{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,29]],"date-time":"2025-08-29T17:10:10Z","timestamp":1756487410446,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":83,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,5,14]],"date-time":"2025-05-14T00:00:00Z","timestamp":1747180800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,5,14]]},"DOI":"10.1145\/3713082.3730391","type":"proceedings-article","created":{"date-parts":[[2025,6,6]],"date-time":"2025-06-06T09:53:51Z","timestamp":1749203631000},"page":"18-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Guillotine: Hypervisors for Isolating Malicious AIs"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-7296-5185","authenticated-orcid":false,"given":"James","family":"Mickens","sequence":"first","affiliation":[{"name":"Harvard University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2071-6682","authenticated-orcid":false,"given":"Sarah","family":"Radway","sequence":"additional","affiliation":[{"name":"Harvard University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7002-5033","authenticated-orcid":false,"given":"Ravi","family":"Netravali","sequence":"additional","affiliation":[{"name":"Princeton University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,6,6]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"93","volume-title":"Mach: A New Kernel Foundation For UNIX Development. In Proceedings of the Summer USENIX Conference","author":"Accetta M.","year":"1986","unstructured":"Accetta, M., Baron, R., Bolosky, W., Golub, D., Rashid, R., Tevanian, A., and Young, M. Mach: A New Kernel Foundation For UNIX Development. In Proceedings of the Summer USENIX Conference (1986), pp. 93--112."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5194\/esd-9-1085-2018"},{"key":"e_1_3_2_1_3_1","first-page":"45","volume-title":"Proceedings of USENIX ATC (June","author":"Ahmad I.","year":"2011","unstructured":"Ahmad, I., Gulati, A., and Mashtizadeh, A. vIC: Interrupt Coalescing for Virtual Machine Storage Device IO. In Proceedings of USENIX ATC (June 2011), pp. 45--58."},{"key":"e_1_3_2_1_4_1","volume-title":"Apple Platform Security: Operating system integrity. https:\/\/support.apple.com\/guide\/security\/operating-system-integrity-sec8b776536b\/web","author":"Apple","year":"2025","unstructured":"Apple. Apple Platform Security: Operating system integrity. https:\/\/support.apple.com\/guide\/security\/operating-system-integrity-sec8b776536b\/web, 2025."},{"key":"e_1_3_2_1_5_1","first-page":"26","volume-title":"Accelerating Two-dimensional Page Walks for Virtualized Systems. In Proceedings of ASPLOS (March","author":"Bhargava R.","year":"2008","unstructured":"Bhargava, R., Serebrin, B., Spadini, F., and Manne, S. Accelerating Two-dimensional Page Walks for Virtualized Systems. In Proceedings of ASPLOS (March 2008), pp. 26--35."},{"key":"e_1_3_2_1_6_1","volume-title":"Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC","author":"Boeyen S.","year":"2008","unstructured":"Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., and Cooper, D. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, May 2008."},{"key":"e_1_3_2_1_7_1","volume-title":"LessWrong","author":"Braun J.","year":"2024","unstructured":"Braun, J., Krasheninnikov, D., Anwar, U., Kirk, R., Tan, D., and Krueger, D. S. A Sober Look at Steering Vectors for LLMs. LessWrong, November 23, 2024."},{"key":"e_1_3_2_1_8_1","volume-title":"June","author":"Cornell Law School Legal Information Institute","year":"2025","unstructured":"Cornell Law School Legal Information Institute. Safe harbor. Legal Dictionary. https:\/\/www.law.cornell.edu\/wex\/safe_harbor, June, 2025."},{"key":"e_1_3_2_1_9_1","first-page":"613","volume-title":"Clipper: A Low-latency Online Prediction Serving System. In Proceedings of NSDI (March","author":"Crankshaw D.","year":"2017","unstructured":"Crankshaw, D., Wang, X., Zhou, G., Franklin, M. J., Gonzalez, J. E., and Stoica, I. Clipper: A Low-latency Online Prediction Serving System. In Proceedings of NSDI (March 2017), pp. 613--627."},{"key":"e_1_3_2_1_10_1","first-page":"1","volume":"52","author":"Dall C.","year":"2018","unstructured":"Dall, C., Li, S.-W., Lim, J. T., and Nieh, J. ARM Virtualization: Performance and Architectural Implications. SIGOPS Operating Systems Review 52, 1 (August 2018), 45--56.","journal-title":"ARM Virtualization: Performance and Architectural Implications. SIGOPS Operating Systems Review"},{"key":"e_1_3_2_1_11_1","volume-title":"June 13","author":"Parliament","year":"2024","unstructured":"EU Parliament. Artificial Intelligence Act (Regulation 2025\/1689) -Annex XIII, June 13, 2024. https:\/\/eur-lex.europa.eu\/eli\/reg\/2024\/1689."},{"key":"e_1_3_2_1_12_1","volume-title":"June 13","author":"Parliament","year":"2024","unstructured":"EU Parliament. Artificial Intelligence Act (Regulation 2025\/1689) -Article 92, June 13, 2024. https:\/\/eur-lex.europa.eu\/eli\/reg\/2024\/1689."},{"key":"e_1_3_2_1_13_1","volume-title":"Paragraph 110","author":"Parliament","year":"2024","unstructured":"EU Parliament. Artificial Intelligence Act (Regulation 2025\/1689) -Preamble, Paragraph 110, June 13, 2024. https:\/\/eur-lex.europa.eu\/eli\/reg\/2024\/1689."},{"key":"e_1_3_2_1_14_1","volume-title":"June 13","author":"Parliament","year":"2024","unstructured":"EU Parliament. Artificial Intelligence Act (Regulation 2025\/1689) -Recital 52, June 13, 2024. https:\/\/artificialintelligenceact.eu\/recital\/52\/."},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the Workshop on Managed Multi-Core Systems (MMCS) (June","author":"Fedorova A.","year":"2008","unstructured":"Fedorova, A., Kumar, V., Kazempour, V., Ray, S., and Alagheband, P. Cypress: A Scheduling Infrastructure for a Many-Core Hypervisor. In Proceedings of the Workshop on Managed Multi-Core Systems (MMCS) (June 2008)."},{"key":"e_1_3_2_1_16_1","first-page":"2409","author":"Feuer B.","year":"2025","unstructured":"Feuer, B., Goldblum, M., Datta, T., Nambiar, S., Besaleli, R., Dooley, S., Cembalest, M., and Dickerson, J. P. Style Outweighs Substance: Failure Modes of LLM Judges in Alignment Benchmarking, January 27, 2025. arXiv:2409.15268.","journal-title":"Style Outweighs Substance: Failure Modes of LLM Judges in Alignment Benchmarking"},{"key":"e_1_3_2_1_17_1","first-page":"111","volume-title":"Cost-Efficient Large Language Model Serving for Multi-turn Conversations with CachedAttention. In Proceedings of USENIX ATC (July","author":"Gao B.","year":"2024","unstructured":"Gao, B., He, Z., Sharma, P., Kang, Q., Jevdjic, D., Junbo Deng, X. Y., Yu, Z., and Zuo, P. Cost-Efficient Large Language Model Serving for Multi-turn Conversations with CachedAttention. In Proceedings of USENIX ATC (July 2024), pp. 111--126."},{"key":"e_1_3_2_1_18_1","first-page":"2312","author":"Gao Y.","year":"2024","unstructured":"Gao, Y., Xiong, Y., Gao, X., Jia, K., Pan, J., Bi, Y., Dai, Y., Sun, J., Wang, M., and Wang, H. Retrieval-Augmented Generation for Large Language Models: A Survey, March 27, 2024. arXiv:2312.10997.","journal-title":"Retrieval-Augmented Generation for Large Language Models: A Survey"},{"key":"e_1_3_2_1_19_1","first-page":"31","volume-title":"Advances in Computers","author":"Good I. J.","year":"1966","unstructured":"Good, I. J. Speculations Concerning the First Ultraintelligent Machine. In Advances in Computers, F. L. Alt and M. Rubinoff, Eds., vol. 6. Elsevier, 1966, pp. 31--88."},{"key":"e_1_3_2_1_20_1","volume-title":"Version 1.5. https:\/\/www.chromium.org\/Home\/chromium-security\/root-ca-policy\/","author":"Google Chrome","year":"2024","unstructured":"Google Chrome. Chrome Root Program Policy, Version 1.5. https:\/\/www.chromium.org\/Home\/chromium-security\/root-ca-policy\/, January 2024."},{"key":"e_1_3_2_1_21_1","volume-title":"December 20","author":"Greenblatt R.","year":"2024","unstructured":"Greenblatt, R., Denison, C., Wright, B., Roger, F., MacDiarmid, M., Marks, S., Treutlein, J., Belonax, T., Chen, J., Duvenaud, D., Khan, A., Michael, J., Mindermann, S., Perez, E., Petrini, L., Uesato, J., Kaplan, J., Shlegeris, B., Bowman, S. R., and Hubinger, E. Alignment faking in large language models, December 20, 2024. arXiv:2412.14093."},{"key":"e_1_3_2_1_22_1","volume-title":"January 16","author":"Greenblatt R.","year":"2024","unstructured":"Greenblatt, R., and Shlegeris, B. Managing Catastrophic Misuse Without Robust AIs. AI Alignment Forum. https:\/\/www.alignmentforum.org\/posts\/KENtuXySHJgxsH2Qk\/managing-catastrophic-misuse-without-robust-ais, January 16, 2024."},{"key":"e_1_3_2_1_23_1","first-page":"653","volume-title":"CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In Proceedings of OSDI (November","author":"Gu R.","year":"2016","unstructured":"Gu, R., Shao, Z., Chen, H., Wu, X., Kim, J., Sj\u00f6berg, V., and Costanzo, D. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In Proceedings of OSDI (November 2016), pp. 653--669."},{"key":"e_1_3_2_1_24_1","first-page":"443","volume-title":"Proceedings of OSDI (November","author":"Gujarati A.","year":"2020","unstructured":"Gujarati, A., Karimi, R., Alzayat, S., Hao, W., Kaufmann, A., Vigfusson, Y., and Mace, J. Serving DNNs Like Clockwork: Performance Predictability from the Bottom Up. In Proceedings of OSDI (November 2020), pp. 443--462."},{"key":"e_1_3_2_1_25_1","first-page":"437","volume-title":"Proceedings of OSDI (October","author":"Gulati A.","year":"2010","unstructured":"Gulati, A., Merchant, A., and Varman, P. J. mClock: Handling Throughput Variability for Hypervisor IO Scheduling. In Proceedings of OSDI (October 2010), pp. 437--450."},{"key":"e_1_3_2_1_26_1","volume-title":"May 7","author":"Heiser G.","year":"2024","unstructured":"Heiser, G. The seL4 Microkernel: An Introduction. Revision 1.3. https:\/\/beta.sel4.systems\/About\/seL4-whitepaper.pdf, May 7, 2024."},{"key":"e_1_3_2_1_27_1","volume-title":"July 12","author":"Hugging Face","year":"2024","unstructured":"Hugging Face. Introducing The World's Largest Open Multilingual Language Model: BLOOM. https:\/\/bigscience.huggingface.co\/blog\/bloom, July 12, 2024."},{"key":"e_1_3_2_1_28_1","article-title":"Secure Physical Enclosures from Covers with Tamper-Resistance","volume":"2019","author":"Immler V.","year":"2018","unstructured":"Immler, V., Obermaier, J., Ng, K. K., Ke, F. X., Lee, J., Lim, Y. P., Oh, W. K., Wee, K. H., and Sigl, G. Secure Physical Enclosures from Covers with Tamper-Resistance. Transactions on Cryptographic Hardware and Embedded Systems 2019 (November 2018).","journal-title":"Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"e_1_3_2_1_29_1","volume-title":"April 25","author":"Jin C.","year":"2024","unstructured":"Jin, C., Zhang, Z., Jiang, X., Liu, F., Liu, X., Liu, X., and Jin, X. Ragcache: Efficient knowledge caching for retrieval-augmented generation, April 25, 2024. arXiv:2404.12457."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"e_1_3_2_1_31_1","first-page":"1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the IEEE Symposium on Security and Privacy (May","author":"Kocher P.","year":"2019","unstructured":"Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., and Yarom, Y. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the IEEE Symposium on Security and Privacy (May 2019), pp. 1--19."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3600006.3613165"},{"key":"e_1_3_2_1_33_1","first-page":"2","article-title":"Obstacles to Operations and Decision-Making","volume":"3","author":"Lin-Greenberg E.","year":"2020","unstructured":"Lin-Greenberg, E. Allies and Artificial Intelligence: Obstacles to Operations and Decision-Making. Texas National Security Review 3, 2 (2020), 56--76.","journal-title":"Texas National Security Review"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451167"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2694344.2694355"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3173175"},{"key":"e_1_3_2_1_37_1","volume-title":"January 12","author":"McCarthy A.","year":"2023","unstructured":"McCarthy, A. Exxon disputed climate findings for years. Its scientists knew better., January 12, 2023. https:\/\/news.harvard.edu\/gazette\/story\/2023\/01\/harvard-led-analysis-finds-exxonmobil-internal-research-accurately-predicted-climate-change\/."},{"key":"e_1_3_2_1_38_1","volume-title":"July 23","author":"Meta","year":"2024","unstructured":"Meta. Introducing Llama 3.1: Our most capable models to date. https:\/\/ai.meta.com\/blog\/meta-llama-3-1\/, July 23, 2024."},{"key":"e_1_3_2_1_39_1","first-page":"1","article-title":"FlexCore: Dynamic Virtual Machine Scheduling using VCPU Ballooning","volume":"20","author":"Miao T.","year":"2015","unstructured":"Miao, T., and Chen, H. FlexCore: Dynamic Virtual Machine Scheduling using VCPU Ballooning. Tsinghua Science and Technology 20, 1 (2015), 7--16.","journal-title":"Tsinghua Science and Technology"},{"key":"e_1_3_2_1_40_1","volume-title":"October 17","author":"Microsoft","year":"2024","unstructured":"Microsoft. Prompt Shields. https:\/\/learn.microsoft.com\/en-us\/azure\/ai-services\/content-safety\/concepts\/jailbreak-detection, October 17, 2024."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1177\/03063127211048515"},{"key":"e_1_3_2_1_42_1","volume-title":"Military Applications of Artificial Intelligence: Ethical Concerns in an Uncertain World","author":"Morgan F. E.","year":"2020","unstructured":"Morgan, F. E., Boudreaux, B., Lohn, A. J., Ashby, M., Curriden, C., Klima, K., and Grossman, D. Military Applications of Artificial Intelligence: Ethical Concerns in an Uncertain World. RAND Corporation, Santa Monica, CA, 2020."},{"key":"e_1_3_2_1_43_1","first-page":"1","volume":"2023","author":"Mosavirik T.","year":"2022","unstructured":"Mosavirik, T., Schaumont, P., and Tajik, S. ImpedanceVerif: On-Chip Impedance Sensing for System-Level Tampering Detection. IACR Transactions on Cryptographic Hardware and Embedded Systems 2023, 1 (November 2022), 301--325.","journal-title":"ImpedanceVerif: On-Chip Impedance Sensing for System-Level Tampering Detection. IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3689939.3695784"},{"key":"e_1_3_2_1_45_1","volume-title":"December","author":"Mozilla","year":"2024","unstructured":"Mozilla. Mozilla's CA Certificate Program. https:\/\/www.google.com\/url?q=https:\/\/www.mozilla.org\/en-US\/about\/governance\/policies\/security-group\/certs\/policy\/&source=gmail& ust=1736239187085000&usg=AOvVaw2lv3d3uS6qLJwSmkjqL4CE, December 2024."},{"key":"e_1_3_2_1_46_1","volume-title":"May 30","author":"Nevo S.","year":"2024","unstructured":"Nevo, S., Lahav, D., Karpur, A., Bar-on, Y., Brardley, H. A., and Alstott, J. Securing AI Model Weights: Preventing Theft and Misuse of Frontier Models, May 30, 2024."},{"key":"e_1_3_2_1_47_1","volume-title":"July 28","author":"Nicholls N.","year":"2019","unstructured":"Nicholls, N. 40 years ago, scientists predicted climate change. And hey, they were right., July 28, 2019. https:\/\/theconversation.com\/40-years-ago-scientists-predicted-climate-change-and-hey-they-were-right-120502."},{"key":"e_1_3_2_1_48_1","first-page":"2411","article-title":"Marconi","author":"Pan R.","year":"2024","unstructured":"Pan, R., Wang, Z., Jia, Z., Karakus, C., Zancato, L., Dao, T., Wang, Y., and Netravali, R. Marconi: Prefix Caching for the Era of Hybrid LLMs, December 4, 2024. arXiv:2411.19379.","journal-title":"Prefix Caching for the Era of Hybrid LLMs"},{"key":"e_1_3_2_1_49_1","volume-title":"July 5","author":"Panickssery N.","year":"2024","unstructured":"Panickssery, N., Gabrieli, N., Schulz, J., Tong, M., Hubinger, E., and Turner, A. M. Steering Llama 2 via Contrastive Activation Addition, July 5, 2024. arXiv:2312.06681."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.5555\/2060078"},{"key":"e_1_3_2_1_51_1","first-page":"2308","article-title":"LLM Self Defense: By Self Examination","author":"Phute M.","year":"2024","unstructured":"Phute, M., Helbling, A., Hull, M., Peng, S., Szyller, S., Cornelius, C., and Chau, D. H. LLM Self Defense: By Self Examination, LLMs Know They Are Being Tricked, May 2, 2024. arXiv:2308.07308.","journal-title":"LLMs Know They Are Being Tricked"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361073"},{"key":"e_1_3_2_1_53_1","first-page":"2412","author":"Ray S.","year":"2024","unstructured":"Ray, S., Pan, R., Gu, Z., Du, K., Ananthanarayanan, G., Netravali, R., and Jiang, J. RAGServe: Fast Quality-Aware RAG Systems with Configuration Adaptation, December 13, 2024. arXiv:2412.10543.","journal-title":"RAGServe: Fast Quality-Aware RAG Systems with Configuration Adaptation"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8446"},{"volume-title":"The RISC-V Instruction Set Manual","year":"2024","key":"e_1_3_2_1_55_1","unstructured":"RISC-V. The RISC-V Instruction Set Manual: Volume II (Privileged Architecture). Version 20241101. https:\/\/github.com\/riscv\/riscvisa-manual\/releases\/download\/riscv-isa-release-7c5adda-2025-01-02\/riscv-privileged.pdf, November 2024."},{"key":"e_1_3_2_1_56_1","first-page":"2401","author":"Salinas A.","year":"2024","unstructured":"Salinas, A., and Morstatter, F. The Butterfly Effect of Altering Prompts: How Small Changes and Jailbreaks Affect Large Language Model Performance, January 9, 2024. arXiv:2401.03729v2.","journal-title":"The Butterfly Effect of Altering Prompts: How Small Changes and Jailbreaks Affect Large Language Model Performance"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA52012.2021.00035"},{"key":"e_1_3_2_1_58_1","volume-title":"July 11","author":"Schreiner M.","year":"2023","unstructured":"Schreiner, M. GPT-4 architecture, datasets, costs and more leaked. Decoder. https:\/\/the-decoder.com\/gpt-4-architecture-datasets-costs-and-more-leaked\/, July 11, 2023."},{"key":"e_1_3_2_1_59_1","first-page":"322","volume-title":"Nexus: A GPU Cluster Engine for Accelerating DNN-based Video Analysis. In Proceedings of SOSP","author":"Shen H.","year":"2019","unstructured":"Shen, H., Chen, L., Jin, Y., Zhao, L., Kong, B., Philipose, M., Krishnamurthy, A., and Sundaram, R. Nexus: A GPU Cluster Engine for Accelerating DNN-based Video Analysis. In Proceedings of SOSP (2019), pp. 322--337."},{"key":"e_1_3_2_1_60_1","first-page":"2402","author":"Singh C.","year":"2024","unstructured":"Singh, C., Inala, J. P., Galley, M., Caruana, R., and Gao, J. Rethinking Interpretability in the Era of Large Language Models, January 30, 2024. arXiv:2402.01761v.","journal-title":"Rethinking Interpretability in the Era of Large Language Models"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVLSI.2023.3302837"},{"key":"e_1_3_2_1_62_1","volume-title":"Demystifying the Secure Enclave Processor. BlackHat USA. https:\/\/mista.nu\/research\/sep-paper.pdf","author":"Tarjei Mandt","year":"2015","unstructured":"Tarjei Mandt and Mathew Solnik and David Wang. Demystifying the Secure Enclave Processor. BlackHat USA. https:\/\/mista.nu\/research\/sep-paper.pdf, 2015."},{"key":"e_1_3_2_1_63_1","volume-title":"Luna USB HSM Documentation: Multifactor Quorum Authentication. https:\/\/thalesdocs.com\/gphsm\/luna\/7\/docs\/usb\/Content\/admin_usb\/hsm\/multifactor\/multifactor_auth.htm","author":"Thales","year":"2024","unstructured":"Thales. Luna USB HSM Documentation: Multifactor Quorum Authentication. https:\/\/thalesdocs.com\/gphsm\/luna\/7\/docs\/usb\/Content\/admin_usb\/hsm\/multifactor\/multifactor_auth.htm, 2024."},{"key":"e_1_3_2_1_64_1","volume-title":"January 8","author":"Tonmoy S.","year":"2024","unstructured":"Tonmoy, S., Zaman, S., Jain, V., Rani, A., Rawte, V., Chadha, A., and Das, A. A comprehensive survey of hallucination mitiga- tion techniques in large language models, January 8, 2024. arXiv:2401.01313."},{"key":"e_1_3_2_1_65_1","first-page":"1","volume-title":"A Comprehensive Implementation and Evaluation of Direct Interrupt Delivery. In Proceedings of VEE (March","author":"Tu C.-C.","year":"2015","unstructured":"Tu, C.-C., Ferdman, M., Lee, C.-t., and Chiueh, T.-c. A Comprehensive Implementation and Evaluation of Direct Interrupt Delivery. In Proceedings of VEE (March 2015), pp. 1--15."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/223982.224449"},{"key":"e_1_3_2_1_67_1","volume-title":"April 29","author":"Turchin A.","year":"2018","unstructured":"Turchin, A. Levels of AI Self-Improvement. https:\/\/www.lesswrong.com\/posts\/os7N7nJoezWKQnnuW\/levels-of-ai-self-improvement, April 29, 2018."},{"key":"e_1_3_2_1_68_1","volume-title":"December 9","author":"Turpin M.","year":"2024","unstructured":"Turpin, M., Michael, J., Perez, E., and Bowman, S. R. Language models don't always say what they think: Unfaithful explanations in chain-of-thought prompting, December 9, 2024. arXiv:2305.04388."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2005.163"},{"key":"e_1_3_2_1_70_1","volume-title":"February 18","author":"UK AI Safety Institute","year":"2025","unstructured":"UK AI Safety Institute. International AI Safety Report: The International Scientific Report on the Safety of Advanced AI, February 18 2025. https:\/\/www.gov.uk\/government\/publications\/international-ai-safety-report-2025."},{"key":"e_1_3_2_1_71_1","volume-title":"September","author":"United States Government Accountability Office.","year":"2023","unstructured":"United States Government Accountability Office. NUCLEAR ARMS CONTROL: U.S. May Face Challenges in Verifying Future Treaty Goals. https:\/\/www.gao.gov\/assets\/gao-23-105698.pdf, September 2023."},{"key":"e_1_3_2_1_72_1","first-page":"681","volume-title":"Graviton: Trusted Execution Environments on GPUs. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (October","author":"Volos S.","year":"2018","unstructured":"Volos, S., Vaswani, K., and Bruno, R. Graviton: Trusted Execution Environments on GPUs. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (October 2018), pp. 681--696."},{"key":"e_1_3_2_1_73_1","first-page":"173","volume-title":"Tamper Evident Microprocessors. In Proceedings of the IEEE Symposium on Security and Privacy (May","author":"Waksman A.","year":"2010","unstructured":"Waksman, A., and Sethumadhavan, S. Tamper Evident Microprocessors. In Proceedings of the IEEE Symposium on Security and Privacy (May 2010), pp. 173--188."},{"key":"e_1_3_2_1_74_1","volume-title":"January 12","author":"Wall Street Journal","year":"2022","unstructured":"Wall Street Journal. The Facebook Files, January 12, 2022. https:\/\/www.wsj.com\/tech\/the-facebook-files-11642035385."},{"key":"e_1_3_2_1_75_1","volume-title":"Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution. Technical report, revision 1.0 (August 14","author":"Weisse O.","year":"2018","unstructured":"Weisse, O., Van Bulck, J., Minkin, M., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Strackx, R., Wenisch, T. F., and Yarom, Y. Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution. Technical report, revision 1.0 (August 14 2018)."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.23919\/DATE51398.2021.9474214"},{"key":"e_1_3_2_1_77_1","first-page":"2304","author":"Wolf Y.","year":"2024","unstructured":"Wolf, Y., Wies, N., Avnery, O., Levine, Y., and Shashua, A. Fundamental Limitations of Alignment in Large Language Models, June 3, 2024. arXiv:2304.11082.","journal-title":"Fundamental Limitations of Alignment in Large Language Models"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2022.naacl-main.43"},{"key":"e_1_3_2_1_79_1","first-page":"1","article-title":"Leakproofing the Singularity","volume":"19","author":"Yampolskiy R","year":"2012","unstructured":"Yampolskiy, R. Leakproofing the Singularity: Artificial Intelligence Confinement Problem. Journal of Consciousness Studies 19, 1--2 (2012), 194--214.","journal-title":"Journal of Consciousness Studies"},{"key":"e_1_3_2_1_80_1","volume-title":"Proceedings of NeurIPS (December","author":"Ye X.","year":"2022","unstructured":"Ye, X., and Durrett, G. The unreliability of explanations in few-shot prompting for textual reasoning. In Proceedings of NeurIPS (December 2022)."},{"key":"e_1_3_2_1_81_1","first-page":"787","volume-title":"SHEPHERD: Serving DNNs in the Wild. In Proceedings of NSDI (April","author":"Zhang H.","year":"2023","unstructured":"Zhang, H., Tang, Y., Khandelwal, A., and Stoica, I. SHEPHERD: Serving DNNs in the Wild. In Proceedings of NSDI (April 2023), pp. 787--808."},{"key":"e_1_3_2_1_82_1","volume-title":"March 3","author":"Zou A.","year":"2025","unstructured":"Zou, A., Phan, L., Chen, S., Campbell, J., Guo, P., Ren, R., Pan, A., Yin, X., Mazeika, M., Dombrowski, A.-K., Goel, S., Li, N., Byun, M. J., Wang, Z., Mallen, A., Basart, S., Koyejo, S., Song, D., Fredrikson, M., Kolter, J. Z., and Hendrycks, D. Representation Engineering: A Top-Down Approach to AI Transparency, March 3, 2025. arXiv:2310.01405."},{"key":"e_1_3_2_1_83_1","first-page":"2406","author":"Zou A.","year":"2024","unstructured":"Zou, A., Phan, L., Wang, J., Duenas, D., Lin, M., Andriushchenko, M., Wang, R., Kolter, Z., Fredrikson, M., and Hendrycks, D. Improving Alignment and Robustness with Circuit Breakers, July 12, 2024. arXiv:2406.04313.","journal-title":"Improving Alignment and Robustness with Circuit Breakers"}],"event":{"name":"HOTOS '25: Workshop on Hot Topics in Operating Systems","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"],"location":"Banff AB Canada","acronym":"HOTOS '25"},"container-title":["Proceedings of the Workshop on Hot Topics in Operating Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3713082.3730391","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3713082.3730391","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,29]],"date-time":"2025-08-29T16:47:33Z","timestamp":1756486053000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3713082.3730391"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,14]]},"references-count":83,"alternative-id":["10.1145\/3713082.3730391","10.1145\/3713082"],"URL":"https:\/\/doi.org\/10.1145\/3713082.3730391","relation":{},"subject":[],"published":{"date-parts":[[2025,5,14]]},"assertion":[{"value":"2025-06-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}