."},{"key":"e_1_3_1_44_2","volume-title":"International Conference on Information Security (ICS\u201910)","author":"Davi Lucas","year":"2010","unstructured":"Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy. 2010. Privilege escalation attacks on Android. In International Conference on Information Security (ICS\u201910)."},{"key":"e_1_3_1_45_2","article-title":"T-counter: Trustworthy and efficient CPU resource measurement using SGX in the cloud","author":"Dong Chuntao","year":"2022","unstructured":"Chuntao Dong, Qingni Shen, Xuhua Ding, Daoqing Yu, Wu Luo, Pengfei Wu, and Zhonghai Wu. 2022. T-counter: Trustworthy and efficient CPU resource measurement using SGX in the cloud. IEEE Trans. Depend. Sec. Comput. 20, 1 (2022).","journal-title":"IEEE Trans. Depend. Sec. Comput."},{"key":"e_1_3_1_46_2","volume-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201921)","author":"Feng Erhu","year":"2021","unstructured":"Erhu Feng, Xu Lu, Dong Du, Bicheng Yang, Xueqiang Jiang, Yubin Xia, Binyu Zang, and Haibo Chen. 2021. Scalable memory protection in the PENGLAI enclave. In USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201921)."},{"key":"e_1_3_1_47_2","volume-title":"Network and Distributed System Security Symposium (NDSS\u201904)","author":"Garfinkel Tal","year":"2004","unstructured":"Tal Garfinkel, Ben Pfaff, and Mendel Rosenblum. 2004. Ostia: A delegating architecture for secure system call interposition. In Network and Distributed System Security Symposium (NDSS\u201904)."},{"key":"e_1_3_1_48_2","volume-title":"International Middleware Conference (Middleware\u201919)","author":"Goltzsche David","year":"2019","unstructured":"David Goltzsche, Manuel Nieke, Thomas Knauth, and R\u00fcdiger Kapitza. 2019. AccTEE: A WebAssembly-based two-way sandbox for trusted resource accounting. In International Middleware Conference (Middleware\u201919)."},{"key":"e_1_3_1_49_2","unstructured":"Google Cloud. 2023. Cloud Functions pricing. Retrieved from https:\/\/cloud.google.com\/functions\/pricing"},{"key":"e_1_3_1_50_2","volume-title":"USENIX Security Symposium (USENIX Security\u201918)","author":"Gras Ben","year":"2018","unstructured":"Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2018. Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks. In USENIX Security Symposium (USENIX Security\u201918)."},{"key":"e_1_3_1_51_2","volume-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA\u201916)","author":"Gruss Daniel","year":"2016","unstructured":"Daniel Gruss, Cl\u00e9mentine Maurice, and Stefan Mangard. 2016. Rowhammer.js: A remote software-induced fault attack in JavaScript. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA\u201916)."},{"key":"e_1_3_1_52_2","volume-title":"31st USENIX Security Symposium (USENIX Security\u201922)","author":"Gu Jinyu","year":"2022","unstructured":"Jinyu Gu, Bojun Zhu, Mingyu Li, Wentai Li, Yubin Xia, and Haibo Chen. 2022. A Hardware-Software co-design for efficient Intra-Enclave isolation. In 31st USENIX Security Symposium (USENIX Security\u201922)."},{"key":"e_1_3_1_53_2","article-title":"SimPoint 3.0: Faster and more flexible program phase analysis","author":"Hamerly Greg","year":"2005","unstructured":"Greg Hamerly, Erez Perelman, Jeremy Lau, and Brad Calder. 2005. SimPoint 3.0: Faster and more flexible program phase analysis. J. Instruct. Level Parallel. 7, 4 (2005).","journal-title":"J. Instruct. Level Parallel."},{"key":"e_1_3_1_54_2","volume-title":"International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201913)","author":"Hofmann Owen S.","year":"2013","unstructured":"Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. 2013. InkTag: Secure applications on an untrusted operating system. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201913)."},{"key":"e_1_3_1_55_2","article-title":"IVEC: Off-chip memory integrity protection for both security and reliability","author":"Huang Ruirui","year":"2010","unstructured":"Ruirui Huang and G. Edward Suh. 2010. IVEC: Off-chip memory integrity protection for both security and reliability. ACM SIGARCH Comput. Archit. News 38, 3 (2010).","journal-title":"ACM SIGARCH Comput. Archit. News"},{"key":"e_1_3_1_56_2","volume-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201916)","author":"Hunt Tyler","year":"2016","unstructured":"Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. 2016. Ryoan: A distributed sandbox for untrusted computation on secret data. In USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201916)."},{"key":"e_1_3_1_57_2","unstructured":"IBM. 2023. IBM Functions pricing. Retrieved from https:\/\/cloud.ibm.com\/functions\/learn\/pricing"},{"key":"e_1_3_1_58_2","volume-title":"ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (VEE\u201915)","author":"Jin Seongwook","year":"2015","unstructured":"Seongwook Jin, Jinho Seol, Jaehyuk Huh, and Seungryoul Maeng. 2015. Hardware-assisted secure resource accounting under a vulnerable hypervisor. In ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (VEE\u201915)."},{"key":"e_1_3_1_59_2","volume-title":"International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201920)","author":"Khandaker Mustakimur Rahman","year":"2020","unstructured":"Mustakimur Rahman Khandaker, Yueqiang Cheng, Zhi Wang, and Tao Wei. 2020. COIN attacks: On insecurity of enclave untrusted interfaces in SGX. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201920)."},{"key":"e_1_3_1_60_2","volume-title":"ACM Symposium on Operating Systems Principles (SOSP\u201909)","author":"Klein Gerwin","year":"2009","unstructured":"Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. 4seL4: Formal verification of an OS kernel. In ACM Symposium on Operating Systems Principles (SOSP\u201909)."},{"key":"e_1_3_1_61_2","volume-title":"International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201916)","author":"Kwon Youngjin","year":"2016","unstructured":"Youngjin Kwon, Alan M. Dunn, Michael Z. Lee, Owen S. Hofmann, Yuanzhong Xu, and Emmett Witchel. 2016. Sego: Pervasive trusted metadata for efficiently verified untrusted system services. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201916)."},{"key":"e_1_3_1_62_2","volume-title":"European Conference on Computer Systems (EuroSys\u201920)","author":"Lee Dayeol","year":"2020","unstructured":"Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanovi\u0107, and Dawn Song. 2020. Keystone: An open framework for architecting trusted execution environments. In European Conference on Computer Systems (EuroSys\u201920)."},{"key":"e_1_3_1_63_2","volume-title":"USENIX Security Symposium (USENIX Security\u201917)","author":"Lee Jaehyuk","year":"2017","unstructured":"Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, and Brent ByungHoon Kang. 2017. Hacking in darkness: Return-oriented programming against secure enclaves. In USENIX Security Symposium (USENIX Security\u201917)."},{"key":"e_1_3_1_64_2","volume-title":"USENIX Security Symposium (USENIX Security\u201917)","author":"Lee Sangho","year":"2017","unstructured":"Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In USENIX Security Symposium (USENIX Security\u201917)."},{"key":"e_1_3_1_65_2","volume-title":"International Symposium on Computer Architecture (ISCA\u201921)","author":"Li Mingyu","year":"2021","unstructured":"Mingyu Li, Yubin Xia, and Haibo Chen. 2021. Confidential serverless made efficient with plug-in enclaves. In International Symposium on Computer Architecture (ISCA\u201921)."},{"key":"e_1_3_1_66_2","article-title":"Understanding TEE containers, easy to use? Hard to trust","author":"Liu Weijie","year":"2021","unstructured":"Weijie Liu, Hongbo Chen, XiaoFeng Wang, Zhi Li, Danfeng Zhang, Wenhao Wang, and Haixu Tang. 2021. Understanding TEE containers, easy to use? Hard to trust. arXiv preprint arXiv:2109.01923 (2021).","journal-title":"arXiv preprint arXiv:2109.01923"},{"key":"e_1_3_1_67_2","unstructured":"Microsoft. Retrieved from https:\/\/azure.microsoft.com\/en-us\/pricing\/details\/functions\/"},{"key":"e_1_3_1_68_2","volume-title":"USENIX Security Symposium (USENIX Security\u201920)","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar. 2020. CopyCat: Controlled instruction-level attacks on enclaves. In USENIX Security Symposium (USENIX Security\u201920)."},{"key":"e_1_3_1_69_2","volume-title":"International Symposium on Computer Architecture (ISCA\u201920)","author":"Park Joongun","year":"2020","unstructured":"Joongun Park, Naegyeong Kang, Taehoon Kim, Youngjin Kwon, and Jaehyuk Huh. 2020. Nested enclave: Supporting fine-grained hierarchical isolation with SGX. In International Symposium on Computer Architecture (ISCA\u201920)."},{"key":"e_1_3_1_70_2","volume-title":"International Conference on Security and Privacy in Communication Systems","author":"Qiang Weizhong","year":"2018","unstructured":"Weizhong Qiang, Zezhao Dong, and Hai Jin. 2018. Se-lambda: Securing privacy-sensitive serverless applications using SGX enclave. In International Conference on Security and Privacy in Communication Systems."},{"key":"e_1_3_1_71_2","volume-title":"USENIX Security Symposium (USENIX Security\u201915)","author":"Rane Ashay","year":"2015","unstructured":"Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing digital side-channels through obfuscated execution. In USENIX Security Symposium (USENIX Security\u201915)."},{"key":"e_1_3_1_72_2","doi-asserted-by":"crossref","DOI":"10.1109\/L-CA.2011.4","article-title":"DRAMSim2: A cycle accurate memory system simulator","author":"Rosenfeld Paul","year":"2011","unstructured":"Paul Rosenfeld, Elliott Cooper-Balis, and Bruce Jacob. 2011. DRAMSim2: A cycle accurate memory system simulator. IEEE Comput. Archit. Lett. 10, 1 (2011).","journal-title":"IEEE Comput. Archit. Lett."},{"key":"e_1_3_1_73_2","doi-asserted-by":"crossref","DOI":"10.1145\/2508148.2485963","article-title":"ZSim: Fast and accurate microarchitectural simulation of thousand-core systems","author":"Sanchez Daniel","year":"2013","unstructured":"Daniel Sanchez and Christos Kozyrakis. 2013. ZSim: Fast and accurate microarchitectural simulation of thousand-core systems. ACM SIGARCH Comput. Archit. News 41, 3 (2013).","journal-title":"ACM SIGARCH Comput. Archit. News"},{"key":"e_1_3_1_74_2","volume-title":"USENIX Security Symposium (USENIX Security\u201922)","author":"Schrammel David","year":"2022","unstructured":"David Schrammel, Samuel Weiser, Richard Sadek, and Stefan Mangard. 2022. Jenny: Securing syscalls for PKU-based memory isolation systems. In USENIX Security Symposium (USENIX Security\u201922)."},{"key":"e_1_3_1_75_2","unstructured":"Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. Retrieved from https:\/\/googleprojectzero.blogspot.com\/2015\/03\/exploiting-dram-rowhammer-bug-to-gain.html"},{"key":"e_1_3_1_76_2","volume-title":"Network and Distributed System Security Symposium (NDSS\u201917)","author":"Seo Jaebaek","year":"2017","unstructured":"Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-shield: Enabling address space layout randomization for SGX programs. In Network and Distributed System Security Symposium (NDSS\u201917)."},{"key":"e_1_3_1_77_2","volume-title":"International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201920)","author":"Shen Youren","year":"2020","unstructured":"Youren Shen, Hongliang Tian, Yu Chen, Kang Chen, Runji Wang, Yi Xu, Yubin Xia, and Shoumeng Yan. 2020. Occlum: Secure and efficient multitasking inside a single enclave of Intel SGX. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201920)."},{"key":"e_1_3_1_78_2","volume-title":"Network and Distributed System Security Symposium (NDSS\u201917)","author":"Shih Ming-Wei","year":"2017","unstructured":"Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating controlled-channel attacks against enclave programs. In Network and Distributed System Security Symposium (NDSS\u201917)."},{"key":"e_1_3_1_79_2","volume-title":"ACM on Asia Conference on Computer and Communications Security (Asia CCS\u201916)","author":"Shinde Shweta","year":"2016","unstructured":"Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. 2016. Preventing your faults from telling your secrets. In ACM on Asia Conference on Computer and Communications Security (Asia CCS\u201916)."},{"key":"e_1_3_1_80_2","volume-title":"Network and Distributed System Security Symposium (NDSS\u201917)","author":"Shinde Shweta","year":"2017","unstructured":"Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. PANOPLY: Low-TCB Linux applications with SGX enclaves. In Network and Distributed System Security Symposium (NDSS\u201917)."},{"key":"e_1_3_1_81_2","volume-title":"International Symposium on Computer Architecture (ISCA\u201919)","author":"Skarlatos Dimitrios","year":"2019","unstructured":"Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W. Fletcher. 2019. Microscope: Enabling microarchitectural replay attacks. In International Symposium on Computer Architecture (ISCA\u201919)."},{"key":"e_1_3_1_82_2","article-title":"Survey of microarchitectural side and covert channels, attacks, and defenses","author":"Szefer Jakub","year":"2019","unstructured":"Jakub Szefer. 2019. Survey of microarchitectural side and covert channels, attacks, and defenses. J. Hardw. Syst. Secur. 3, 3 (2019).","journal-title":"J. Hardw. Syst. Secur."},{"key":"e_1_3_1_83_2","volume-title":"International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201918)","author":"Taassori Meysam","year":"2018","unstructured":"Meysam Taassori, Ali Shafiee, and Rajeev Balasubramonian. 2018. VAULT: Reducing paging overheads in SGX with efficient integrity verification structures. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS\u201918)."},{"key":"e_1_3_1_84_2","volume-title":"Workshop on System Software for Trusted Execution (SysTEX\u201918)","author":"Tian Hongliang","year":"2018","unstructured":"Hongliang Tian, Qiong Zhang, Shoumeng Yan, Alex Rudnitsky, Liron Shacham, Ron Yariv, and Noam Milshten. 2018. Switchless calls made practical in Intel SGX. In Workshop on System Software for Trusted Execution (SysTEX\u201918)."},{"key":"e_1_3_1_85_2","volume-title":"ACM Symposium on Cloud Computing (SoCC\u201920)","author":"Trach Bohdan","year":"2020","unstructured":"Bohdan Trach, Rasha Faqeh, Oleksii Oleksenko, Wojciech Ozga, Pramod Bhatotia, and Christof Fetzer. 2020. T-lease: A trusted lease primitive for distributed systems. In ACM Symposium on Cloud Computing (SoCC\u201920)."},{"key":"e_1_3_1_86_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319647.3325835"},{"key":"e_1_3_1_87_2","volume-title":"USENIX Annual Technical Conference (ATC\u201917)","author":"Tsai Chia-Che","year":"2017","unstructured":"Chia-Che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A practical library OS for unmodified applications on SGX. In USENIX Annual Technical Conference (ATC\u201917)."},{"key":"e_1_3_1_88_2","volume-title":"USENIX Security Symposium (USENIX Security\u201919)","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, efficient in-process isolation with protection keys (MPK). In USENIX Security Symposium (USENIX Security\u201919)."},{"key":"e_1_3_1_89_2","volume-title":"USENIX Security Symposium (USENIX Security\u201917)","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck, Nico Weichbrodt, R\u00fcdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In USENIX Security Symposium (USENIX Security\u201917)."},{"key":"e_1_3_1_90_2","volume-title":"International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201919)","author":"Weiser Samuel","year":"2019","unstructured":"Samuel Weiser, Luca Mayr, Michael Schwarz, and Daniel Gruss. 2019. SGXJail: Defeating enclave malware via confinement. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201919)."},{"key":"e_1_3_1_91_2","volume-title":"USENIX Security Symposium (USENIX Security\u201916)","author":"Xiao Yuan","year":"2016","unstructured":"Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu. 2016. One bit flips, one cloud flops: Cross-VM row hammer attacks and privilege escalation. In USENIX Security Symposium (USENIX Security\u201916)."},{"key":"e_1_3_1_92_2","volume-title":"IEEE Symposium on Security and Privacy (S&P\u201915)","author":"Xu Yuanzhong","year":"2015","unstructured":"Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE Symposium on Security and Privacy (S&P\u201915)."},{"key":"e_1_3_1_93_2","volume-title":"IEEE Symposium on Security and Privacy (S&P\u201909)","author":"Yee B.","year":"2009","unstructured":"B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. 2009. Native client: A sandbox for portable, untrusted x86 native code. In IEEE Symposium on Security and Privacy (S&P\u201909)."},{"key":"e_1_3_1_94_2","volume-title":"USENIX Security Symposium (USENIX Security\u201922)","author":"Yu Jason Zhijingcheng","year":"2022","unstructured":"Jason Zhijingcheng Yu, Shweta Shinde, Trevor E. Carlson, and Prateek Saxena. 2022. Elasticlave: An efficient memory model for enclaves. In USENIX Security Symposium (USENIX Security\u201922)."},{"key":"e_1_3_1_95_2","volume-title":"21st International Conference on Advanced Communication Technology (ICACT\u201919)","author":"Zhang Xiaoyong","year":"2019","unstructured":"Xiaoyong Zhang, W. U. Ruizhen, Mingming Wang, and Lin Wang. 2019. A high-performance parallel computation hardware architecture in ASIC of SHA-256 hash. In 21st International Conference on Advanced Communication Technology (ICACT\u201919)."},{"key":"e_1_3_1_96_2","volume-title":"32nd USENIX Security Symposium (USENIX Security\u201923)","author":"Zhao Shixuan","year":"2023","unstructured":"Shixuan Zhao, Pinshen Xu, Guoxing Chen, Mengya Zhang, Yinqian Zhang, and Zhiqiang Lin. 2023. Reusable enclaves for confidential serverless computing. In 32nd USENIX Security Symposium (USENIX Security\u201923)."}],"container-title":["ACM Transactions on Architecture and Code Optimization"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3632954","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3632954","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:35:50Z","timestamp":1750178150000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3632954"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,18]]},"references-count":95,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,3,31]]}},"alternative-id":["10.1145\/3632954"],"URL":"https:\/\/doi.org\/10.1145\/3632954","relation":{},"ISSN":["1544-3566","1544-3973"],"issn-type":[{"value":"1544-3566","type":"print"},{"value":"1544-3973","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1,18]]},"assertion":[{"value":"2023-04-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-01-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}