{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:24:30Z","timestamp":1760059470276,"version":"build-2065373602"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,10,12]]},"DOI":"10.1145\/3725783.3764390","type":"proceedings-article","created":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:50:12Z","timestamp":1760032212000},"page":"185-193","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Using Recursive Attestation to Scale Trust in Modern Heterogeneous Cloud Architectures"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-0713-4036","authenticated-orcid":false,"given":"Yaoxin","family":"Jing","sequence":"first","affiliation":[{"name":"Imperial College London, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9543-567X","authenticated-orcid":false,"given":"Michael","family":"Steiner","sequence":"additional","affiliation":[{"name":"Intel Labs, Hillsboro, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6983-0630","authenticated-orcid":false,"given":"Anjo","family":"Vahldiek-Oberwagner","sequence":"additional","affiliation":[{"name":"Intel Labs, Berlin, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5309-0391","authenticated-orcid":false,"given":"Mona","family":"Vij","sequence":"additional","affiliation":[{"name":"Intel Labs, Hillsboro, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1452-840X","authenticated-orcid":false,"given":"Lluis","family":"Vilanova","sequence":"additional","affiliation":[{"name":"Imperial College London, London, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2025,10,11]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Tempus: AI-enabled precision medicine. https:\/\/www.tempus.com","author":"Tempus","year":"2024","unstructured":"Tempus AI. 2024. Tempus: AI-enabled precision medicine. https:\/\/www.tempus.com"},{"key":"e_1_3_2_1_2_1","unstructured":"Suzanne Ambiel. 2024. The Case for Confidential Computing. https:\/\/www.linuxfoundation.org\/hubfs\/LF%20Research\/ TheCaseforConfidentialComputing_062724.pdf?hsLang=e"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978335"},{"key":"e_1_3_2_1_4_1","unstructured":"AMD. 2024. AMD Secure Encrypted Virtualization (SEV). https:\/\/www.amd.com\/en\/developer\/sev.html"},{"key":"e_1_3_2_1_5_1","unstructured":"Arm. 2024. Arm Confidential Compute Architecture (ARM CCA). https:\/\/www.arm.com\/architecture\/security-features\/arm-confidential-compute-architecture"},{"key":"e_1_3_2_1_6_1","volume-title":"SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16)","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, R\u00fcdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, Savannah, GA, 689\u2013703. https:\/\/www.usenix.org\/conference\/osdi16\/technical-sessions\/presentation\/arnautov"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813670"},{"key":"e_1_3_2_1_8_1","unstructured":"Azure. 2024. Introduction to Azure Storage. https:\/\/learn.microsoft.com\/en-us\/azure\/storage\/common\/storage-introduction"},{"key":"e_1_3_2_1_9_1","unstructured":"Azure. 2025. What is Azure Files. https:\/\/learn.microsoft.com\/en-us\/azure\/storage\/files\/storage-files-introduction"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"e_1_3_2_1_11_1","unstructured":"Rob Blankenship and Mahesh Wagh. 2023. Introducing the CXL 3.1 Specification. https:\/\/computeexpresslink.org\/wp-content\/uploads\/2024\/03\/CXL_3.1-Webinar-Presentation_Feb_2024.pdf"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053010"},{"key":"e_1_3_2_1_13_1","unstructured":"Confidential Container Community. 2023. Key Broker Service. https:\/\/github.com\/confidential-containers\/trustee\/tree\/main\/kbs"},{"key":"e_1_3_2_1_14_1","unstructured":"Confidential Container Community. 2023. Trusted Device Manager Architecture. https:\/\/github.com\/confidential-containers\/guest-components\/blob\/9de4e6b10af10c25e253c33013d22b2cdaa695e6\/tdm\/docs\/architecture.md"},{"key":"e_1_3_2_1_15_1","unstructured":"Confidential Container Community. 2024. Confidential Container Tools and Components. https:\/\/github.com\/confidential-containers\/guest-components"},{"key":"e_1_3_2_1_16_1","unstructured":"Confidential Container Community. 2024. Confidential Containers. https:\/\/github.com\/confidential-containers"},{"key":"e_1_3_2_1_17_1","unstructured":"Confidential Computing Consortium. 2023. Why is Attestation Required for Confidential Computing? https:\/\/confidentialcomputing.io\/2023\/04\/06\/why-is-attestation-required-for-confidential-computing\/"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.32628\/CSEIT23112569"},{"key":"e_1_3_2_1_19_1","volume-title":"Constellation: Always Encrypted Kuber-netes. https:\/\/github.com\/edgelesssys\/constellation","year":"2023","unstructured":"Edgelesssys. 2023. Constellation: Always Encrypted Kuber-netes. https:\/\/github.com\/edgelesssys\/constellation"},{"key":"e_1_3_2_1_20_1","volume-title":"DDC: A Vision for a Disaggregated Datacenter. arXiv:2402.12742 [cs.AR] https:\/\/arxiv.org\/abs\/2402.12742","author":"Ewais Mohammad","year":"2024","unstructured":"Mohammad Ewais and Paul Chow. 2024. DDC: A Vision for a Disaggregated Datacenter. arXiv:2402.12742 [cs.AR] https:\/\/arxiv.org\/abs\/2402.12742"},{"key":"e_1_3_2_1_21_1","unstructured":"Google. 2023. Verify a Confidential VM instance's firmware (TDX). https:\/\/cloud.google.com\/confidential-computing\/confidential-vm\/docs\/verify-firmware#intel-tdx"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48063.2020.00063"},{"key":"e_1_3_2_1_23_1","unstructured":"SPDM Working group. 2023. Security Protocols and Data Models(SPDM). https:\/\/www.dmtf.org\/standards\/spdm"},{"key":"e_1_3_2_1_24_1","volume-title":"2023 USENIX Annual Technical Conference (USENIX ATC 23)","author":"Huye Darby","unstructured":"Darby Huye, Yuri Shkuro, and Raja R. Sambasivan. 2023. Lifting the veil on Meta's microservice architecture: Analyses of topology and request workflows. In 2023 USENIX Annual Technical Conference (USENIX ATC 23). USENIX Association, Boston, MA, 419\u2013432. https:\/\/www.usenix.org\/conference\/atc23\/presentation\/huye"},{"key":"e_1_3_2_1_25_1","unstructured":"IETF. 2023. Remote ATtestation procedureS (RATS) Architecture. https:\/\/www.rfc-editor.org\/info\/rfc9334."},{"key":"e_1_3_2_1_26_1","unstructured":"Intel. 2024. Intel\u00ae Trust Domain Extensions (Intel\u00ae TDX). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/tools\/trust-domain-extensions\/overview.html"},{"key":"e_1_3_2_1_27_1","unstructured":"Intel Corporation. 2023. Intel\u00ae Software Guard Extensions (Intel\u00ae SGX). https:\/\/www.intel.com\/content\/www\/us\/en\/products\/docs\/accelerator-engines\/software-guard-extensions.html."},{"key":"e_1_3_2_1_28_1","unstructured":"Kasun Indrasiri. 2022. Microservices in Practice - Key Achitectural Concepts of an MSA. https:\/\/content.wso2.com\/wso2\/sites\/all\/images\/pdf\/microservices-in-practice-key-architectural-concepts-of-an-msa.pdf?utm_source=chatgpt.com."},{"key":"e_1_3_2_1_29_1","unstructured":"Thomas Knauth Michael Steiner Somnath Chakrabarti Li Lei Cedric Xing and Mona Vij. 2019. Integrating Remote Attestation with Transport Layer Security. arXiv:1801.05863 [cs.CR] https:\/\/arxiv.org\/abs\/1801.05863"},{"key":"e_1_3_2_1_30_1","unstructured":"Magnus Kulke. 2024. Building Trust into OS images for Confidential Containers. https:\/\/confidentialcontainers.org\/blog\/2024\/03\/01\/building-trust-into-os-images-for-confidential-containers\/"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690323"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3700436"},{"key":"e_1_3_2_1_33_1","unstructured":"W. Lindblom. 2022. Evaluation of Security Threats in Microservice Architectures. https:\/\/urn.kb.se\/resolve?urn=urn:nbn:se:kth:diva-321085"},{"key":"e_1_3_2_1_34_1","volume-title":"Senior Director IP Product Marketing","author":"Ternullo Rambus Lou","year":"2023","unstructured":"Rambus Lou Ternullo, Senior Director IP Product Marketing. 2023. IDE and TDISP: An Overview of PCIe\u00ae Technology Security Features. https:\/\/pcisig.com\/blog\/ide-and-tdisp-overview-pcie%C2%AE-technology-security-features"},{"key":"e_1_3_2_1_35_1","unstructured":"Boris Lublinsky. 2008. Service Composition. Retrieved April 4 2025 from https:\/\/www.infoq.com\/articles\/lublinsky-soa-composition\/"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3472883.3487003"},{"key":"e_1_3_2_1_37_1","unstructured":"Microsoft. 2022. The API gateway pattern versus the Direct client-to-microservice communication. https:\/\/learn.microsoft.com\/en-us\/dotnet\/architecture\/microservices\/architect-microservice-container-applications\/direct-client-to-microservice-communication-versus-the-api-gateway-pattern."},{"key":"e_1_3_2_1_38_1","volume-title":"d.]. Hopper Confidential Computing: How it Works Under the Hood. Retrieved","year":"2025","unstructured":"Nivdia. [n. d.]. Hopper Confidential Computing: How it Works Under the Hood. Retrieved April 2, 2025 from https:\/\/static.rainfocus.com\/nvidia\/gtcspring2023\/sess\/1666639437498001endS\/supmat\/S51709%20-%20Hopper%20Confidential%20Computing_%20How%20it%20Works%20under%20the%20Hood_1679465925191001GNep.pdf#:~:text=%E2%80%A2%20Requests%20the%20attestation%20report%20from%20the,authenticates%20it%20based%20on%20GPU%20certificate%20chain&text=%E2%80%A2%20Multi%2DInstance%20GPU%20(MIG)%20%E2%80%93%20partitioning%20of%20GPU%20into."},{"key":"e_1_3_2_1_39_1","unstructured":"NVIDIA. 2023. Confidential Computing on NVIDIA H100 GPUs for Secure and Trustworthy AI. https:\/\/developer.nvidia.com\/blog\/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai\/"},{"key":"e_1_3_2_1_40_1","unstructured":"Reiner Sailer Leendert Van Doorn and James P Ward. 2004. The role of TPM in enterprise security. Technical Report. Technical Report RC23363 (W0410-029) IBM Research."},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 13th Conference on USENIX Security Symposium -","volume":"13","author":"Sailer Reiner","year":"2004","unstructured":"Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. 2004. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (San Diego, CA) (SSYM'04). USENIX Association, USA, 16."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3642977.3652097"},{"key":"e_1_3_2_1_43_1","unstructured":"Ioannis Sfyrakis and Thomas Gross. 2020. A Survey on Hardware Approaches for Remote Attestation in Network Infrastructures. arXiv:2005.12453 [cs.CR] https:\/\/arxiv.org\/abs\/2005.12453"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3546591.3547527"},{"key":"e_1_3_2_1_45_1","unstructured":"Edgeless system. 2024. MarbleRun: a framework for creating distributed confidential computing apps. https:\/\/github.com\/edgelesssys\/marblerun"},{"key":"e_1_3_2_1_46_1","unstructured":"Edgeless system. 2024. Remote Attestation. https:\/\/www.edgeless.systems\/wiki\/what-is-confidential-computing\/remote-attestation#:~:text=Remote%20attestation%20is%20a%20crucial is%20addressed%20by%20remote%20attestation"},{"key":"e_1_3_2_1_47_1","unstructured":"Rajat Tandon. 2020. A Survey of Distributed Denial of Service Attacks and Defenses. arXiv:2008.01345 [cs.CR] https:\/\/arxiv.org\/abs\/2008.01345"},{"key":"e_1_3_2_1_48_1","volume-title":"2020 USENIX Annual Technical Conference (USENIX ATC 20)","author":"Taranov Konstantin","year":"2020","unstructured":"Konstantin Taranov, Benjamin Rothenberger, Adrian Perrig, and Torsten Hoefler. 2020. sRDMA - Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access. In 2020 USENIX Annual Technical Conference (USENIX ATC 20). USENIX Association, 691\u2013704. https:\/\/www.usenix.org\/conference\/atc20\/presentation\/taranov"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670352"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519569"},{"key":"e_1_3_2_1_51_1","volume-title":"Graviton: Trusted Execution Environments on GPUs. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18)","author":"Volos Stavros","year":"2018","unstructured":"Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted Execution Environments on GPUs. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18). USENIX Association, Carlsbad, CA, 681\u2013696. https:\/\/www.usenix.org\/conference\/osdi18\/presentation\/volos"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3325822"},{"key":"e_1_3_2_1_53_1","unstructured":"Wikipedia. 2025. Transport Layer Security. https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security"},{"key":"e_1_3_2_1_54_1","volume-title":"OC3","author":"Ylinen Mikko","year":"2024","unstructured":"Mikko Ylinen and Dr. Malini Bhandaru. 2024. Confidential Cloud Native Attestation Challenges and Opportunities, OC3 2024. https:\/\/learn.microsoft.com\/en-us\/azure\/storage\/common\/storage-introduction"},{"key":"e_1_3_2_1_55_1","volume-title":"TapCon: Practical Third-Party Attestation for the Cloud. In 9th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 17)","author":"Zhai Yan","year":"2017","unstructured":"Yan Zhai, Qiang Cao, Jeffrey Chase, and Michael Swift. 2017. TapCon: Practical Third-Party Attestation for the Cloud. In 9th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 17). USENIX Association, Santa Clara, CA. https:\/\/www.usenix.org\/conference\/hotcloud17\/program\/presentation\/zhai"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507733"},{"key":"e_1_3_2_1_57_1","first-page":"388","article-title":"Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing","volume":"2005","author":"Zhou Yongbin","year":"2005","unstructured":"Yongbin Zhou and Dengguo Feng. 2005. Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing. IACR Cryptol. ePrint Arch. 2005 (2005), 388. https:\/\/api.semanticscholar.org\/CorpusID:9365379","journal-title":"IACR Cryptol. ePrint Arch."}],"event":{"name":"APSys '25: 16th ACM SIGOPS Asia-Pacific Workshop on Systems","location":"Lotte Hotel World, Emerald Hall Seoul Republic of Korea","acronym":"APSys '25","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 16th ACM SIGOPS Asia-Pacific Workshop on Systems"],"original-title":[],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:52:27Z","timestamp":1760032347000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3725783.3764390"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,11]]},"references-count":57,"alternative-id":["10.1145\/3725783.3764390","10.1145\/3725783"],"URL":"https:\/\/doi.org\/10.1145\/3725783.3764390","relation":{},"subject":[],"published":{"date-parts":[[2025,10,11]]},"assertion":[{"value":"2025-10-11","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}