{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T18:08:55Z","timestamp":1777486135271,"version":"3.51.4"},"reference-count":22,"publisher":"Association for Computing Machinery (ACM)","issue":"10","license":[{"start":{"date-parts":[[2024,9,26]],"date-time":"2024-09-26T00:00:00Z","timestamp":1727308800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2024,10]]},"abstract":"<jats:p>Implementing confidential computing on Azure container instances.<\/jats:p>","DOI":"10.1145\/3686261","type":"journal-article","created":{"date-parts":[[2024,9,23]],"date-time":"2024-09-23T17:26:22Z","timestamp":1727112382000},"page":"40-49","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Confidential Container Groups"],"prefix":"10.1145","volume":"67","author":[{"given":"Matthew A.","family":"Johnson","sequence":"first","affiliation":[{"name":"Microsoft, Azure Research, Cambridge, Cambridgeshire, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stavros","family":"Volos","sequence":"additional","affiliation":[{"name":"Microsoft, Azure Research, Cambridge, Cambridgeshire, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ken","family":"Gordon","sequence":"additional","affiliation":[{"name":"Microsoft, Azure Confidential Computing, Cambridge, Cambridgeshire, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sean T.","family":"Allen","sequence":"additional","affiliation":[{"name":"Movable Ink, New York, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christoph M.","family":"Wintersteiger","sequence":"additional","affiliation":[{"name":"Imandra, Inc., London, England, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sylvan","family":"Clebsch","sequence":"additional","affiliation":[{"name":"Microsoft, Azure Research, Austin, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Starks","sequence":"additional","affiliation":[{"name":"Microsoft, Core OS Group, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Manuel","family":"Costa","sequence":"additional","affiliation":[{"name":"Microsoft, Azure Research, Cambridge, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,9,26]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"Advanced Micro Devices. AMD SEV-SNP: Strengthening VM isolation with integrity protection and more. (2020);\u00a0https:\/\/bit.ly\/46HzxOL"},{"key":"e_1_3_1_3_2","unstructured":"Bahmani R. et al. CURE: A security architecture with customizable and resilient enclaves. In Proceedings of the 30th Usenix Security Symp. (2021);\u00a0https:\/\/bit.ly\/3WWApvv"},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","unstructured":"Barham P. et al. Xen and the art of virtualization. In Proceedings of the 19th ACM Symp. on Operating Systems Principles (2003) 164\u2013177; 10.1145\/945445.945462.","DOI":"10.1145\/945445.945462"},{"key":"e_1_3_1_5_2","doi-asserted-by":"crossref","unstructured":"Brasser F. et al. SANCTUARY: ARMing TrustZone with user-space enclaves. In Proceedings of Network and Distributed System Security Symp. (2019);\u00a0https:\/\/bit.ly\/4dh9j8e","DOI":"10.14722\/ndss.2019.23448"},{"key":"e_1_3_1_6_2","doi-asserted-by":"crossref","unstructured":"Champagne D. and Lee R.B. Scalable architectural support for trusted software. In Proceedings of the 16th Intern. Symp. on High-Performance Computer Architecture (2010);\u00a0https:\/\/bit.ly\/4dy1PNM","DOI":"10.1109\/HPCA.2010.5416657"},{"key":"e_1_3_1_7_2","unstructured":"Cheng P.-C. et al. Intel TDX demystified: A top-down approach. (2023).\u00a0arXiv:2303.15540"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","unstructured":"Costan V. Lebedev I. and Devadas S. Sanctum: Minimal hardware extensions for strong software isolation. In Proceedings of the 25th Usenix Conf. on Security Symp. 857\u2013874; 10.5555\/3241094.3241161.","DOI":"10.5555\/3241094.3241161"},{"key":"e_1_3_1_9_2","doi-asserted-by":"crossref","unstructured":"Delignat-Lavaud A. et al. Why should I trust your code?. ACM Queue 21 4 (2023);\u00a0https:\/\/bit.ly\/4dF2rkD","DOI":"10.1145\/3623460"},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","unstructured":"Evtyushkin D. et al. Iso-X: A flexible architecture for hardware-managed isolated execution. In Proceedings of the 47th Annual IEEE\/ACM Intern. Symp. on Microarchitecture (2014) 190\u2013202; 10.1109\/MICRO.2014.25.","DOI":"10.1109\/MICRO.2014.25"},{"key":"e_1_3_1_11_2","doi-asserted-by":"crossref","unstructured":"Kaplan D. Hardware VM isolation in the cloud. ACM Queue 21 4 (2023);\u00a0https:\/\/bit.ly\/3yG95s4","DOI":"10.1145\/3623392"},{"key":"e_1_3_1_12_2","doi-asserted-by":"crossref","unstructured":"Lee D. et al. Keystone: An open framework for architecting trusted execution environments. In Proceedings of the 15th European Conf. on Computer Systems (2020) 1\u201316;\u00a0https:\/\/bit.ly\/4fPC8dI","DOI":"10.1145\/3342195.3387532"},{"key":"e_1_3_1_13_2","unstructured":"Li X. et al. Design and verification of the Arm Confidential Compute Architecture. In Proceedings of the 16th USENIX Symp. on Operating Systems Design and Implementation (2022)."},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/1357010.1352625"},{"key":"e_1_3_1_15_2","unstructured":"NVIDIA Triton Inference Server. NVIDIA Developer;\u00a0https:\/\/bit.ly\/3AkcU6Z"},{"key":"e_1_3_1_16_2","unstructured":"Open Container Initiative Technical Oversight Board. Open Container Initiative Distribution Specification (2021);\u00a0https:\/\/bit.ly\/4ckTFHH"},{"key":"e_1_3_1_17_2","unstructured":"Open Policy Agent. Policy language;\u00a0https:\/\/bit.ly\/3ynqqGp"},{"key":"e_1_3_1_18_2","doi-asserted-by":"crossref","unstructured":"Schuster F. et al. VC3: Trustworthy data analytics in the cloud using SGX. In Proceedings of the IEEE Symp. on Security and Privacy 2015.","DOI":"10.1109\/SP.2015.10"},{"key":"e_1_3_1_19_2","unstructured":"SGX. Software Guard Extensions. Intel;\u00a0https:\/\/intel.ly\/3WYbbx2"},{"key":"e_1_3_1_20_2","unstructured":"SPEC 2017; https:\/\/www.spec.org\/cpu2017\/."},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","unstructured":"Suh G.E. et al. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th Annual ACM Intern. Conf. on Supercomputing (2023) 160\u2013171; 10.1145\/782814.782838.","DOI":"10.1145\/782814.782838"},{"key":"e_1_3_1_22_2","doi-asserted-by":"crossref","unstructured":"Sun H. et al. TrustICE: Hardware-assisted isolated computing environments on mobile devices. In Proceedings of the 45th Annual IEEE\/IFIP Intern. Conf. on Dependable Systems and Networks (2015) 367\u2013378;\u00a0https:\/\/bit.ly\/3SL2svr","DOI":"10.1109\/DSN.2015.11"},{"key":"e_1_3_1_23_2","unstructured":"Tene G. wrk2. Github; https:\/\/github.com\/giltene\/wrk2."}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3686261","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3686261","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:06:22Z","timestamp":1750291582000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3686261"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,26]]},"references-count":22,"journal-issue":{"issue":"10","published-print":{"date-parts":[[2024,10]]}},"alternative-id":["10.1145\/3686261"],"URL":"https:\/\/doi.org\/10.1145\/3686261","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,9,26]]},"assertion":[{"value":"2024-09-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}