{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T01:46:52Z","timestamp":1773193612643,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T00:00:00Z","timestamp":1743292800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Key R&D Program of Zhejiang Province","award":["2023R5202"],"award-info":[{"award-number":["2023R5202"]}]},{"DOI":"10.13039\/501100006374","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072302, 61960206002"],"award-info":[{"award-number":["62072302, 61960206002"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Alibaba Innovation Research Project","award":["2022010307"],"award-info":[{"award-number":["2022010307"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,3,30]]},"DOI":"10.1145\/3689031.3696066","type":"proceedings-article","created":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T06:25:20Z","timestamp":1742970320000},"page":"720-735","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["FastIOV: Fast Startup of Passthrough Network I\/O Virtualization for Secure Containers"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0156-2454","authenticated-orcid":false,"given":"Yunzhuo","family":"Liu","sequence":"first","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China and Alibaba Cloud Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9018-8881","authenticated-orcid":false,"given":"Junchen","family":"Guo","sequence":"additional","affiliation":[{"name":"Alibaba Cloud, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6711-4342","authenticated-orcid":false,"given":"Bo","family":"Jiang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-2611-757X","authenticated-orcid":false,"given":"Yang","family":"Song","sequence":"additional","affiliation":[{"name":"Alibaba Cloud, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-9646-8407","authenticated-orcid":false,"given":"Pengyu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Alibaba Cloud, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6384-1165","authenticated-orcid":false,"given":"Rong","family":"Wen","sequence":"additional","affiliation":[{"name":"Alibaba Cloud, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8096-5528","authenticated-orcid":false,"given":"Biao","family":"Lyu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China and Alibaba Cloud Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7756-0952","authenticated-orcid":false,"given":"Shunmin","family":"Zhu","sequence":"additional","affiliation":[{"name":"Hangzhou Feitian Cloud Hangzhou, China and Alibaba Cloud Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0357-8356","authenticated-orcid":false,"given":"Xinbing","family":"Wang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2025,3,30]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings of USENIX NSDI. USENIX","author":"Agache Alexandru","year":"2020","unstructured":"Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. 2020. Firecracker: Lightweight Virtualization for Serverless Applications. In Proceedings of USENIX NSDI. USENIX, Santa Clara, USA, 419--434."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA45728.2021.9613320"},{"key":"e_1_3_2_1_3_1","unstructured":"Amazon. 2023. AWS Lambda. https:\/\/www.aliyun.com\/product\/fc."},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of USENIX ATC. USENIX","author":"Amit Nadav","year":"2011","unstructured":"Nadav Amit, Muli Ben-Yehuda, Dan Tsafrir, Assaf Schuster, et al. 2011. vIOMMU: Efficient IOMMU Emulation. In Proceedings of USENIX ATC. USENIX, Portland, USA, 1--14."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of ACM\/IEEE ISCA. ACM, Saint-Malo, France, 256--274","author":"Amit Nadav","year":"2010","unstructured":"Nadav Amit, Muli Ben-Yehuda, and Ben-Ami Yassour. 2010. IOMMU: Strategies for Mitigating the IOTLB Bottleneck. In Proceedings of ACM\/IEEE ISCA. ACM, Saint-Malo, France, 256--274."},{"key":"e_1_3_2_1_6_1","unstructured":"Azure. 2023. Azure Cosmos DB. https:\/\/azure.microsoft.com\/en-us\/products\/cosmos-db."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD55607.2022.00033"},{"key":"e_1_3_2_1_8_1","volume-title":"Containerd: An Industry-Standard Container Runtime with An Emphasis on Simplicity, Robustness and Portability. https:\/\/containerd.io\/.","author":"Community CNCF","year":"2024","unstructured":"CNCF Community. 2024. Containerd: An Industry-Standard Container Runtime with An Emphasis on Simplicity, Robustness and Portability. https:\/\/containerd.io\/."},{"key":"e_1_3_2_1_9_1","volume-title":"Kubernetes: An Open-Source System for Automating Deployment, Scaling and Management of Containerized Applications. https:\/\/kubernetes.io\/.","author":"Community CNCF","year":"2024","unstructured":"CNCF Community. 2024. Kubernetes: An Open-Source System for Automating Deployment, Scaling and Management of Containerized Applications. https:\/\/kubernetes.io\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Calico Community. 2024. Calico CNI Project. https:\/\/github.com\/projectcalico\/calico."},{"key":"e_1_3_2_1_11_1","unstructured":"Cilium Community. 2024. Cilium CNI Project. https:\/\/github.com\/cilium\/cilium."},{"key":"e_1_3_2_1_12_1","unstructured":"Flannel Community. 2024. Flannel CNI Project. https:\/\/github.com\/flannel-io\/flannel."},{"key":"e_1_3_2_1_13_1","unstructured":"PCI-SIG Community. 2024. PCI Special Interest Group. http:\/\/www.pcisig.com\/home."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3464298.3476133"},{"key":"e_1_3_2_1_15_1","unstructured":"Intel Corporation. 2023. Intel\u00ae Virtualization Technology for Directed I\/O Architecture Specification Revision 4.1. https:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/774206\/intel-virtualization-technology-for-directed-i-o-architecture-specification.html."},{"key":"e_1_3_2_1_16_1","unstructured":"Intel Corporation. 2024. Intel Infrastructure Processing Unit (Intel IPU) SoC E2100 Product Brief. https:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/818147\/intel-infrastructure-processing-unit-intel-ipu-soc-e2100-product-brief.html."},{"key":"e_1_3_2_1_17_1","unstructured":"Intel Corporation. 2024. Scalable I\/O Virtualization Technical Specification. https:\/\/cdrdv2-public.intel.com\/671403\/intel-scalable-io-virtualization-technical-specification.pdf."},{"key":"e_1_3_2_1_18_1","unstructured":"NVIDIA Corporation. 2024. NVIDIA CONNECTX-7 400G ETHERNET. https:\/\/www.nvidia.com\/content\/dam\/en-zz\/Solutions\/networking\/ethernet-adapters\/connectx-7-datasheet-Final.pdf."},{"key":"e_1_3_2_1_19_1","unstructured":"NVIDIA Corporation. 2024. Scalable Function Overview. https:\/\/github.com\/Mellanox\/scalablefunctions\/wiki."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378512"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2021.08.011"},{"key":"e_1_3_2_1_22_1","unstructured":"Abdul Halim et al. 2024. Network Device Plugin for Kubernetes. https:\/\/github.com\/k8snetworkplumbingwg\/sriov-network-device-plugin."},{"key":"e_1_3_2_1_23_1","unstructured":"Ye Yin et al. 2024. SR-IOV CNI Plugin Project. https:\/\/github.com\/hustcat\/sriov-cni."},{"key":"e_1_3_2_1_24_1","unstructured":"Open Infrastructure Foundation. 2024. Kata Containers: the Speed of Containers the Security of VMs. https:\/\/katacontainers.io\/."},{"key":"e_1_3_2_1_25_1","first-page":"2596","article-title":"SR-IOV based Network Interrupt-Free Virtualization with Event based Polling","volume":"31","author":"Guan HaiBing","year":"2013","unstructured":"HaiBing Guan, YaoZu Dong, Kun Tian, and Jian Li. 2013. SR-IOV based Network Interrupt-Free Virtualization with Event based Polling. IEEE JSAC 31, 12 (2013), 2596--2609.","journal-title":"IEEE JSAC"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPADS.2012.60"},{"key":"e_1_3_2_1_27_1","unstructured":"Intel. 2024. Data Plane Development Kit (DPDK). http:\/\/www.dpdk.org"},{"key":"e_1_3_2_1_28_1","unstructured":"Intel. 2024. Intel\u00ae Ethernet Controller E810. https:\/\/www.intel.com\/content\/www\/us\/en\/products\/details\/ethernet\/800-controllers\/e810-controllers\/docs.html."},{"key":"e_1_3_2_1_29_1","unstructured":"Intel. 2024. Intel\u00ae Infrastructure Processing Unit (Intel\u00ae IPU) Adapter E2100. https:\/\/www.intel.com\/content\/www\/us\/en\/products\/details\/network-io\/ipu\/adapter-e2100.html."},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of USENIX NSDI. USENIX","author":"Kong Xinhao","year":"2023","unstructured":"Xinhao Kong, Jingrong Chen, Wei Bai, Yechen Xu, Mahmoud Elhaddad, Shachar Raindel, Jitendra Padhye, Alvin R Lebeck, and Danyang Zhuo. 2023. Understanding RDMA Microarchitecture Resources for Performance Isolation. In Proceedings of USENIX NSDI. USENIX, Boston, USA, 31--48."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2022.3186397"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3447786.3456241"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of USENIX ATC. USENIX, Virtual Event, 727--740","author":"Li Huiba","year":"2020","unstructured":"Huiba Li, Yifan Yuan, Rui Du, Kai Ma, Lanzheng Liu, and Windsor Hsu. 2020. DADI: Block-Level Image Service for Agile and Elastic Application Deployment. In Proceedings of USENIX ATC. USENIX, Virtual Event, 727--740."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2017.2712686"},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of USENIX ATC. USENIX","author":"Li Zijun","year":"2022","unstructured":"Zijun Li, Jiagan Cheng, Quan Chen, Eryu Guan, Zizheng Bian, Yi Tao, Bin Zha, Qiang Wang, Weidong Han, and Minyi Guo. 2022. RunD: A Lightweight Secure Container Runtime for High-density Deployment and High-Concurrency Startup in Serverless Computing. In Proceedings of USENIX ATC. USENIX, Carlsbad, USA, 53--68."},{"key":"e_1_3_2_1_36_1","unstructured":"Cunming Liang and Tiwei Bie. 2018. vdpa: vhost-mdev as a New vhost Protocol Transport. In KVM Forum."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of USENIX NSDI. USENIX","author":"Lin Shengkai","year":"2025","unstructured":"Shengkai Lin, Shizhen Zhao, Peirui Cao, Xinchi Han, Quan Tian, Wenfeng Liu, Qi Wu, Donghai Han, and Xinbin Wang. 2025. ONCache: A Cache-Based Low-Overhead Container Overlay Network. In Proceedings of USENIX NSDI. USENIX, Philadelphia, USA, 1--16."},{"key":"e_1_3_2_1_38_1","unstructured":"Linux Kernel Organization. 2024. Kernel Virtual Machine. https:\/\/linux-kvm.org\/page\/Main_Page."},{"key":"e_1_3_2_1_39_1","unstructured":"Linux Kernel Organization. 2024. The Linux Kernel Archives. https:\/\/www.kernel.org\/."},{"key":"e_1_3_2_1_40_1","first-page":"59","article-title":"Demystifying the Cost of Serverless Computing: Towards A Win-Win Deal","volume":"35","author":"Liu Fangming","year":"2023","unstructured":"Fangming Liu and Yipei Niu. 2023. Demystifying the Cost of Serverless Computing: Towards A Win-Win Deal. IEEE TPDS 35 (2023), 59--72.","journal-title":"IEEE TPDS"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3299869.3314046"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2015.7056038"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3646547.3688436"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC40277.2020.9149240"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2694344.2694355"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132763"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132763"},{"key":"e_1_3_2_1_48_1","volume-title":"Proceedings of USENIX HotCloud. USENIX","author":"Sane Anup","year":"2019","unstructured":"Mohan, Anup and Sane, Harshad and Doshi, Kshitij and Edupuganti, Saikrishna and Nayak, Naren and Sukhomlinov, Vadim. 2019. Agile Cold Starts for Scalable Serverless. In Proceedings of USENIX HotCloud. USENIX, Renton, USA, 1--6."},{"key":"e_1_3_2_1_49_1","volume-title":"Proceedings of IEEE Global Conference for Advancement in Technology. IEEE","author":"Nagendra T.P.","unstructured":"T.P. Nagendra and R. Hemavathy. 2023. Unlocking Kubernetes Networking Efficiency: Exploring Data Processing Units for Offloading and Enhancing Container Network Interfaces. In Proceedings of IEEE Global Conference for Advancement in Technology. IEEE, Bengaluru, India, 1--7."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.23919\/ICACT53585.2022.9728817"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3140607.3050758"},{"key":"e_1_3_2_1_52_1","volume-title":"Proceedings of USENIX ATC. USENIX","author":"Oakes Edward","year":"2018","unstructured":"Edward Oakes, Leon Yang, Dennis Zhou, Kevin Houck, Tyler Harter, Andrea Arpaci-Dusseau, and Remzi Arpaci-Dusseau. 2018. SOCK: Rapid Task Provisioning with Serverless-Optimized Containers. In Proceedings of USENIX ATC. USENIX, Boston, USA, 57--70."},{"key":"e_1_3_2_1_53_1","unstructured":"Linux Kernel Organization. 2024. AppArmor-Linux kernel Security Module. https:\/\/apparmor.net."},{"key":"e_1_3_2_1_54_1","unstructured":"Linux Kernel Organization. 2024. SECure COMPuting with filters. ht tps:\/\/www.kernel.org\/doc\/Documentation\/prctl\/seccomp_filter.txt."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2151024.2151040"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304064"},{"key":"e_1_3_2_1_57_1","volume-title":"Proceedings of USENIX ATC. USENIX","author":"Peng Bo","year":"2018","unstructured":"Bo Peng, Haozhong Zhang, Jianguo Yao, Yaozu Dong, Yu Xu, and Haibing Guan. 2018. MDev-NVMe: A NVMe Storage Virtualization Solution with Mediated Pass-Through. In Proceedings of USENIX ATC. USENIX, Vancouver, Canada, 665--676."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2020.3047545"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507750"},{"key":"e_1_3_2_1_60_1","unstructured":"Siarhei Siamashka. 2024. Tinymembench. https:\/\/github.com\/sysprog21\/tinymembench."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/Cluster48925.2021.00018"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419111.3421275"},{"key":"e_1_3_2_1_63_1","volume-title":"Proceedings of USENIX ATC. USENIX, Virtual Event, 479--492","author":"Tian Kun","year":"2020","unstructured":"Kun Tian, Yu Zhang, Luwei Kang, Yan Zhao, and Yaozu Dong. 2020. coIOMMU: A Virtual IOMMU with Cooperative DMA Buffer Tracking for Efficient Memory Management in Direct I\/O. In Proceedings of USENIX ATC. USENIX, Virtual Event, 479--492."},{"key":"e_1_3_2_1_64_1","volume-title":"Proceedings of USENIX ATC. USENIX","author":"Wang Liang","year":"2018","unstructured":"Liang Wang, Mengyuan Li, Yinqian Zhang, Thomas Ristenpart, and Michael Swift. 2018. Peeking behind the Curtains of Serverless Platforms. In Proceedings of USENIX ATC. USENIX, Boston, USA, 133--146."},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of USENIX ATC. USENIX","author":"Wang Yaohui","year":"2023","unstructured":"Yaohui Wang, Ben Luo, and Yibin Shen. 2023. Efficient Memory Overcommitment for I\/O Passthrough Enabled VMs via Fine-grained Page Metadata Management. In Proceedings of USENIX ATC. USENIX, Boston, USA, 769--783."},{"key":"e_1_3_2_1_66_1","volume-title":"Proceedings of USENIX HotCloud. USENIX","author":"Williams Dan","year":"2016","unstructured":"Dan Williams and Ricardo Koller. 2016. Unikernel Monitors: Extending Minimalism outside of the Box. In Proceedings of USENIX HotCloud. USENIX, Denvor, USA, 71--76."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139645.3139649"},{"key":"e_1_3_2_1_68_1","volume-title":"High-Throughput Inference. In Proceedings of ACM ASPLOS. ACM","author":"Yang Yanan","year":"2022","unstructured":"Yanan Yang, Laiping Zhao, Yiming Li, Huanyu Zhang, Jie Li, Mingyang Zhao, Xingzhen Chen, and Keqiu Li. 2022. INFless: A Native Serverless System for Low-Latency, High-Throughput Inference. In Proceedings of ACM ASPLOS. ACM, Lausanne, Switzerland, 768--781."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS.2017.43"},{"key":"e_1_3_2_1_70_1","volume-title":"Proceedings of USENIX NSDI. USENIX","author":"Zhang Yiwen","year":"2022","unstructured":"Yiwen Zhang, Yue Tan, Brent Stephens, and Mosharaf Chowdhury. 2022. Justitia: Software Multi-Tenancy in Hardware Kernel-Bypass Networks. In Proceedings of USENIX NSDI. USENIX, Renton, USA, 1307--1326."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3627703.3629557"},{"key":"e_1_3_2_1_72_1","volume-title":"Proceedings of ACM ASPLOS. ACM","author":"Zhou Zhuangzhuang","year":"2023","unstructured":"Zhuangzhuang Zhou, Yanqi Zhang, and Christina Delimitrou. 2023. Aquatope: QoS-and-Uncertainty-Aware Resource Management for Multi-Stage Serverless Workflows. In Proceedings of ACM ASPLOS. ACM, Vancouver, Canada, 1--14."}],"event":{"name":"EuroSys '25: Twentieth European Conference on Computer Systems","location":"Rotterdam Netherlands","acronym":"EuroSys '25","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the Twentieth European Conference on Computer Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689031.3696066","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689031.3696066","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T11:24:49Z","timestamp":1755775489000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689031.3696066"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,30]]},"references-count":72,"alternative-id":["10.1145\/3689031.3696066","10.1145\/3689031"],"URL":"https:\/\/doi.org\/10.1145\/3689031.3696066","relation":{},"subject":[],"published":{"date-parts":[[2025,3,30]]},"assertion":[{"value":"2025-03-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}