{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:46:53Z","timestamp":1772041613764,"version":"3.50.1"},"reference-count":22,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,4,30]],"date-time":"2024-04-30T00:00:00Z","timestamp":1714435200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Queue"],"published-print":{"date-parts":[[2024,4,30]]},"abstract":"<jats:p>The experiments presented here demonstrate that Parma, the architecture that drives confidential containers on Azure container instances, adds less than one percent additional performance overhead beyond that added by the underlying TEE. Importantly, Parma ensures a security invariant over all reachable states of the container group rooted in the attestation report. This allows external third parties to communicate securely with containers, enabling a wide range of containerized workflows that require confidential access to secure data. Companies obtain the advantages of running their most confidential workflows in the cloud without having to compromise on their security requirements. Tenants gain flexibility, efficiency, and reliability; CSPs get more business; and users can trust that their data is private, confidential, and secure.<\/jats:p>","DOI":"10.1145\/3664293","type":"journal-article","created":{"date-parts":[[2024,5,23]],"date-time":"2024-05-23T14:26:25Z","timestamp":1716474385000},"page":"57-86","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Confidential Container Groups"],"prefix":"10.1145","volume":"22","author":[{"given":"Matthew A.","family":"Johnson","sequence":"first","affiliation":[{"name":"Azure Research at Microsoft, Cambridge UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stavros","family":"Volos","sequence":"additional","affiliation":[{"name":"Azure Research at Microsoft, Cambridge UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ken","family":"Gordon","sequence":"additional","affiliation":[{"name":"Azure Research at Microsoft, Cambridge UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sean T.","family":"Allen","sequence":"additional","affiliation":[{"name":"Movable Ink"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christoph M.","family":"Wintersteiger","sequence":"additional","affiliation":[{"name":"Imandra, Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sylvan","family":"Clebsch","sequence":"additional","affiliation":[{"name":"Azure Research at Microsoft, Austin TX"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Starks","sequence":"additional","affiliation":[{"name":"Core OS group at Microsoft"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Manuel","family":"Costa","sequence":"additional","affiliation":[{"name":"Microsoft"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,5,23]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Advanced Micro Devices. 2020. AMD SEV-SNP: strengthening VM isolation with integrity protection and more; https:\/\/www.amd.com\/system\/files\/TechDocs\/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf."},{"key":"e_1_2_1_2_1","volume-title":"30th Usenix Security Symposium; https:\/\/www.usenix.org\/system\/files\/sec21summer_bahmani.pdf.","author":"Bahmani R.","year":"2021","unstructured":"Bahmani, R., Brasser, F., Dessouky, G., Jauernig, P., Klimmek, M., Sadeghi, A.-R., Stapf, E. 2021. CURE: a security architecture with CUstomizable and Resilient Enclaves. In 30th Usenix Security Symposium; https:\/\/www.usenix.org\/system\/files\/sec21summer_bahmani.pdf."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23448"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2010.5416657"},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the 25th Usenix Conference on Security Symposium, 857-874; https:\/\/dl.acm.org\/doi\/10","author":"Costan V.","year":"2016","unstructured":"Costan, V., Lebedev, I., Devadas, S. 2016. Sanctum: minimal hardware extensions for strong software isolation. In Proceedings of the 25th Usenix Conference on Security Symposium, 857-874; https:\/\/dl.acm.org\/doi\/10.5555\/3241094.3241161."},{"key":"e_1_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Delignat-Lavaud A. Fournet C. Vaswani K. Clebsch S. Riechert M. Costa M. Russinovich M. 2023. Why should I trust your code? acmqueue 21(4); https:\/\/queue.acm.org\/detail.cfm?id=3623460.","DOI":"10.1145\/3623460"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2014.25"},{"key":"e_1_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Kaplan D. 2023. Hardware VM isolation in the cloud. acmqueue 21(4); https:\/\/queue.acm.org\/detail.cfm?id=3623392.","DOI":"10.1145\/3623392"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387532"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1357010.1352625"},{"key":"e_1_2_1_12_1","unstructured":"Nvidia Triton Inference Server. Nvidia Developer; https:\/\/developer.nvidia.com\/nvidia-triton-inference-server."},{"key":"e_1_2_1_13_1","unstructured":"Open Containers Initiative Technical Oversight Board. 2021. Open Container Initiative Distribution Specification; https:\/\/specs.opencontainers.org\/distribution-spec\/?v=v1.0.0."},{"key":"e_1_2_1_14_1","unstructured":"Open Policy Agent. Policy language; https:\/\/www.openpolicyagent.org\/docs\/latest\/policy-language\/."},{"key":"e_1_2_1_15_1","unstructured":"SPEC 2017. https:\/\/www.spec.org\/cpu2017\/."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/782814.782838"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.11"},{"key":"e_1_2_1_18_1","unstructured":"Tene G. wrk2. Github; https:\/\/github.com\/giltene\/wrk2."},{"key":"e_1_2_1_19_1","unstructured":"Intel. SGX. Software Guard Extensions. https:\/\/software.intel.com\/en-us\/sgx (Accessed on 12\/13\/2019)."},{"key":"e_1_2_1_20_1","volume-title":"Intel TDX Demystified: A Top-Down Approach","author":"Cheng P-C","year":"2023","unstructured":"Cheng, P-C, Ozga, W., Valdez, E., Ahmed, S., Gu, Z., Jamjoom, H., Franke, H, and Bottomley, J.. Intel TDX Demystified: A Top-Down Approach. 2023. arXiv:2303.15540"},{"key":"e_1_2_1_21_1","volume-title":"Design and Verification of the Arm Confidential Compute Architecture. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22)","author":"Li X.","unstructured":"Li, X., Li, X., Dall, C., Gu, R., Nieh, J., Sait, Y., and Stockwell, G.. Design and Verification of the Arm Confidential Compute Architecture. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22). Carlsbad, CA."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.10"}],"container-title":["Queue"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664293","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664293","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:06:14Z","timestamp":1750291574000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664293"}},"subtitle":["Implementing confidential computing on Azure container instances"],"short-title":[],"issued":{"date-parts":[[2024,4,30]]},"references-count":22,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,4,30]]}},"alternative-id":["10.1145\/3664293"],"URL":"https:\/\/doi.org\/10.1145\/3664293","relation":{},"ISSN":["1542-7730","1542-7749"],"issn-type":[{"value":"1542-7730","type":"print"},{"value":"1542-7749","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,30]]},"assertion":[{"value":"2024-05-23","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}