{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T10:09:10Z","timestamp":1771063750019,"version":"3.50.1"},"reference-count":93,"publisher":"Association for Computing Machinery (ACM)","issue":"1-2","license":[{"start":{"date-parts":[[2025,4,12]],"date-time":"2025-04-12T00:00:00Z","timestamp":1744416000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"China National Natural Science Foundation","doi-asserted-by":"crossref","award":["62202289, 62432010, 61925206, 62472279"],"award-info":[{"award-number":["62202289, 62432010, 61925206, 62472279"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Comput. Syst."],"published-print":{"date-parts":[[2025,5,31]]},"abstract":"<jats:p>AI applications are employed in diverse scenarios, including data centers, personal computers, smart cars, and so on. Their privacy is threatened by the intricate software stacks and the potential malfeasance of system maintainers. The Trusted Execution Environment (TEE) has become popular for safeguarding applications from untrusted system software. However, AI applications are always speeded up with heterogeneous accelerators, e.g., GPU, which requires the TEE to be heterogeneous. A heterogeneous TEE should satisfy three requirements: (1) the joint heterogeneous abstraction that covers the CPU and GPUs and minimizes cooperation overhead among enclaves on them; (2) the high performance for supporting high-speed GPUs and introducing limited performance overhead; and (3) the compatibility with existing CPUs and GPUs so that existing machines can directly benefit from it.<\/jats:p>\n          <jats:p>To meet the above requirements, this article introduces XpuTEE, a practical and high-performance heterogeneous TEE system. XpuTEE provides a new abstraction called XpuEnclave, comprising the CEnclave to protect CPU-side logic and numerous XEnclaves to guard GPU tasks. XpuEnclave is a joint TEE crossing the CPU and connected GPUs, and it removes all cryptographic operations and extra memory copies for CPU-GPU communication, which allows XpuTEE to achieve high performance. The results demonstrate that XpuTEE has an average performance overhead of 2.48% for common AI applications.<\/jats:p>","DOI":"10.1145\/3719653","type":"journal-article","created":{"date-parts":[[2025,2,26]],"date-time":"2025-02-26T11:17:31Z","timestamp":1740568651000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["XpuTEE: A High-Performance and Practical Heterogeneous Trusted Execution Environment for GPUs"],"prefix":"10.1145","volume":"43","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-1828-8996","authenticated-orcid":false,"given":"Shulin","family":"Fan","sequence":"first","affiliation":[{"name":"Institute of Parallel And Distributed Systems (IPADS), School of Software, Shanghai Jiao Tong University, Shanghai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2211-9120","authenticated-orcid":false,"given":"Zhichao","family":"Hua","sequence":"additional","affiliation":[{"name":"Institute of Parallel And Distributed Systems (IPADS), School of Software, Shanghai Jiao Tong University, Shanghai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6558-5298","authenticated-orcid":false,"given":"Yubin","family":"Xia","sequence":"additional","affiliation":[{"name":"Institute of Parallel And Distributed Systems (IPADS), School of Software, Shanghai Jiao Tong University, Shanghai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9720-0361","authenticated-orcid":false,"given":"Haibo","family":"Chen","sequence":"additional","affiliation":[{"name":"Institute of Parallel And Distributed Systems (IPADS), School of Software, Shanghai Jiao Tong University, Shanghai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,4,12]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"2018. IIntel(R) Software Guard Extensions Developer Guide. https:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/671334\/intel-software-guard-extensions-intel-sgx-developer-guide.html. Accessed: 2025-03-04."},{"key":"e_1_3_2_3_2","unstructured":"2022. NVIDIA Confidential Computing. Retrieved from https:\/\/www.nvidia.com\/en-us\/data-center\/solutions\/confidential-computing\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_4_2","unstructured":"2022. NVIDIA Hopper Architecture. Retrieved from https:\/\/www.nvidia.com\/en-us\/data-center\/technologies\/hopper-architecture\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_5_2","unstructured":"2023. Apache TVM. Retrieved from https:\/\/tvm.apache.org\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_6_2","unstructured":"2023. Intel Trust Domain Extensions (Intel TDX). Retrieved from https:\/\/cdrdv2.intel.com\/v1\/dl\/getContent\/690419. Accessed: 2024-09-12."},{"key":"e_1_3_2_7_2","unstructured":"2024. NVIDIA Blackwell Architecture. Retrieved from https:\/\/www.nvidia.com\/en-us\/data-center\/technologies\/blackwell-architecture\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_8_2","unstructured":"Apr 2023. 5 of the Worst Examples of Data Theft by Employees. Retrieved from https:\/\/www.currentware.com\/blog\/examples-of-data-theft-by-employees\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_9_2","unstructured":"Apr 2023. AWS Nitro Enclaves User Guide. Retrieved from https:\/\/docs.aws.amazon.com\/enclaves\/latest\/user\/building-eif.html. Accessed: 2024-09-12."},{"key":"e_1_3_2_10_2","unstructured":"Apr 2023. Ex-Amazon Employee Convicted Over Data Breach of 100 Million CapitalOne Customers. Retrieved from https:\/\/techcrunch.com\/2022\/06\/21\/amazon-paige-thompson-capitalone-breach\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_11_2","unstructured":"Apr 2023. Facebook Fires 52 Employees for Abusing Their Access to Stealing User. Retrieved from https:\/\/www.securitynewspaper.com\/2021\/07\/15\/facebook-fires-52-employees-for-abusing-their-access-to-stealing-user-data-and-spying-multiple-women-profiles-and-location\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_12_2","unstructured":"Apr 2023. More than 1 000 Twitter Employees Reportedly have Complete Access to Accounts. Retrieved from https:\/\/www.digitaltrends.com\/social-media\/twitter-hack-employees-account-access\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_13_2","unstructured":"Apr 2023. NVIDIA Turing. Retrieved from https:\/\/www.nvidia.com\/en-us\/geforce\/turing\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_14_2","unstructured":"Apr 2023. NVIDIA Volta. Retrieved from https:\/\/www.nvidia.com\/en-gb\/data-center\/volta-gpu-architecture\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_15_2","unstructured":"Apr 2023. Vicuna: An Open-Source Chatbot Impressing GPT-4 with 90% ChatGPT Quality. Retrieved from https:\/\/ lmsys.org\/blog\/2023-03-30-vicuna\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_16_2","unstructured":"March 2022. Powering the Next Generation of Trustworthy AI in a Confidential Cloud using NVIDIA GPUs. Retrieved from https:\/\/www.microsoft.com\/en-us\/research\/blog\/powering-the-next-generation-of-trustworthy-ai-in-a-confidential-cloud-using-nvidia-gpus\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_17_2","unstructured":"May 2023. 29 Examples of AI in Finance. Retrieved from https:\/\/builtin.com\/artificial-intelligence\/ai-finance-banking-applications-companies. Accessed: 2024-09-12."},{"key":"e_1_3_2_18_2","unstructured":"May 2023. Artificial Intelligence in Financial Services: Applications and Benefits of AI in Finance. Retrieved from https:\/\/www.insiderintelligence.com\/insights\/ai-in-finance\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_19_2","unstructured":"May 2023. Confirmed: The New Bing Runs on OpenAI\u2019s GPT-4. Retrieved from https:\/\/blogs.bing.com\/search\/march_2023\/Confirmed-the-new-Bing-runs-on-OpenAI%E2%80%99s-GPT-4. Accessed: 2024-09-12."},{"key":"e_1_3_2_20_2","unstructured":"May 2023. Future of Driving. Retrieved from https:\/\/www.tesla.com\/autopilot. Accessed: 2024-09-12."},{"key":"e_1_3_2_21_2","unstructured":"May 2023. Introducing Microsoft 365 Copilot \u2013 your Copilot for Work. Retrieved from https:\/\/blogs.microsoft.com\/blog\/2023\/03\/16\/introducing-microsoft-365-copilot-your-copilot-for-work\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_22_2","unstructured":"Referenced Apr. 2023. Linux CVEs. Retrieved from https:\/\/www.cvedetails.com\/product\/47\/Linux-Linux-Kernel.html?vendor_id=33. Accessed: 2024-09-12."},{"key":"e_1_3_2_23_2","unstructured":"Referenced Apr. 2023. Linux Repo. Retrieved from https:\/\/github.com\/torvalds\/linux. Accessed: 2024-09-12."},{"key":"e_1_3_2_24_2","unstructured":"Referenced Apr. 2023. OpenAI GPT-3: Everything You Need to Know. Retrieved from https:\/\/www.springboard.com\/blog\/data-science\/machine-learning-gpt-3-open-ai\/. Accessed: 2024-09-12."},{"key":"e_1_3_2_25_2","unstructured":"Referenced Mar. 2023. NVIDIA Linux Open GPU Kernel Module Source. Retrieved from https:\/\/github.com\/NVIDIA\/open-gpu-kernel-modules. Accessed: 2024-09-12."},{"key":"e_1_3_2_26_2","unstructured":"Referenced Mar. 2023. NVIDIA open-gpu-doc. Retrieved from https:\/\/github.com\/NVIDIA\/open-gpu-doc. Accessed: 2024-09-12."},{"key":"e_1_3_2_27_2","unstructured":"Referenced Mar. 2024. Run Hyper-V in a Virtual Machine with Nested Virtualization. Retrieved from https:\/\/learn.microsoft.com\/en-us\/virtualization\/hyper-v-on-windows\/user-guide\/enable-nested-virtualization. Accessed: 2024-09-12."},{"key":"e_1_3_2_28_2","volume-title":"Proceedings of the 2023 IEEE International Symposium on High-Performance Computer Architecture. 543\u2013555","author":"Abdullah Rahaf","year":"2023","unstructured":"Rahaf Abdullah, Huiyang Zhou, and Amro Awad. 2023. Plutus: Bandwidth-efficient memory security for GPUs. In Proceedings of the 2023 IEEE International Symposium on High-Performance Computer Architecture. 543\u2013555. DOI:DOI:10.1109\/HPCA56546.2023.10071100"},{"issue":"4","key":"e_1_3_2_29_2","first-page":"18","article-title":"TrustZone: Integrated hardware and software security","volume":"3","author":"Alves Tiago","year":"2004","unstructured":"Tiago Alves and Don Felton. 2004. TrustZone: Integrated hardware and software security. ARM White Paper 3, 4 (2004), 18\u201324.","journal-title":"ARM White Paper"},{"key":"e_1_3_2_30_2","article-title":"AMD SEV-TIO: Trusted I\/O for Secure Encrypted Virtualization","year":"2023","unstructured":"AMD. March 2023. AMD SEV-TIO: Trusted I\/O for Secure Encrypted Virtualization. Retrieved from https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/developer\/sev-tio-whitepaper.pdf. (March 2023).","journal-title":"https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/developer\/sev-tio-whitepaper.pdf"},{"key":"e_1_3_2_31_2","first-page":"689","volume-title":"Proceedings of the OSDI","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O\u2019keeffe, Mark Stillwell, et\u00a0al. 2016. Scone: Secure linux containers with intel sgx. In Proceedings of the OSDI. 689\u2013703."},{"key":"e_1_3_2_32_2","volume-title":"Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation","author":"Ben-Yehuda Muli","year":"2010","unstructured":"Muli Ben-Yehuda, Michael D. Day, Zvi Dubitzky, Michael Factor, Nadav Har\u2019El, Abel Gordon, Anthony Liguori, Orit Wasserman, and Ben-Ami Yassour. 2010. The turtles project: Design and implementation of nested virtualization. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation."},{"key":"e_1_3_2_33_2","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1007\/978-3-319-93524-9_6","volume-title":"Proceedings of the Information Security Theory and Practice: 11th IFIP WG 11.2 International Conference, WISTP 2017, Heraklion, Crete, Greece, September 28\u201329, 2017, Proceedings 11","author":"Bukasa Sebanjila Kevin","year":"2018","unstructured":"Sebanjila Kevin Bukasa, Ronan Lashermes, H\u00e9l\u00e8ne Le Bouder, Jean-Louis Lanet, and Axel Legay. 2018. How TrustZone could be bypassed: Side-channel attacks on a modern system-on-chip. In Proceedings of the Information Security Theory and Practice: 11th IFIP WG 11.2 International Conference, WISTP 2017, Heraklion, Crete, Greece, September 28\u201329, 2017, Proceedings 11. Springer, 93\u2013109."},{"key":"e_1_3_2_34_2","first-page":"44","volume-title":"Proceedings of the 2009 IEEE International Symposium on Workload Characterization.","author":"Che Shuai","year":"2009","unstructured":"Shuai Che, Michael Boyer, Jiayuan Meng, David Tarjan, Jeremy W. Sheaffer, Sang-Ha Lee, and Kevin Skadron. 2009. Rodinia: A benchmark suite for heterogeneous computing. In Proceedings of the 2009 IEEE International Symposium on Workload Characterization.IEEE, 44\u201354."},{"key":"e_1_3_2_35_2","first-page":"465","volume-title":"Proceedings of the 18th USENIX Symposium on Operating Systems Design and Implementation","year":"2024","unstructured":"Haibo Chen, Xie Miao, Ning Jia, Nan Wang, Yu Li, Nian Liu, Yutao Liu, Fei Wang, Qiang Huang, Kun Li, Hongyang Yang, Hui Wang, Jie Yin, Yu Peng, and Fengwei Xu. 2024. Microkernel goes general: Performance and compatibility in the \\(\\lbrace\\) HongMeng \\(\\rbrace\\) production microkernel. In Proceedings of the 18th USENIX Symposium on Operating Systems Design and Implementation. 465\u2013485."},{"key":"e_1_3_2_36_2","first-page":"578","volume-title":"Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation","author":"Chen Tianqi","year":"2018","unstructured":"Tianqi Chen, Thierry Moreau, Ziheng Jiang, Lianmin Zheng, Eddie Yan, Haichen Shen, Meghan Cowan, Leyuan Wang, Yuwei Hu, Luis Ceze, et al.. 2018. TVM: An automated end-to-end optimizing compiler for deep learning. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association, Carlsbad, CA, 578\u2013594. Retrieved from https:\/\/www.usenix.org\/conference\/osdi18\/presentation\/chen"},{"key":"e_1_3_2_37_2","first-page":"191","volume-title":"Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems","author":"Dautenhahn Nathan","year":"2015","unstructured":"Nathan Dautenhahn, Theodoros Kasampalis, Will Dietz, John Criswell, and Vikram Adve. 2015. Nested kernel: An operating system architecture for intra-kernel privilege separation. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems. 191\u2013206."},{"key":"e_1_3_2_38_2","doi-asserted-by":"crossref","first-page":"248","DOI":"10.1109\/CVPR.2009.5206848","volume-title":"Proceedings of the 2009 IEEE Conference on Computer Vision and Pattern Recognition","author":"Deng Jia","year":"2009","unstructured":"Jia Deng, Wei Dong, Richard Socher, Li-Jia Li, Kai Li, and Li Fei-Fei. 2009. ImageNet: A large-scale hierarchical image database. In Proceedings of the 2009 IEEE Conference on Computer Vision and Pattern Recognition. 248\u2013255. DOI:DOI:10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_39_2","doi-asserted-by":"crossref","first-page":"769","DOI":"10.1145\/3548606.3560627","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","author":"Deng Yunjie","year":"2022","unstructured":"Yunjie Deng, Chenxu Wang, Shunchang Yu, Shiqing Liu, Zhenyu Ning, Kevin Leach, Jin Li, Shoumeng Yan, Zhengyu He, Jiannong Cao, et\u00a0al. 2022. StrongBox: A GPU TEE on arm endpoints. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 769\u2013783."},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/3623393.3623391"},{"key":"e_1_3_2_41_2","first-page":"1","volume-title":"Proceedings of the 50th Annual International Symposium on Computer Architecture","author":"Fan Shulin","year":"2023","unstructured":"Shulin Fan, Zhichao Hua, Yubin Xia, Haibo Chen, and Binyu Zang. 2023. ISA-Grid: Architecture of fine-grained privilege control for instructions and registers. In Proceedings of the 50th Annual International Symposium on Computer Architecture. 1\u201315."},{"key":"e_1_3_2_42_2","first-page":"349","volume-title":"Proceedings of the 59th ACM\/IEEE Design Automation Conference.","author":"Hua Weizhe","year":"2022","unstructured":"Weizhe Hua, Muhammad Umar, Zhiru Zhang, and G. Edward Suh. 2022. GuardNN: Secure accelerator architecture for privacy-preserving deep learning. In Proceedings of the 59th ACM\/IEEE Design Automation Conference.Association for Computing Machinery, New York, NY, USA, 349\u2013354. DOI:DOI:10.1145\/3489517.3530439"},{"key":"e_1_3_2_43_2","first-page":"726","volume-title":"Proceedings of the 49th Annual International Symposium on Computer Architecture.","author":"Hua Weizhe","year":"2022","unstructured":"Weizhe Hua, Muhammad Umar, Zhiru Zhang, and G. Edward Suh. 2022. MGX: Near-zero overhead memory protection for data-intensive accelerators. In Proceedings of the 49th Annual International Symposium on Computer Architecture.Association for Computing Machinery, New York, NY, USA, 726\u2013741. DOI:DOI:10.1145\/3470496.3527418"},{"key":"e_1_3_2_44_2","first-page":"541","volume-title":"Proceedings of the 26th USENIX Security Symposium.","author":"Hua Zhichao","year":"2017","unstructured":"Zhichao Hua, Jinyu Gu, Yubin Xia, Haibo Chen, Binyu Zang, and Haibing Guan. 2017. vTZ: Virtualizing ARM TrustZone. In Proceedings of the 26th USENIX Security Symposium.USENIX Association, 541\u2013556."},{"issue":"9","key":"e_1_3_2_45_2","doi-asserted-by":"crossref","first-page":"192101","DOI":"10.1007\/s11432-019-2707-6","article-title":"TZ-container: Protecting container from untrusted OS with ARM TrustZone","volume":"64","author":"Hua Zhichao","year":"2021","unstructured":"Zhichao Hua, Yang Yu, Jinyu Gu, Yubin Xia, Haibo Chen, and Binyu Zang. 2021. TZ-container: Protecting container from untrusted OS with ARM TrustZone. Science China Information Sciences 64, 9 (2021), 192101.","journal-title":"Science China Information Sciences"},{"key":"e_1_3_2_46_2","first-page":"817","volume-title":"Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation","author":"Hunt Tyler","year":"2020","unstructured":"Tyler Hunt, Zhipeng Jia, Vance Miller, Ariel Szekely, Yige Hu, Christopher J. Rossbach, and Emmett Witchel. 2020. Telekine: Secure computing with cloud GPUs. In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation. USENIX Association, Santa Clara, CA, 817\u2013833. Retrieved from https:\/\/www.usenix.org\/conference\/nsdi20\/presentation\/hunt"},{"key":"e_1_3_2_47_2","unstructured":"AMD Inc.2023. Retrieved from https:\/\/www.amd.com\/system\/files\/TechDocs\/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf. (2023)."},{"key":"e_1_3_2_48_2","unstructured":"AMD Inc.2023. Retrieved from https:\/\/gpuopen.com\/amd-isa-documentation\/. (2023)."},{"key":"e_1_3_2_49_2","article-title":"AMD Memory Encryption, White Paper","author":"Inc. AMD","year":"2023","unstructured":"AMD Inc.2023. AMD Memory Encryption, White Paper. Retrieved from http:\/\/amd-dev.wpengine.netdna-cdn.com\/wordpress\/media\/2013\/12\/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf. (2023).","journal-title":"http:\/\/amd-dev.wpengine.netdna-cdn.com\/wordpress\/media\/2013\/12\/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf"},{"key":"e_1_3_2_50_2","article-title":"Intel TDX Connect TEE-IO Device Guide","year":"2023","unstructured":"Intel. November 2023. Intel TDX Connect TEE-IO Device Guide. Retrieved from https:\/\/cdrdv2-public.intel.com\/772642\/whitepaper-tee-io-device-guide-v0-6-5.pdf. (November 2023).","journal-title":"https:\/\/cdrdv2-public.intel.com\/772642\/whitepaper-tee-io-device-guide-v0-6-5.pdf"},{"key":"e_1_3_2_51_2","first-page":"485","volume-title":"Proceedings of the 2023 USENIX Annual Technical Conference","author":"Ivanov Andrei","year":"2023","unstructured":"Andrei Ivanov, Benjamin Rothenberger, Arnaud Dethise, Marco Canini, Torsten Hoefler, and Adrian Perrig. 2023. SAGE: Software-based attestation for GPU execution. In Proceedings of the 2023 USENIX Annual Technical Conference. USENIX Association, Boston, MA, 485\u2013499. Retrieved from https:\/\/www.usenix.org\/conference\/atc23\/presentation\/ivanov"},{"key":"e_1_3_2_52_2","first-page":"455","volume-title":"Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems","author":"Jang Insu","year":"2019","unstructured":"Insu Jang, Adrian Tang, Taehoon Kim, Simha Sethumadhavan, and Jaehyuk Huh. 2019. Heterogeneous isolated execution for commodity gpus. In Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems. 455\u2013468."},{"key":"e_1_3_2_53_2","volume-title":"Proceedings of the NDSS","author":"Jang Jin Soo","year":"2015","unstructured":"Jin Soo Jang, Sunjune Kong, Minsu Kim, Daegyeong Kim, and Brent Byunghoon Kang. 2015. SeCReT: Secure channel between rich execution environment and trusted execution environment. In Proceedings of the NDSS."},{"key":"e_1_3_2_54_2","first-page":"437","volume-title":"Proceedings of the 2022 USENIX Annual Technical Conference","author":"Jia Yuekai","year":"2022","unstructured":"Yuekai Jia, Shuang Liu, Wenhao Wang, Yu Chen, Zhengde Zhai, Shoumeng Yan, and Zhengyu He. 2022. HyperEnclave: An open and cross-platform trusted execution environment. In Proceedings of the 2022 USENIX Annual Technical Conference. 437\u2013454."},{"key":"e_1_3_2_55_2","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1109\/MICRO56248.2022.00019","volume-title":"Proceedings of the 2022 55th IEEE\/ACM International Symposium on Microarchitecture.","author":"Jiang Jianyu","year":"2022","unstructured":"Jianyu Jiang, Ji Qi, Tianxiang Shen, Xusheng Chen, Shixiong Zhao, Sen Wang, Li Chen, Gong Zhang, Xiapu Luo, and Heming Cui. 2022. CRONUS: Fault-isolated, secure and high-performance heterogeneous computing for trusted execution environment. In Proceedings of the 2022 55th IEEE\/ACM International Symposium on Microarchitecture.IEEE, 124\u2013143."},{"key":"e_1_3_2_56_2","volume-title":"Proceedings of the 2017 ACM\/IEEE 44th Annual International Symposium on Computer Architecture. 1\u201312","author":"Jouppi Norman P.","year":"2017","unstructured":"Norman P. Jouppi, Cliff Young, Nishant Patil, David Patterson, Gaurav Agrawal, Raminder Bajwa, Sarah Bates, Suresh Bhatia, Nan Boden, Al Borchers, et al.. 2017. In-datacenter performance analysis of a tensor processing unit. In Proceedings of the 2017 ACM\/IEEE 44th Annual International Symposium on Computer Architecture. 1\u201312. DOI:DOI:10.1145\/3079856.3080246"},{"key":"e_1_3_2_57_2","first-page":"199","volume-title":"Proceedings of the MICRO-54: 54th Annual IEEE\/ACM International Symposium on Microarchitecture.","author":"Kang Luyi","year":"2021","unstructured":"Luyi Kang, Yuqi Xue, Weiwei Jia, Xiaohao Wang, Jongryool Kim, Changhwan Youn, Myeong Joon Kang, Hyung Jin Lim, Bruce Jacob, and Jian Huang. 2021. IceClave: A trusted execution environment for in-storage computing. In Proceedings of the MICRO-54: 54th Annual IEEE\/ACM International Symposium on Microarchitecture.Association for Computing Machinery, New York, NY, USA, 199\u2013211. DOI:DOI:10.1145\/3466752.3480109"},{"issue":"7","key":"e_1_3_2_58_2","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1145\/3399742","article-title":"Spectre attacks: Exploiting speculative execution","volume":"63","author":"Kocher Paul","year":"2020","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, et\u00a0al. 2020. Spectre attacks: Exploiting speculative execution. Communications of the ACM 63, 7 (2020), 93\u2013101.","journal-title":"Communications of the ACM"},{"key":"e_1_3_2_59_2","first-page":"1","volume-title":"Proceedings of the 15th European Conference on Computer Systems","author":"Lee Dayeol","year":"2020","unstructured":"Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanovi\u0107, and Dawn Song. 2020. Keystone: An open framework for architecting trusted execution environments. In Proceedings of the 15th European Conference on Computer Systems. 1\u201316."},{"key":"e_1_3_2_60_2","volume-title":"Proceedings of the 2022 IEEE International Symposium on High-Performance Computer Architecture. 229\u2013243","author":"Lee Sunho","year":"2022","unstructured":"Sunho Lee, Jungwoo Kim, Seonjin Na, Jongse Park, and Jaehyuk Huh. 2022. TNPU: Supporting trusted execution with tree-less integrity protection for neural processing unit. In Proceedings of the 2022 IEEE International Symposium on High-Performance Computer Architecture. 229\u2013243. DOI:DOI:10.1109\/HPCA53966.2022.00025"},{"key":"e_1_3_2_61_2","first-page":"1","volume-title":"Proceedings of the 25th Annual International Conference on Mobile Computing and Networking","author":"Lee Taegyeong","year":"2019","unstructured":"Taegyeong Lee, Zhiqi Lin, Saumay Pushp, Caihua Li, Yunxin Liu, Youngki Lee, Fengyuan Xu, Chenren Xu, Lintao Zhang, and Junehwa Song. 2019. Occlumency: Privacy-preserving remote deep-learning inference using SGX. In Proceedings of the 25th Annual International Conference on Mobile Computing and Networking. 1\u201317."},{"key":"e_1_3_2_62_2","doi-asserted-by":"crossref","first-page":"121874","DOI":"10.1109\/ACCESS.2020.3006703","article-title":"SofTEE: Software-based trusted execution environment for user applications","volume":"8","author":"Lee Unsung","year":"2020","unstructured":"Unsung Lee and Chanik Park. 2020. SofTEE: Software-based trusted execution environment for user applications. IEEE Access 8 (2020), 121874\u2013121888.","journal-title":"IEEE Access"},{"key":"e_1_3_2_63_2","first-page":"201","volume-title":"Proceedings of the 26th Symposium on Operating Systems Principles","author":"Lim Jin Tack","year":"2017","unstructured":"Jin Tack Lim, Christoffer Dall, Shih-Wei Li, Jason Nieh, and Marc Zyngier. 2017. NEVE: Nested virtualization extensions for ARM. In Proceedings of the 26th Symposium on Operating Systems Principles. 201\u2013217."},{"key":"e_1_3_2_64_2","volume-title":"Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation. 155\u2013172","author":"Mai Haohui","year":"2023","unstructured":"Haohui Mai, Jiacheng Zhao, Hongren Zheng, Yiyang Zhao, Zibin Liu, Mingyu Gao, Cong Wang, Huimin Cui, Xiaobing Feng, and Christos Kozyrakis. 2023. Honeycomb: Secure and efficient \\(\\lbrace\\) GPU \\(\\rbrace\\) executions via static validation. In Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation. 155\u2013172."},{"key":"e_1_3_2_65_2","doi-asserted-by":"crossref","first-page":"400","DOI":"10.1109\/Trustcom.2015.400","volume-title":"Proceedings of the 2015 IEEE Trustcom\/BigDataSE\/ISPA","author":"McGillion Brian","year":"2015","unstructured":"Brian McGillion, Tanel Dettenborn, Thomas Nyman, and N. Asokan. 2015. Open-TEE\u2013An open virtual trusted execution environment. In Proceedings of the 2015 IEEE Trustcom\/BigDataSE\/ISPA. IEEE, 400\u2013407."},{"key":"e_1_3_2_66_2","first-page":"279","volume-title":"Proceedings of the USENIX Annual Technical Conference","year":"1996","unstructured":"Larry McVoy, Silicon Graphics; Carl Staelin, and Hewlett-Packard Laboratories. 1996. lmbench: Portable tools for performance analysis. In Proceedings of the USENIX Annual Technical Conference. San Diego, CA, USA, 279\u2013294."},{"key":"e_1_3_2_67_2","volume-title":"Proceedings of the 2021 IEEE International Symposium on High-Performance Computer Architecture. 1\u201313","author":"Na Seonjin","year":"2021","unstructured":"Seonjin Na, Sunho Lee, Yeonjae Kim, Jongse Park, and Jaehyuk Huh. 2021. Common counters: Compressed encryption counters for secure GPU memory. In Proceedings of the 2021 IEEE International Symposium on High-Performance Computer Architecture. 1\u201313. DOI:DOI:10.1109\/HPCA51647.2021.00011"},{"key":"e_1_3_2_68_2","article-title":"Confidential Compute on NVIDIA Hopper H100","year":"2023","unstructured":"NVIDIA. 2023. Confidential Compute on NVIDIA Hopper H100. Retrieved from https:\/\/images.nvidia.com\/aem-dam\/en-zz\/Solutions\/data-center\/HCC-Whitepaper-v1.0.pdf. Accessed: 2024-09-12.","journal-title":"https:\/\/images.nvidia.com\/aem-dam\/en-zz\/Solutions\/data-center\/HCC-Whitepaper-v1.0.pdf"},{"key":"e_1_3_2_69_2","article-title":"NVIDIA L40S: Unparalleled AI and Graphics Performance for the Data Center.","year":"2023","unstructured":"NVIDIA. Referenced November 2023. NVIDIA L40S: Unparalleled AI and Graphics Performance for the Data Center. Retrieved from https:\/\/www.nvidia.com\/en-us\/data-center\/l40s\/. Accessed: 2024-09-12.","journal-title":"https:\/\/www.nvidia.com\/en-us\/data-center\/l40s\/"},{"key":"e_1_3_2_70_2","first-page":"10","volume-title":"Proceedings of the USENIX Security Symposium","author":"Ohrimenko Olga","year":"2016","unstructured":"Olga Ohrimenko, Felix Schuster, C\u00e9dric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. 2016. Oblivious multi-party machine learning on trusted processors. In Proceedings of the USENIX Security Symposium. 10\u201312."},{"key":"e_1_3_2_71_2","first-page":"505","volume-title":"Proceedings of the 18th European Conference on Computer Systems","author":"Park Heejin","year":"2023","unstructured":"Heejin Park and Felix Xiaozhu Lin. 2023. Safe and practical GPU computation in TrustZone. In Proceedings of the 18th European Conference on Computer Systems. 505\u2013520."},{"key":"e_1_3_2_72_2","doi-asserted-by":"crossref","first-page":"505","DOI":"10.1145\/3552326.3567483","volume-title":"Proceedings of the Eighteenth European Conference on Computer Systems.","author":"Park Heejin","year":"2023","unstructured":"Heejin Park and Felix Xiaozhu Lin. 2023. Safe and practical GPU computation in TrustZone. In Proceedings of the Eighteenth European Conference on Computer Systems.Association for Computing Machinery, New York, NY, USA, 505\u2013520. DOI:DOI:10.1145\/3552326.3567483"},{"key":"e_1_3_2_73_2","first-page":"8024","volume-title":"Proceedings of the Advances in Neural Information Processing Systems 32","author":"Paszke Adam","year":"2019","unstructured":"Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, et al.2019. PyTorch: An imperative style, high-performance deep learning library. In Proceedings of the Advances in Neural Information Processing Systems 32. Curran Associates, Inc., 8024\u20138035. Retrieved from http:\/\/papers.neurips.cc\/paper\/9015-pytorch-an-imperative-style-high-performance-deep-learning-library.pdf"},{"key":"e_1_3_2_74_2","first-page":"1039","volume-title":"Proceedings of the 29th USENIX Security Symposium.","author":"Poddar Rishabh","year":"2020","unstructured":"Rishabh Poddar, Ganesh Ananthanarayanan, Srinath Setty, Stavros Volos, and Raluca Ada Popa. 2020. Visor: Privacy-preserving video analytics as a cloud service. In Proceedings of the 29th USENIX Security Symposium.USENIX Association, 1039\u20131056. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/poddar"},{"key":"e_1_3_2_75_2","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1145\/3319535.3354197","volume-title":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","author":"Ryan Keegan","year":"2019","unstructured":"Keegan Ryan. 2019. Hardware-backed heist: Extracting ECDSA keys from qualcomm\u2019s trustzone. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 181\u2013194."},{"key":"e_1_3_2_76_2","first-page":"38","volume-title":"Proceedings of the S&P","author":"Schuster Felix","year":"2015","unstructured":"Felix Schuster, Manuel Costa, C\u00e9dric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy data analytics in the cloud using SGX. In Proceedings of the S&P. 38\u201354."},{"key":"e_1_3_2_77_2","first-page":"3423","volume-title":"Proceedings of the 33rd USENIX Security Symposium","author":"Sridhara Supraja","year":"2024","unstructured":"Supraja Sridhara, Andrin Bertschi, Benedict Schl\u00fcter, Mark Kuhne, Fabio Aliberti, and Shweta Shinde. 2024. ACAI: Protecting accelerator execution with arm confidential computing architecture. In Proceedings of the 33rd USENIX Security Symposium. 3423\u20133440."},{"key":"e_1_3_2_78_2","unstructured":"Hugo Touvron Louis Martin Kevin Stone Peter Albert Amjad Almahairi Yasmine Babaei Nikolay Bashlykov Soumya Batra Prajjwal Bhargava Shruti Bhosale Dan Bikel Lukas Blecher Cristian Canton Ferrer Moya Chen Guillem Cucurull David Esiobu Jude Fernandes Jeremy Fu Wenyin Fu Brian Fuller Cynthia Gao Vedanuj Goswami Naman Goyal Anthony Hartshorn Saghar Hosseini Rui Hou Hakan Inan Marcin Kardas Viktor Kerkez Madian Khabsa Isabel Kloumann Artem Korenev Punit Singh Koura Marie-Anne Lachaux Thibaut Lavril Jenya Lee Diana Liskovich Yinghai Lu Yuning Mao Xavier Martinet Todor Mihaylov Pushkar Mishra Igor Molybog Yixin Nie Andrew Poulton Jeremy Reizenstein Rashi Rungta Kalyan Saladi Alan Schelten Ruan Silva Eric Michael Smith Ranjan Subramanian Xiaoqing Ellen Tan Binh Tang Ross Taylor Adina Williams Jian Xiang Kuan Puxin Xu Zheng Yan Iliyan Zarov Yuchen Zhang Angela Fan Melanie Kambadur Sharan Narang Aurelien Rodriguez Robert Stojnic Sergey Edunov and Thomas Scialom. 2023. Llama 2: Open Foundation and Fine-Tuned Chat Models. (2023). arXiv:2307.09288. Retrieved from https:\/\/arxiv.org\/abs\/2307.09288"},{"key":"e_1_3_2_79_2","first-page":"645","volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Tsai Chia-Che","year":"2017","unstructured":"Chia-Che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A practical library OS for unmodified applications on SGX. In Proceedings of the USENIX Annual Technical Conference. 645\u2013658."},{"key":"e_1_3_2_80_2","volume-title":"Proceedings of the 27th USENIX Security Symposium","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In Proceedings of the 27th USENIX Security Symposium. USENIX Association."},{"key":"e_1_3_2_81_2","volume-title":"Proceedings of the 16th USENIX Symposium on Operating Systems Design and Implementation. 683\u2013700","author":"Hof Alexander Van\u2019t","year":"2022","unstructured":"Alexander Van\u2019t Hof and Jason Nieh. 2022. BlackBox: A container security monitor for protecting containers on untrusted operating systems. In Proceedings of the 16th USENIX Symposium on Operating Systems Design and Implementation. 683\u2013700."},{"key":"e_1_3_2_82_2","first-page":"501","volume-title":"Proceedings of the 2023 USENIX Annual Technical Conference","author":"Vaswani Kapil","year":"2023","unstructured":"Kapil Vaswani, Stavros Volos, C\u00e9dric Fournet, Antonio Nino Diaz, Ken Gordon, Balaji Vembu, Sam Webster, David Chisnall, Saurabh Kulkarni, Graham Cunningham, et\u00a0al. 2023. Confidential computing within an AI accelerator. In Proceedings of the 2023 USENIX Annual Technical Conference. 501\u2013518."},{"key":"e_1_3_2_83_2","first-page":"681","volume-title":"Proceedings of the OSDI","author":"Volos Stavros","year":"2018","unstructured":"Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted execution environments on GPUs. In Proceedings of the OSDI. 681\u2013696."},{"key":"e_1_3_2_84_2","unstructured":"Chenxu Wang Fengwei Zhang Yunjie Deng Kevin Leach Jiannong Cao Zhenyu Ning Shoumeng Yan and Zhengyu He. 2024. Cage: Complementing arm cca with gpu extensions. Network and Distributed System Security (NDSS) Symposium. Vol. 2024."},{"key":"e_1_3_2_85_2","first-page":"249","volume-title":"Proceedings of the 2023 ACM Symposium on Cloud Computing","author":"Wu Xiaolong","year":"2023","unstructured":"Xiaolong Wu, Dave Jing Tian, and Chung Hwan Kim. 2023. Building GPU TEEs using CPU secure enclaves with GEVisor. In Proceedings of the 2023 ACM Symposium on Cloud Computing. 249\u2013264."},{"issue":"2","key":"e_1_3_2_86_2","first-page":"479","article-title":"Colony: A privileged trusted execution environment with extensibility","volume":"71","author":"Xia Yubin","year":"2021","unstructured":"Yubin Xia, Zhichao Hua, Yang Yu, Jinyu Gu, Haibo Chen, Binyu Zang, and Haibing Guan. 2021. Colony: A privileged trusted execution environment with extensibility. IEEE Trans. Comput. 71, 2 (2021), 479\u2013492.","journal-title":"IEEE Trans. Comput."},{"key":"e_1_3_2_87_2","first-page":"179","volume-title":"Proceedings of the 33rd International Symposium on Computer Architecture","author":"Yan Chenyu","year":"2006","unstructured":"Chenyu Yan, D. Englender, M. Prvulovic, B. Rogers, and Yan Solihin. 2006. Improving cost, performance, and security of memory encryption and authentication. In Proceedings of the 33rd International Symposium on Computer Architecture. 179\u2013190. DOI:DOI:10.1109\/ISCA.2006.22"},{"key":"e_1_3_2_88_2","volume-title":"Proceedings of the 2022 IEEE International Symposium on High-Performance Computer Architecture. 213\u2013228","author":"Yuan Shougang","year":"2022","unstructured":"Shougang Yuan, Amro Awad, Ardhi Wiratama Baskara Yudha, Yan Solihin, and Huiyang Zhou. 2022. Adaptive security support for heterogeneous memory on GPUs. In Proceedings of the 2022 IEEE International Symposium on High-Performance Computer Architecture. 213\u2013228. DOI:DOI:10.1109\/HPCA53966.2022.00024"},{"key":"e_1_3_2_89_2","first-page":"203","volume-title":"Proceedings of the 23rd ACM Symposium on Operating Systems Principles","author":"Zhang Fengzhe","year":"2011","unstructured":"Fengzhe Zhang, Jin Chen, Haibo Chen, and Binyu Zang. 2011. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. ACM, 203\u2013216."},{"key":"e_1_3_2_90_2","doi-asserted-by":"crossref","first-page":"960","DOI":"10.1145\/3576915.3616672","volume-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","author":"Zhang Zhenkai","year":"2023","unstructured":"Zhenkai Zhang, Tyler Allen, Fan Yao, Xing Gao, and Rong Ge. 2023. TunneLs for bootlegging: Fully reverse-engineering GPU TLBs for challenging isolation guarantees of NVIDIA MIG. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 960\u2013974."},{"key":"e_1_3_2_91_2","doi-asserted-by":"crossref","first-page":"1070","DOI":"10.1145\/3503222.3507733","volume-title":"Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems.","author":"Zhao Mark","year":"2022","unstructured":"Mark Zhao, Mingyu Gao, and Christos Kozyrakis. 2022. ShEF: Shielded enclaves for cloud FPGAs. In Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems.Association for Computing Machinery, New York, NY, USA, 1070\u20131085. DOI:DOI:10.1145\/3503222.3507733"},{"key":"e_1_3_2_92_2","first-page":"1","volume-title":"Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering","author":"Zhou Mingyi","year":"2024","unstructured":"Mingyi Zhou, Xiang Gao, Jing Wu, Kui Liu, Hailong Sun, and Li Li. 2024. Investigating white-box attacks for on-device models. In Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. 1\u201312."},{"key":"e_1_3_2_93_2","first-page":"247","volume-title":"Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation","author":"Zhou Ziqiao","year":"2023","unstructured":"Ziqiao Zhou, Yizhou Shan, Weidong Cui, Xinyang Ge, Marcus Peinado, and Andrew Baumann. 2023. Core slicing: Closing the gap between leaky confidential \\(\\lbrace\\) VMs \\(\\rbrace\\) and bare-metal cloud. In Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation. 247\u2013267."},{"key":"e_1_3_2_94_2","first-page":"1450","volume-title":"Proceedings of the 2020 IEEE Symposium on Security and Privacy","author":"Zhu Jianping","year":"2020","unstructured":"Jianping Zhu, Rui Hou, XiaoFeng Wang, Wenhao Wang, Jiangfeng Cao, Boyan Zhao, Zhongpu Wang, Yuhui Zhang, Jiameng Ying, Lixin Zhang, et\u00a0al. 2020. Enabling rack-scale confidential computing using heterogeneous trusted execution environment. In Proceedings of the 2020 IEEE Symposium on Security and Privacy. IEEE, 1450\u20131465."}],"container-title":["ACM Transactions on Computer Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719653","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719653","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T18:43:22Z","timestamp":1750272202000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719653"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,12]]},"references-count":93,"journal-issue":{"issue":"1-2","published-print":{"date-parts":[[2025,5,31]]}},"alternative-id":["10.1145\/3719653"],"URL":"https:\/\/doi.org\/10.1145\/3719653","relation":{},"ISSN":["0734-2071","1557-7333"],"issn-type":[{"value":"0734-2071","type":"print"},{"value":"1557-7333","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,12]]},"assertion":[{"value":"2024-05-14","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-01-31","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-04-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}