{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T21:09:52Z","timestamp":1778188192332,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765233","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:37:25Z","timestamp":1763854645000},"page":"3840-3854","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["RMP\n                    <scp>ocalypse<\/scp>\n                    : How a Catch-22 Breaks AMD SEV-SNP"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-5151-7789","authenticated-orcid":false,"given":"Benedict","family":"Schl\u00fcter","sequence":"first","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0415-2960","authenticated-orcid":false,"given":"Shweta","family":"Shinde","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Amazon. accessed 2025-09-10. AWS Nitro Enclaves - Create additional isolation to further protect highly sensitive data within EC2 instances. https:\/\/aws.amazon.com\/ec2\/nitro\/nitro-enclaves\/."},{"key":"e_1_3_2_1_2_1","unstructured":"AMD. 2020a. AMD SEV-SNP: Strengthening VM Isolation with Integrity protection and more. https:\/\/www.amd.com\/system\/files\/TechDocs\/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf."},{"key":"e_1_3_2_1_3_1","unstructured":"AMD. 2020b. High Performance Computing (HPC) Tuning Guide for AMD EPYC\u2122 7002 Series Processors. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-technical-docs\/tuning-guides\/amd-epyc-7002-tg-hpc-56827.pdf."},{"key":"e_1_3_2_1_4_1","unstructured":"AMD. 2021. Probe filter directory management (US12141066B2). https:\/\/patents.google.com\/patent\/US12141066B2."},{"key":"e_1_3_2_1_5_1","unstructured":"AMD. 2023a. 58015: AMD EPYC 9004 Series Architecture Overview. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-technical-docs\/white-papers\/58015-epyc-9004-tg-architecture-overview.pdf."},{"key":"e_1_3_2_1_6_1","unstructured":"AMD. 2023b. AMD-ASPFW. https:\/\/github.com\/benschlueter\/AMD-ASPFW\/blob\/3ca6650dd35d878b3fcbe5c7f58b145eed042bbf\/."},{"key":"e_1_3_2_1_7_1","article-title":"AMD64 Architecture Programmer's Manual Volumes 1\u20135","volume":"4","author":"AMD.","year":"2023","unstructured":"AMD. 2023c. AMD64 Architecture Programmer's Manual Volumes 1\u20135, Rev. 4.08 (40332). https:\/\/docs.amd.com\/v\/u\/en-US\/40332-PUB_4.08.","journal-title":"Rev."},{"key":"e_1_3_2_1_8_1","first-page":"58","article-title":"SEV Secure Nested Paging Firmware ABI Specification","volume":"1","author":"AMD.","year":"2025","unstructured":"AMD. 2025. SEV Secure Nested Paging Firmware ABI Specification, Rev 1.58. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-technical-docs\/specifications\/56860.pdf.","journal-title":"Rev"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484779"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSSC.2018.2873584"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3676641.3716017"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00104"},{"key":"e_1_3_2_1_13_1","unstructured":"Christopher Domas. 2015. The Memory Sinkhole. In Blackhat USA. Blackhat."},{"key":"e_1_3_2_1_14_1","volume-title":"CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNP. In Network and Distributed System Security Symposium 2025: NDSS 2025.","author":"Gast Stefan","year":"2025","unstructured":"Stefan Gast, Hannes Weissteiner, Robin Leander Schr\u00f6der, and Daniel Gruss. 2025. CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNP. In Network and Distributed System Security Symposium 2025: NDSS 2025."},{"key":"e_1_3_2_1_15_1","volume-title":"22nd International Conference on Detection of Intrusions and Malware, and Vulnerability Assess, DIMVA 2025; Conference date: 09-07-2025 Through 11-07-2025","author":"Giner Lukas","year":"2025","unstructured":"Lukas Giner, Sudheendra Raghav Neela, and Daniel Gruss. 2025. CohereReload: Re-enabling High-Resolution Cache Attacks on AMD SEV-SNP. In DIMVA (22 ed.). 22nd International Conference on Detection of Intrusions and Malware, and Vulnerability Assess, DIMVA 2025; Conference date: 09-07-2025 Through 11-07-2025."},{"key":"e_1_3_2_1_16_1","unstructured":"Google. 2022. AMD Secure Processor for Confidential Computing. https:\/\/storage.googleapis.com\/gweb-uniblog-publish-prod\/documents\/AMD_GPZ-Technical_Report_FINAL_05_2022.pdf."},{"key":"e_1_3_2_1_17_1","unstructured":"Google. 2025a. Driving enterprise transformation with new compute innovations and offerings. https:\/\/cloud.google.com\/blog\/products\/compute\/delivering-new-compute-innovations-and-offerings."},{"key":"e_1_3_2_1_18_1","unstructured":"Google. 2025b. Zen and the Art of Microcode Hacking. https:\/\/bughunters.google.com\/blog\/5424842357473280\/zen-and-the-art-of-microcode-hacking."},{"key":"e_1_3_2_1_19_1","unstructured":"Google. accessed 2025-09-10. Confidential Computing | Google Cloud. https:\/\/cloud.google.com\/confidential-computing."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3050748.3050763"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3488011"},{"key":"e_1_3_2_1_22_1","unstructured":"David Kaplan. 2017. hrefhttps:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-business-docs\/white-papers\/Protecting-VM-Register-State-with-SEV-ES.pdfPROTECTING VM REGISTER STATE WITH SEV-ES."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833768"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485253"},{"key":"e_1_3_2_1_25_1","first-page":"717","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Li Mengyuan","year":"2021","unstructured":"Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, and Yueqiang Cheng. 2021b. CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 717-732. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/li-mengyuan"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3485876"},{"key":"e_1_3_2_1_27_1","unstructured":"Meta. accessed 2025-09-10. Building Private Processing for AI tools on WhatsApp. https:\/\/engineering.fb.com\/2025\/04\/29\/security\/whatsapp-private-processing-ai-tools\/."},{"key":"e_1_3_2_1_28_1","unstructured":"Microsoft. accessed 2025-09-10. Azure confidential Cloud - Protect Data In Use | Microsoft Azure. https:\/\/azure.microsoft.com\/en-us\/solutions\/confidential-compute\/."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3193111.3193112"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00063"},{"key":"e_1_3_2_1_31_1","unstructured":"Enrique Nissim and Krzysztof Okupski. 2024. AMD Sinkclose: Universal Ring-2 Privilege Escalation. Presented at DEF CON 32. https:\/\/www.ioactive.com\/event\/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation\/."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433667.3433668"},{"key":"e_1_3_2_1_33_1","first-page":"3459","volume-title":"Heckler: Breaking Confidential VMs with Malicious Interrupts. In 33rd USENIX Security Symposium (USENIX Security 24)","author":"Schl\u00fcter Benedict","year":"2024","unstructured":"Benedict Schl\u00fcter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, and Shweta Shinde. 2024. Heckler: Breaking Confidential VMs with Malicious Interrupts. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 3459-3476. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/schl\u00fcter"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00262"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3719027.3765209"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-35504-2_3"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00080"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2024.i1.180-206"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690317"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00079"},{"key":"e_1_3_2_1_41_1","unstructured":"Ruiyi Zhang Lukas Gerlach Daniel Weber Lorenz Hetterich Youheng L\u00fc Andreas Kogler and Michael Schwarz. 2024. CacheWarp: Software-based Fault Injection using Selective State Reset. 1135-1151 pages. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/zhang-ruiyi"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765233","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T20:12:30Z","timestamp":1778184750000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765233"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":41,"alternative-id":["10.1145\/3719027.3765233","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765233","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}