{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T19:56:01Z","timestamp":1773518161900,"version":"3.50.1"},"reference-count":29,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T00:00:00Z","timestamp":1772150400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2026,3,1]]},"abstract":"<jats:p>Server hardware and software co-design for a secure, efficient cloud.<\/jats:p>","DOI":"10.1145\/3762637","type":"journal-article","created":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T18:01:57Z","timestamp":1771524117000},"page":"82-92","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Managing and Securing Google\u2019s Fleet of Multi-Node Servers"],"prefix":"10.1145","volume":"69","author":[{"given":"Andr\u00e9s","family":"Lagar-Cavilla","sequence":"first","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Jeff","family":"Andersen","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Jad","family":"Baydoun","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Eric","family":"Brewer","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Alireza","family":"Ghaffarkhah","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Richard","family":"Hanley","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Chris","family":"Koch","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Jon","family":"McCune","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Jeffrey C.","family":"Mogul","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Kishan","family":"Prasad","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Parthasarathy","family":"Ranganathan","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Shiva","family":"Rao","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Anna","family":"Sapek","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Havard","family":"Skinnemoen","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Amin","family":"Vahdat","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Patrick","family":"Venture","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Michael C.","family":"Wong","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]},{"given":"Chad","family":"Yoshikawa","sequence":"additional","affiliation":[{"name":"Google Inc, Mountain View, California, United States"}]}],"member":"320","published-online":{"date-parts":[[2026,2,27]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"Amazon Web Services. Instance types. (2023); https:\/\/tinyurl.com\/y8wpm8gg."},{"key":"e_1_3_1_3_2","first-page":"1469","volume-title":"Proc. NSDI","author":"Bansal D.","year":"2023","unstructured":"Bansal, D. et al. Disaggregating stateful network functions. In Proc. NSDI. USENIX Association\u00a0(2023), 1469\u20131487; https:\/\/tinyurl.com\/26zpo8a8"},{"key":"e_1_3_1_4_2","unstructured":"Claburn T. Supermicro spy chips the sequel: It really really happened and with bad BIOS and more insists Bloomberg. The Register (2021); https:\/\/tinyurl.com\/y5bmcay7."},{"key":"e_1_3_1_5_2","unstructured":"Filipsson F. Oracle licensing in Azure. Oracle\u00a0(2022); https:\/\/tinyurl.com\/2d45e5qw."},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3380774.3382016"},{"key":"e_1_3_1_7_2","first-page":"1249","volume-title":"Proc. NSDI","author":"Gibson D.","year":"2022","unstructured":"Gibson, D. et al. Aquila: A unified, low-latency fabric for datacenter networks. In Proc. NSDI. USENIX Association\u00a0(2022), 1249\u20131266; https:\/\/tinyurl.com\/23t4h4yk"},{"key":"e_1_3_1_8_2","unstructured":"Goodin D. Custom-made UEFI bootkit found lurking in the wild. Ars Technica (2020); https:\/\/tinyurl.com\/y3b4sjhm."},{"key":"e_1_3_1_9_2","unstructured":"Goodin D. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. Ars Technica (2022); https:\/\/tinyurl.com\/2dhuyv7w."},{"key":"e_1_3_1_10_2","unstructured":"Google. Bare Metal Solution. (2023); https:\/\/cloud.google.com\/bare-metal\/docs."},{"key":"e_1_3_1_11_2","unstructured":"Haken M. et al. Yosemite V3: Facebook multi-node server platform design specification. Open Compute Project (2021); https:\/\/tinyurl.com\/2dfnzb3g."},{"key":"e_1_3_1_12_2","unstructured":"Heskin M. and Scires M. Je ne sais quoi\u2014Falcons over the horizon. Hacking the Planet\u00a0(2021); https:\/\/tinyurl.com\/yfjk2sv7."},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2019.2897677"},{"key":"e_1_3_1_14_2","unstructured":"IBM. IBM Cloud Bare Metal Servers. (2023); https:\/\/tinyurl.com\/yy2sjrte."},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3079856.3080246"},{"key":"e_1_3_1_16_2","unstructured":"Lechtik M. Berdnikov V. Legezo D. and Borisov I. MoonBounce: the dark side of UEFI firmware. (2022); https:\/\/tinyurl.com\/ycgv2ahe."},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/3007787.3001189"},{"key":"e_1_3_1_18_2","unstructured":"Microsoft. What is BareMetal Infrastructure on Azure? (2022); https:\/\/tinyurl.com\/2438t9kq."},{"key":"e_1_3_1_19_2","first-page":"403","volume-title":"Proceedings of the 17th Symp. on Networked Systems Design and Implementation,","author":"Mogul J.C.","year":"2020","unstructured":"Mogul, J.C. et al. Experiences with modeling network topologies at multiple levels of abstraction. In Proceedings of the 17th Symp. on Networked Systems Design and Implementation,\u00a0USENIX Association\u00a0(2020), 403\u2013418; https:\/\/tinyurl.com\/2awhtgcf"},{"key":"e_1_3_1_20_2","volume-title":"Unsafe at Any Speed; the Designed-in Dangers of the American Automobile","author":"Nader R.","year":"1965","unstructured":"Nader, R. Unsafe at Any Speed; the Designed-in Dangers of the American Automobile. Grossman Publishers, New York\u00a0(1965)."},{"key":"e_1_3_1_21_2","unstructured":"National Institute of Standards and Technology. Roots of Trust. (2020); https:\/\/tinyurl.com\/2bae2kaw."},{"key":"e_1_3_1_22_2","article-title":"A year after the SolarWinds hack, supply chain threats still loom","author":"Newman L.H.","year":"2022","unstructured":"Newman, L.H. A year after the SolarWinds hack, supply chain threats still loom. Wired (2022); https:\/\/tinyurl.com\/y3hgpt8o.","journal-title":"Wired"},{"key":"e_1_3_1_23_2","unstructured":"Patel D. Amazon Graviton 3 uses chiplets & advanced packaging to commoditize high performance CPUs | The first PCIe 5.0 and DDR5 server CPU. SemiAnalysis (2021); https:\/\/tinyurl.com\/2kq8r65m."},{"key":"e_1_3_1_24_2","unstructured":"PCI SIG. PCI-SIG Engineering Change Notice: Identify and Data Encryption (IDE). (2022)."},{"key":"e_1_3_1_25_2","unstructured":"PCI SIG. TEE Device Interface Security Protocol (TDISP). (2022); https:\/\/tinyurl.com\/2778ju6m."},{"key":"e_1_3_1_26_2","unstructured":"Redfish Forum. Redfish. (2025); https:\/\/tinyurl.com\/jcl7ddo."},{"key":"e_1_3_1_27_2","unstructured":"Schneier B. BlackLotus malware hijacks Windows secure boot process. Schneier on Security (2023); https:\/\/tinyurl.com\/2jh8xbgr."},{"key":"e_1_3_1_28_2","unstructured":"Simon T. Identity and data encryption for PCIe and CXL security. SemiWiki\u00a0(2022); https:\/\/tinyurl.com\/23zwuml5."},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/2741948.2741964"},{"key":"e_1_3_1_30_2","first-page":"11","volume-title":"Proc. of the 13th USENIX Conf. on Offensive Technologies","author":"Zhao H.","year":"2019","unstructured":"Zhao, H., Zhang, Y., Yang, K., and Kim, T. Breaking turtles all the way down: An exploitation chain to break out of VMware ESXi. In Proc. of the 13th USENIX Conf. on Offensive Technologies. USENIX Association\u00a0(2019), 11."}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3762637","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T15:08:21Z","timestamp":1773500901000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3762637"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,27]]},"references-count":29,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026,3,1]]}},"alternative-id":["10.1145\/3762637"],"URL":"https:\/\/doi.org\/10.1145\/3762637","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,27]]},"assertion":[{"value":"2026-02-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}