{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T22:44:47Z","timestamp":1774046687424,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":70,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,2]],"date-time":"2024-11-02T00:00:00Z","timestamp":1730505600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,2]]},"DOI":"10.1145\/3696843.3696848","type":"proceedings-article","created":{"date-parts":[[2024,10,29]],"date-time":"2024-10-29T19:13:43Z","timestamp":1730229223000},"page":"19-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Position Paper: From Confidential Computing to Zero Trust, Come Along for the (Bumpy?) Ride"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3434-1968","authenticated-orcid":false,"given":"Mengmei","family":"Ye","sequence":"first","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3182-219X","authenticated-orcid":false,"given":"Sandhya","family":"Koteshwara","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-9754-2851","authenticated-orcid":false,"given":"Derren","family":"Dunn","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-0150-1055","authenticated-orcid":false,"given":"Hubertus","family":"Franke","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2821-2668","authenticated-orcid":false,"given":"Chris","family":"Porter","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-3655-2378","authenticated-orcid":false,"given":"Tobin","family":"Feldman-Fitzthum","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-0886-8893","authenticated-orcid":false,"given":"Angelo","family":"Ruocco","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-1433-9104","authenticated-orcid":false,"given":"Daniele","family":"Buono","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6504-022X","authenticated-orcid":false,"given":"Claudio","family":"Carvalho","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,11,2]]},"reference":[{"key":"e_1_3_3_2_2_2","unstructured":"2018. NIST SP 800-193: Platform Firmware Resiliency Guidelines. https:\/\/csrc.nist.gov\/pubs\/sp\/800\/193\/final."},{"key":"e_1_3_3_2_3_2","unstructured":"2021. NVIDIA BlueField-2 DPU. https:\/\/resources.nvidia.com\/en-us-accelerated-networking-resource-library\/bluefield-2-dpu-datasheet."},{"key":"e_1_3_3_2_4_2","unstructured":"2022. Introducing IBM Secure Execution for Linux. https:\/\/www.ibm.com\/docs\/en\/linux-on-systems?topic=virtualization-secure-execution."},{"key":"e_1_3_3_2_5_2","unstructured":"2022. The Journey to Design in the Cloud. https:\/\/www.synopsys.com\/cloud\/design-in-the-cloud.html."},{"key":"e_1_3_3_2_6_2","unstructured":"2023. Confidential Computing on NVIDIA H100 GPUs for Secure and Trustworthy AI. https:\/\/developer.nvidia.com\/blog\/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai\/."},{"key":"e_1_3_3_2_7_2","unstructured":"2023. IBM Security Guardium Data Encryption. https:\/\/www.ibm.com\/products\/guardium-data-encryption."},{"key":"e_1_3_3_2_8_2","unstructured":"2023. Intel TDX Connect TEE-IO Device Guide. https:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/772642\/intel-tdx-connect-tee-io-device-guide.html."},{"key":"e_1_3_3_2_9_2","unstructured":"2024. AMD Secure Encrypted Virtualization. https:\/\/www.amd.com\/en\/developer\/sev.html."},{"key":"e_1_3_3_2_10_2","unstructured":"2024. ARM Confidential Compute Architecture. https:\/\/www.arm.com\/architecture\/security-features\/arm-confidential-compute-architecture."},{"key":"e_1_3_3_2_11_2","unstructured":"2024. Azure Confidential Computing. https:\/\/azure.microsoft.com\/en-us\/solutions\/confidential-compute\/."},{"key":"e_1_3_3_2_12_2","unstructured":"2024. Caliptra. https:\/\/github.com\/chipsalliance\/Caliptra."},{"key":"e_1_3_3_2_13_2","unstructured":"2024. CoCo Guest Components. https:\/\/github.com\/confidential-containers\/guest-components."},{"key":"e_1_3_3_2_14_2","unstructured":"2024. Common Vulnerability Scoring System v3.1: Specification Document. https:\/\/www.first.org\/cvss\/v3.1\/specification-document."},{"key":"e_1_3_3_2_15_2","unstructured":"2024. Confidential Computing - Google Cloud. https:\/\/cloud.google.com\/confidential-computing."},{"key":"e_1_3_3_2_16_2","unstructured":"2024. Confidential Computing on IBM Cloud. https:\/\/www.ibm.com\/cloud\/confidential-computing."},{"key":"e_1_3_3_2_17_2","unstructured":"2024. Confidential Containers. https:\/\/github.com\/confidential-containers."},{"key":"e_1_3_3_2_18_2","unstructured":"2024. Constellation. https:\/\/www.edgeless.systems\/products\/constellation\/."},{"key":"e_1_3_3_2_19_2","unstructured":"2024. Default Encryption at Rest. https:\/\/cloud.google.com\/docs\/security\/encryption\/default-encryption."},{"key":"e_1_3_3_2_20_2","unstructured":"2024. Double Proxy (With mTLS Encryption). https:\/\/www.envoyproxy.io\/docs\/envoy\/latest\/start\/sandboxes\/double-proxy."},{"key":"e_1_3_3_2_21_2","unstructured":"2024. EDA cloud solution portfolio. https:\/\/eda.sw.siemens.com\/en-US\/cloud-solutions\/."},{"key":"e_1_3_3_2_22_2","unstructured":"2024. Enclave-CC. https:\/\/github.com\/confidential-containers\/enclave-cc."},{"key":"e_1_3_3_2_23_2","unstructured":"2024. Encryption in Transit. https:\/\/cloud.google.com\/docs\/security\/encryption-in-transit."},{"key":"e_1_3_3_2_24_2","unstructured":"2024. Gocryptfs - Simple. Secure. Fast. https:\/\/nuetzlich.net\/gocryptfs\/."},{"key":"e_1_3_3_2_25_2","unstructured":"2024. IBM Spectrum LSF Suites. https:\/\/www.ibm.com\/products\/hpc-workload-management."},{"key":"e_1_3_3_2_26_2","unstructured":"2024. Intel Software Guard Extensions. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/tools\/software-guard-extensions\/overview.html."},{"key":"e_1_3_3_2_27_2","unstructured":"2024. Intel Trust Domain Extensions. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-trust-domain-extensions.html."},{"key":"e_1_3_3_2_28_2","unstructured":"2024. Istio. https:\/\/istio.io."},{"key":"e_1_3_3_2_29_2","unstructured":"2024. Kata Containers: the Speed of Containers the Security of VMs. https:\/\/katacontainers.io."},{"key":"e_1_3_3_2_30_2","unstructured":"2024. KBS Attestation Protocol. https:\/\/github.com\/confidential-containers\/trustee\/blob\/main\/kbs\/docs\/kbs_attestation_protocol.md."},{"key":"e_1_3_3_2_31_2","unstructured":"2024. KBS Attestation Protocol. https:\/\/github.com\/confidential-containers\/trustee."},{"key":"e_1_3_3_2_32_2","unstructured":"2024. Kubernetes. https:\/\/kubernetes.io."},{"key":"e_1_3_3_2_33_2","unstructured":"2024. Kubernetes Sealed Secret. https:\/\/github.com\/confidential-containers\/guest-components\/blob\/main\/confidential-data-hub\/docs\/SEALED_SECRET.md."},{"key":"e_1_3_3_2_34_2","unstructured":"2024. Nebula: Open Source Overlay Networking. https:\/\/nebula.defined.net\/docs\/."},{"key":"e_1_3_3_2_35_2","unstructured":"2024. NVIDIA Blackwell Architecture - Breaking Barriers in Accelerated Computing and Generative AI. https:\/\/www.nvidia.com\/en-us\/data-center\/technologies\/blackwell-architecture\/."},{"key":"e_1_3_3_2_36_2","unstructured":"2024. Opentitan. https:\/\/github.com\/lowRISC\/opentitan."},{"key":"e_1_3_3_2_37_2","unstructured":"2024. Remote ATtestation procedureS (RATS) Architecture. https:\/\/datatracker.ietf.org\/doc\/rfc9334\/."},{"key":"e_1_3_3_2_38_2","unstructured":"2024. Siemens Calibre Curvilinear Solutions. https:\/\/eda.sw.siemens.com\/en-US\/ic\/calibre-manufacturing\/curvilinear-data-preparation\/."},{"key":"e_1_3_3_2_39_2","unstructured":"2024. Siemens Calibre nmCLOPC. https:\/\/eda.sw.siemens.com\/en-US\/ic\/calibre-manufacturing\/curvilinear-data-preparation\/nmclopc\/."},{"key":"e_1_3_3_2_40_2","unstructured":"2024. Slurm - Workload Manager. https:\/\/slurm.schedmd.com\/documentation.html."},{"key":"e_1_3_3_2_41_2","unstructured":"2024. strongSwan: Open-source modular and portable IPsec-based VPN solution. https:\/\/strongswan.org."},{"key":"e_1_3_3_2_42_2","unstructured":"2024. WireGuard: fast modern secure VPN tunnel. https:\/\/www.wireguard.com."},{"key":"e_1_3_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS49936.2021.00115"},{"key":"e_1_3_3_2_44_2","unstructured":"AWS. 2024. What is IPSec?https:\/\/aws.amazon.com\/what-is\/ipsec\/."},{"key":"e_1_3_3_2_45_2","unstructured":"Pradipta Banerjee and Samuel Ortiz. 2022. Understanding the Confidential Containers Attestation Flow. https:\/\/www.redhat.com\/en\/blog\/understanding-confidential-containers-attestation-flow."},{"key":"e_1_3_3_2_46_2","unstructured":"David Brown. 2021. Confidential Computing: an AWS Perspective. https:\/\/aws.amazon.com\/blogs\/security\/confidential-computing-an-aws-perspective\/."},{"key":"e_1_3_3_2_47_2","unstructured":"Confidential\u00a0Computing Consortium. 2022. A Technical Analysis of Confidential Computing. https:\/\/confidentialcomputing.io\/wp-content\/uploads\/sites\/10\/2023\/03\/CCC-A-Technical-Analysis-of-Confidential-Computing-v1.3_unlocked.pdf."},{"key":"e_1_3_3_2_48_2","unstructured":"Bruce Davie. 2021. SmartNICs IPUs DPUs de-hyped: Why and how cloud giants are offloading work from server CPUs. https:\/\/www.theregister.com\/AMP\/2021\/11\/24\/infrastructure_processing_units\/."},{"key":"e_1_3_3_2_49_2","doi-asserted-by":"publisher","unstructured":"Gobikrishna Dhanuskodi Sudeshna Guha Vidhya Krishnan Aruna Manjunatha Michael O\u2019Connor Rob Nertney and Phil Rogers. 2023. Creating the First Confidential GPUs: The team at NVIDIA brings confidentiality and integrity to user code and data for accelerated computing. ACM Queue 21 4 (2023) 68\u201393. 10.1145\/3623393.3623391***","DOI":"10.1145\/3623393.3623391"},{"key":"e_1_3_3_2_50_2","doi-asserted-by":"crossref","unstructured":"Jakob Feldtkeller Pascal Sasdrich and Tim G\u00fcneysu. 2023. Challenges and Opportunities of Security-Aware EDA. ACM Transactions on Embedded Computing Systems (2023) 1\u201334.","DOI":"10.1145\/3576199"},{"key":"e_1_3_3_2_51_2","doi-asserted-by":"crossref","unstructured":"Wei Hu Chip-Hong Chang Anirban Sengupta Swarup Bhunia Ryan Kastner and Hai Li. 2020. An overview of hardware security and trust: Threats countermeasures and design tools. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 40 6 (2020) 1010\u20131038.","DOI":"10.1109\/TCAD.2020.3047976"},{"key":"e_1_3_3_2_52_2","unstructured":"IBM. 2024. Innovate on a Cloud Designed for Regulated Industries. https:\/\/www.ibm.com\/cloud\/financial-services."},{"key":"e_1_3_3_2_53_2","unstructured":"Intel. 2023. What is Intel Management Engine?https:\/\/www.intel.com\/content\/www\/us\/en\/support\/articles\/000008927\/software\/chipset-software.html."},{"key":"e_1_3_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1117\/12.712397"},{"key":"e_1_3_3_2_55_2","unstructured":"Dayeol Lee David Kohlbrenner Shweta Shinde Krste Asanovi\u0107 and Dawn Song. 2020. Keystone: An Open Framework for Architecting Trusted Execution Environments. 16\u00a0pages."},{"key":"e_1_3_3_2_56_2","first-page":"1","volume-title":"USENIX Annual Technical Conference (USENIX ATC)","author":"Li Dingji","year":"2023","unstructured":"Dingji Li, Zeyu Mi, Chenhui Ji, Yifan Tan, Binyu Zang, Haibing Guan, and Haibo Chen. 2023. Bifrost: Analysis and Optimization of Network I\/O Tax in Confidential Virtual Machines. In USENIX Annual Technical Conference (USENIX ATC). 1\u201315."},{"key":"e_1_3_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833768"},{"key":"e_1_3_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3624062.3624267"},{"key":"e_1_3_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD62652.2024.00028"},{"key":"e_1_3_3_2_60_2","unstructured":"NVIDIA. 2024. Accelerating the Future of AI-Defined Vehicles. https:\/\/www.nvidia.com\/en-us\/self-driving-cars\/."},{"key":"e_1_3_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064219"},{"key":"e_1_3_3_2_62_2","doi-asserted-by":"crossref","unstructured":"Scott Rose Oliver Borchert Stu Mitchell and Sean Connelly. 2020. NIST special publication 800-207 zero trust architecture. NIST National Institute of Standards and Technology US Department of Commerce (2020) 800\u2013207.","DOI":"10.6028\/NIST.SP.800-207-draft2"},{"key":"e_1_3_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCAD.2013.6691207"},{"key":"e_1_3_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCGrid59990.2024.00058"},{"key":"e_1_3_3_2_65_2","unstructured":"Gurbir Singh. 2022. What Does Cloud-Native Mean for Chip Designers?https:\/\/www.synopsys.com\/cloud\/insights\/what-does-cloud-native-mean.html."},{"key":"e_1_3_3_2_66_2","first-page":"230","volume-title":"Design for Manufacturability through Design-Process Integration III","author":"Spence Chris","year":"2009","unstructured":"Chris Spence and Scott Goad. 2009. Computational requirements for OPC. In Design for Manufacturability through Design-Process Integration III. 230\u2013238."},{"key":"e_1_3_3_2_67_2","unstructured":"Allen Sudbring Hussein\u00a0Al Kazwini Greg Lindsay Michael Bender and Erika Enomoto. 2024. What is Azure Virtual Network encryption?https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-network\/virtual-network-encryption-overview."},{"key":"e_1_3_3_2_68_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-35504-2_3"},{"key":"e_1_3_3_2_69_2","unstructured":"Bryan Wise. 2024. Securing GenAI: The Crucial Role of Security in Cloud Services. https:\/\/www.rsaconference.com\/library\/blog\/securing-genai-the-crucial-role-of-security-in-cloud-services."},{"key":"e_1_3_3_2_70_2","doi-asserted-by":"publisher","DOI":"10.1117\/12.760169"},{"key":"e_1_3_3_2_71_2","first-page":"960","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CSS)","author":"Zhang Zhenkai","year":"2023","unstructured":"Zhenkai Zhang, Tyler Allen, Fan Yao, Xing Gao, and Rong Ge. 2023. TunneLs for Bootlegging: Fully Reverse-Engineering GPU TLBs for Challenging Isolation Guarantees of NVIDIA MIG. In ACM SIGSAC Conference on Computer and Communications Security (CSS). 960\u2013974."}],"event":{"name":"HASP '24: International Workshop on Hardware and Architectural Support for Security and Privacy 2024","location":"Austin TX USA","acronym":"HASP '24"},"container-title":["Proceedings of the 13th International Workshop on Hardware and Architectural Support for Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696843.3696848","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696843.3696848","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:57:45Z","timestamp":1750294665000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696843.3696848"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,2]]},"references-count":70,"alternative-id":["10.1145\/3696843.3696848","10.1145\/3696843"],"URL":"https:\/\/doi.org\/10.1145\/3696843.3696848","relation":{},"subject":[],"published":{"date-parts":[[2024,11,2]]},"assertion":[{"value":"2024-11-02","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}