{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T19:10:09Z","timestamp":1755889809964,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":75,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,20]],"date-time":"2024-11-20T00:00:00Z","timestamp":1732060800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"National Science and Technology Council","doi-asserted-by":"publisher","award":["111-2218-E-002 -015 -MBK 112-2634-F-002 -001 -MBK"],"award-info":[{"award-number":["111-2218-E-002 -015 -MBK 112-2634-F-002 -001 -MBK"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,20]]},"DOI":"10.1145\/3698038.3698562","type":"proceedings-article","created":{"date-parts":[[2024,11,14]],"date-time":"2024-11-14T06:32:43Z","timestamp":1731565963000},"page":"650-667","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Securing a Multiprocessor KVM Hypervisor with Rust"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-7991-5871","authenticated-orcid":false,"given":"Yu-Hsun","family":"Chiang","sequence":"first","affiliation":[{"name":"National Taiwan University, Taipei, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-3972-6236","authenticated-orcid":false,"given":"Wei-Lin","family":"Chang","sequence":"additional","affiliation":[{"name":"National Taiwan University, Taipei, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6883-5373","authenticated-orcid":false,"given":"Shih-Wei","family":"Li","sequence":"additional","affiliation":[{"name":"National Taiwan University, Taipei, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-2306-6663","authenticated-orcid":false,"given":"Jan-Ting","family":"Tu","sequence":"additional","affiliation":[{"name":"National Taiwan University, Taipei, Taiwan"}]}],"member":"320","published-online":{"date-parts":[[2024,11,20]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Advanced Micro Devices. 2018. Secure Encrypted Virtualization API Version 0.16. https:\/\/support.amd.com\/TechDocs\/55766_SEV-KM%20API_Spec.pdf."},{"key":"e_1_3_2_1_2_1","volume-title":"Firecracker: Lightweight Virtualization for Serverless Applications. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20)","author":"Agache Alexandru","year":"2020","unstructured":"Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. 2020. Firecracker: Lightweight Virtualization for Serverless Applications. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20). USENIX Association, Santa Clara, CA, 419--434. https:\/\/www.usenix.org\/conference\/nsdi20\/presentation\/agache"},{"key":"e_1_3_2_1_3_1","unstructured":"Amazon Web Services Inc. 2018. Introducing Amazon EC2 A1 Instances Powered By New Arm-based AWS Graviton Processors. https:\/\/aws.amazon.com\/about-aws\/whats-new\/2018\/11\/introducing-amazon-ec2-a1-instances\/."},{"key":"e_1_3_2_1_4_1","volume-title":"Engineering the Servo Web Browser Engine Using Rust. In 2016 IEEE\/ACM 38th International Conference on Software Engineering Companion (ICSEC). 81--89","author":"Anderson Brian","year":"2016","unstructured":"Brian Anderson, Lars Bergstrom, Manish Goregaokar, Josh Matthews, Keegan McAllister, Jack Moffitt, and Simon Sapin. 2016. Engineering the Servo Web Browser Engine Using Rust. In 2016 IEEE\/ACM 38th International Conference on Software Engineering Companion (ICSEC). 81--89."},{"key":"e_1_3_2_1_5_1","unstructured":"ARM Ltd. 2013. ARM Architecture Reference Manual ARMv8-A DDI0487A.a."},{"key":"e_1_3_2_1_6_1","unstructured":"ARM Ltd. 2016. ARM System Memory Management Unit Architecture Specification - SMMU architecture version 2.0. http:\/\/infocenter.arm.com\/help\/topic\/com.arm.doc.ihi0062d.c\/IHI0062D_c_system_mmu_architecture_specification.pdf."},{"key":"e_1_3_2_1_7_1","unstructured":"ARM Ltd. 2022. Introducing Arm Confidential Compute Architecture Version 1. https:\/\/developer.arm.com\/documentation\/den0125\/0100\/What-is-Arm-CCA-."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3428204"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483570"},{"key":"e_1_3_2_1_10_1","volume-title":"15th USENIX Symposium on Operating Systems Design and Implementation (OSDI 21)","author":"Bhardwaj Ankit","year":"2021","unstructured":"Ankit Bhardwaj, Chinmay Kulkarni, Reto Achermann, Irina Calciu, Sanidhya Kashyap, Ryan Stutsman, Amy Tai, and Gerd Zellweger. 2021. NrOS: Effective Replication and Sharing in an Operating System. In 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI 21). USENIX Association, 295--312. https:\/\/www.usenix.org\/conference\/osdi21\/presentation\/bhardwaj"},{"key":"e_1_3_2_1_11_1","unstructured":"bindgen maintainer. 2023. bindgen. https:\/\/github.com\/rust-lang\/rust-bindgen."},{"key":"e_1_3_2_1_12_1","volume-title":"14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20)","author":"Boos Kevin","year":"2020","unstructured":"Kevin Boos, Namitha Liyanage, Ramla Ijaz, and Lin Zhong. 2020. Theseus: an Experiment in Operating System Structure and State Management. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20). USENIX Association, 1--19. https:\/\/www.usenix.org\/conference\/osdi20\/presentation\/boos"},{"key":"e_1_3_2_1_13_1","unstructured":"Brian Cooper. 2021. Yahoo! Cloud Serving Benchmark. https:\/\/github.com\/brianfrankcooper\/YCSB."},{"key":"e_1_3_2_1_14_1","volume-title":"Security and Performance in the Delegated User-level Virtualization. In 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI 23)","author":"Chen Jiahao","year":"2023","unstructured":"Jiahao Chen, Dingji Li, Zeyu Mi, Yuxuan Liu, Binyu Zang, Haibing Guan, and Haibo Chen. 2023. Security and Performance in the Delegated User-level Virtualization. In 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI 23). USENIX Association, Boston, MA, 209--226. https:\/\/www.usenix.org\/conference\/osdi23\/presentation\/chen"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.4230\/LIPIcs.ECOOP.2022.22"},{"key":"e_1_3_2_1_16_1","unstructured":"Columbia University. 2021. SOSP 21: Artifact Evaluation: Verifying a Multiprocessor Hypervisor on Arm Relaxed Memory Hardware. https:\/\/github.com\/VeriGu\/sosp-paper211-ae."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503221.3508404"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2541940.2541946"},{"key":"e_1_3_2_1_19_1","unstructured":"Rust for Linux Team. 2023. Rust for Linux. https:\/\/rust-for-linux.com\/."},{"key":"e_1_3_2_1_20_1","unstructured":"Andrea Gallo. 2021. Software Defined Vehicles and the need for standardization. https:\/\/static.linaro.org\/assets\/automotive_white_paper_0921.pdf"},{"key":"e_1_3_2_1_21_1","unstructured":"Google. 2023. ChromiumOS Virtual Machine Monitor. https:\/\/chromium.googlesource.com\/chromiumos\/platform\/crosvm\/."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1506409.1506429"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1851276.1851282"},{"volume-title":"CONCUR'93","author":"Honda Kohei","key":"e_1_3_2_1_24_1","unstructured":"Kohei Honda. 1993. Types for dyadic interaction. In CONCUR'93, Eike Best (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 509--523."},{"volume-title":"Language primitives and type discipline for structured communication-based programming","author":"Honda Kohei","key":"e_1_3_2_1_25_1","unstructured":"Kohei Honda, Vasco T. Vasconcelos, and Makoto Kubo. 1998. Language primitives and type discipline for structured communication-based programming. In Programming Languages and Systems, Chris Hankin (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 122--138."},{"key":"e_1_3_2_1_26_1","unstructured":"Jake Edge. 2020. KVM for Android. https:\/\/lwn.net\/Articles\/836693\/."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808098.2808100"},{"key":"e_1_3_2_1_28_1","volume-title":"HyperEnclave: An Open and Cross-platform Trusted Execution Environment. In 2022 USENIX Annual Technical Conference (USENIX ATC 22)","author":"Jia Yuekai","year":"2022","unstructured":"Yuekai Jia, Shuang Liu, Wenhao Wang, Yu Chen, Zhengde Zhai, Shoumeng Yan, and Zhengyu He. 2022. HyperEnclave: An Open and Cross-platform Trusted Execution Environment. In 2022 USENIX Annual Technical Conference (USENIX ATC 22). USENIX Association, Carlsbad, CA, 437--454. https:\/\/www.usenix.org\/conference\/atc22\/presentation\/jia-yuekai"},{"key":"e_1_3_2_1_29_1","unstructured":"Rick Jones. 2018. Netperf. https:\/\/github.com\/HewlettPackard\/netperf."},{"key":"e_1_3_2_1_30_1","unstructured":"The kernel development community. 2023. Boot time memory management. https:\/\/docs.kernel.org\/core-api\/boot-time-mm.html."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 2007 Ottawa Linux Symposium (OLS","volume":"1","author":"Kivity Avi","year":"2007","unstructured":"Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, and Anthony Liguori. 2007. KVM: the Linux Virtual Machine Monitor. In Proceedings of the 2007 Ottawa Linux Symposium (OLS 2007), Vol. 1. Ottawa, ON, Canada, 225--230."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.4204\/eptcs.304.4"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.4230\/LIPIcs.ECOOP.2022.4"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132786"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483554"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/3361338.3361433"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00049"},{"key":"e_1_3_2_1_38_1","volume-title":"Design and Verification of the Arm Confidential Compute Architecture. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22)","author":"Li Xupeng","year":"2022","unstructured":"Xupeng Li, Xuheng Li, Christoffer Dall, Ronghui Gu, Jason Nieh, Yousuf Sait, and Gareth Stockwell. 2022. Design and Verification of the Arm Confidential Compute Architecture. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22). USENIX Association, Carlsbad, CA, 465--484. https:\/\/www.usenix.org\/conference\/osdi22\/presentation\/li"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484541"},{"key":"e_1_3_2_1_40_1","unstructured":"Linus Torvalds. 2021. Linux Kernel Mailing List. https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=79db4d2293eba2ce6265a341bedf6caecad5eeb3."},{"key":"e_1_3_2_1_41_1","unstructured":"Bob Lord. 2023. The Urgent Need for Memory Safety in Software Products. https:\/\/www.cisa.gov\/news-events\/news\/urgent-need-memory-safety-software-products."},{"key":"e_1_3_2_1_42_1","unstructured":"Arm Ltd. 2023. Exclusive access instructions. https:\/\/developer.arm.com\/documentation\/100934\/0100\/Exclusive-Access-instructions."},{"key":"e_1_3_2_1_43_1","unstructured":"Cloud Hypervisor maintainers. 2023. Cloud Hypervisor - Run Cloud Virtual Machines Securely and Efficiently. https:\/\/www.cloudhypervisor.org\/."},{"key":"e_1_3_2_1_44_1","unstructured":"Mel Gorman. 2007. Slab Allocator. https:\/\/www.kernel.org\/doc\/gorman\/html\/understand\/understand011.html."},{"key":"e_1_3_2_1_45_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Mi Zeyu","year":"2020","unstructured":"Zeyu Mi, Dingji Li, Haibo Chen, Binyu Zang, and Haibing Guan. 2020. (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1695--1712. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/mi"},{"key":"e_1_3_2_1_46_1","unstructured":"Microsoft. 2016. Hyper-V Technology Overview. https:\/\/docs.microsoft.com\/en-us\/windows-server\/virtualization\/hyper-v\/hyper-v-technology-overview."},{"key":"e_1_3_2_1_47_1","unstructured":"Mike White. 2024. HappyLock: Deadlock Free Mutexes. https:\/\/crates.io\/crates\/happylock."},{"key":"e_1_3_2_1_48_1","volume-title":"14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20)","author":"Narayanan Vikram","year":"2020","unstructured":"Vikram Narayanan, Tianjiao Huang, David Detweiler, Dan Appel, Zhaofeng Li, Gerd Zellweger, and Anton Burtsev. 2020. RedLeaf: Isolation and Communication in a Safe Operating System. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20). USENIX Association, 21--39. https:\/\/www.usenix.org\/conference\/osdi20\/presentation\/narayanan-vikram"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3386036"},{"key":"e_1_3_2_1_50_1","unstructured":"Redis Labs. 2015. memtier_benchmark. https:\/\/github.com\/RedisLabs\/memtier_benchmark."},{"key":"e_1_3_2_1_51_1","unstructured":"Reuters. 2018. Cloud companies consider Intel rivals after the discovery of microchip security flaws. https:\/\/www.cnbc.com\/2018\/01\/10\/cloud-companies-consider-intel-rivals-after-security-flaws-found.html."},{"key":"e_1_3_2_1_52_1","unstructured":"Rusty Russell. 2008. Hackbench. http:\/\/people.redhat.com\/mingo\/cfs-scheduler\/tools\/hackbench.c."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1400097.1400108"},{"key":"e_1_3_2_1_54_1","unstructured":"Rust-book. 2023. Fearless Concurrency. https:doc.rust-lang.org\/book\/ch16-00-concurrency.html"},{"key":"e_1_3_2_1_55_1","unstructured":"rust-vmm maintainers. 2023. rust-vmm. https:\/\/github.com\/rust-vmm."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/357401.357402"},{"key":"e_1_3_2_1_57_1","unstructured":"Shelby Doolittle. 2021. cooptex. https:\/\/crates.io\/crates\/cooptex."},{"key":"e_1_3_2_1_58_1","unstructured":"Stefan Mack. 2024. Deadlocker. https:\/\/crates.io\/crates\/deadlocker."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755913.1755935"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3381052.3381326"},{"key":"e_1_3_2_1_61_1","unstructured":"Tanishq Jain. 2023. JThread-rs - deadlock-free mutex lock library. https:\/\/crates.io\/crates\/jthread."},{"key":"e_1_3_2_1_62_1","unstructured":"The Clang Team. 2024. clang - the Clang C C++ and Objective-C compiler Description: -ffreestanding. https:\/\/clang.llvm.org\/docs\/CommandGuide\/clang.html#cmdoption-ffreestanding"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519589"},{"key":"e_1_3_2_1_64_1","unstructured":"The Apache Software Foundation. 2015. ab - Apache HTTP server benchmarking tool. http:\/\/httpd.apache.org\/docs\/2.4\/programs\/ab.html."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510457.3513031"},{"key":"e_1_3_2_1_66_1","unstructured":"Neven Villani. 2023. Tree Borrows. https:\/\/github.com\/Vanille-N\/tree-borrows\/blob\/master\/full\/main.pdf."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427262"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354241"},{"key":"e_1_3_2_1_69_1","volume-title":"Microsoft: Can't wait for ARM to power MOST of our cloud data centers! Take that, Intel! Ha! Ha! https:\/\/www.theregister.co.uk\/2017\/03\/09\/microsoft_arm_server_followup\/.","author":"Williams Chris","year":"2017","unstructured":"Chris Williams. 2017. Microsoft: Can't wait for ARM to power MOST of our cloud data centers! Take that, Intel! Ha! Ha! https:\/\/www.theregister.co.uk\/2017\/03\/09\/microsoft_arm_server_followup\/."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2018.00045"},{"key":"e_1_3_2_1_71_1","unstructured":"Yu-Hsun (Tommy) Chiang. 2022. [MC][AArch64] Enable '+v8a' when nothing specified for MCSubtargetInfo. https:\/\/github.com\/llvm\/llvm-project\/commit\/4a31af88a26726f4662a2923618fe45977d09356."},{"key":"e_1_3_2_1_72_1","unstructured":"Yu-Hsun (Tommy) Chiang. 2022. v8a as default aarch64 target. https:\/\/github.com\/rust-lang\/rust\/commit\/382dba52ee0c6142d9a3774d735962797c043fab."},{"key":"e_1_3_2_1_73_1","volume-title":"Ginseng: Keeping Secrets in Registers When You Distrust the Operating System. In 26th Annual Network and Distributed System Security Symposium (NDSS","author":"Yun Min Hong","year":"2019","unstructured":"Min Hong Yun and Lin Zhong. 2019. Ginseng: Keeping Secrets in Registers When You Distrust the Operating System. In 26th Annual Network and Distributed System Security Symposium (NDSS 2019). San Diego, CA."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043576"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134043"}],"event":{"name":"SoCC '24: ACM Symposium on Cloud Computing","sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGOPS ACM Special Interest Group on Operating Systems"],"location":"Redmond WA USA","acronym":"SoCC '24"},"container-title":["Proceedings of the ACM Symposium on Cloud Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3698038.3698562","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3698038.3698562","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T18:58:40Z","timestamp":1755889120000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3698038.3698562"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,20]]},"references-count":75,"alternative-id":["10.1145\/3698038.3698562","10.1145\/3698038"],"URL":"https:\/\/doi.org\/10.1145\/3698038.3698562","relation":{},"subject":[],"published":{"date-parts":[[2024,11,20]]},"assertion":[{"value":"2024-11-20","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}