{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T23:09:43Z","timestamp":1768345783973,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":121,"publisher":"ACM","funder":[{"name":"Innosuisse & Swiss National Science Foundation","award":["40B1-0_233182"],"award-info":[{"award-number":["40B1-0_233182"]}]},{"name":"Nationale de la Recherche","award":["ANR-22-EXES-0013"],"award-info":[{"award-number":["ANR-22-EXES-0013"]}]},{"name":"Cisco Research University Funding","award":["2853380"],"award-info":[{"award-number":["2853380"]}]},{"name":"Hasler Foundation","award":["20053"],"award-info":[{"award-number":["20053"]}]},{"name":"Meta Security Research","award":["474960397718052"],"award-info":[{"award-number":["474960397718052"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3772052.3772209","type":"proceedings-article","created":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T16:19:00Z","timestamp":1768321140000},"page":"29-44","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Confidential Analytics with S\n                    <scp>cylla<\/scp>"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9510-7665","authenticated-orcid":false,"given":"Shamiek","family":"Mangipudi","sequence":"first","affiliation":[{"name":"Universit\u00e0 della Svizzera italiana (USI), Lugano, Ticino, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6673-1143","authenticated-orcid":false,"given":"Pavel","family":"Chuprikov","sequence":"additional","affiliation":[{"name":"T\u00e9l\u00e9com Paris, Institut Polytechnique de Paris, Paris, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-7052-8898","authenticated-orcid":false,"given":"Gerald","family":"Prendi","sequence":"additional","affiliation":[{"name":"Universit\u00e0 della Svizzera italiana (USI), Lugano, Ticino, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3864-9078","authenticated-orcid":false,"given":"Patrick","family":"Eugster","sequence":"additional","affiliation":[{"name":"Universit\u00e0 della Svizzera italiana (USI), Lugano, Ticino, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,1,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Fortanix. https:\/\/www.fortanix.com."},{"key":"e_1_3_2_1_2_1","volume-title":"An Extensible Orchestration and Protection Framework for Confidential Cloud Computing. In 17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023","author":"Ahmad Adil","year":"2023","unstructured":"Adil Ahmad, Alex Schultz, Byoungyoung Lee, and Pedro Fonseca. 2023. An Extensible Orchestration and Protection Framework for Confidential Cloud Computing. In 17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023, Boston, MA, USA, July 10-12, 2023, Roxana Geambasu and Ed Nightingale (Eds.). USENIX Association, 173\u2013191. https:\/\/www.usenix.org\/conference\/osdi23\/presentation\/ahmad"},{"key":"e_1_3_2_1_3_1","unstructured":"AMD. 2020. AMD SEV-SNP. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-business-docs\/white-papers\/SEV-SNP-strengthening-vmisolation-with-integrity-protection-and-more.pdf."},{"key":"e_1_3_2_1_4_1","unstructured":"AMD. 2021. AMD Secure Encrypted Virtualization. https:\/\/www.amd.com\/en\/developer\/sev.html."},{"key":"e_1_3_2_1_5_1","volume-title":"Nimble: Rollback Protection for Confidential Cloud Services. In 17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023","author":"Angel Sebastian","year":"2023","unstructured":"Sebastian Angel, Aditya Basu, Weidong Cui, Trent Jaeger, Stella Lau, Srinath T. V. Setty, and Sudheesh Singanamalla. 2023. Nimble: Rollback Protection for Confidential Cloud Services. In 17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023, Boston, MA, USA, July 10-12, 2023, Roxana Geambasu and Ed Nightingale (Eds.). 193\u2013208. https:\/\/www.usenix.org\/conference\/osdi23\/presentation\/angel"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.42"},{"key":"e_1_3_2_1_7_1","unstructured":"Arvind Arasu Spyros Blanas Ken Eguro Raghav Kaushik Donald Kossmann Ravishankar Ramamurthy and Ramarathnam Venkatesan. 2013. Orthogonal Security with Cipherbase. http:\/\/www.cidrdb.org\/cidr2013\/Papers\/CIDR13_Paper33.pdf"},{"key":"e_1_3_2_1_8_1","volume-title":"SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andr\u00e9 Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark Stillwell, David Goltzsche, David M. Eyers, R\u00fcdiger Kapitza, Peter R. Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016, Kimberly Keeton and Timothy Roscoe (Eds.). USENIX Association, 689\u2013703. https:\/\/www.usenix.org\/conference\/osdi16\/technical-sessions\/presentation\/arnautov"},{"key":"e_1_3_2_1_9_1","unstructured":"AWS. 2019. Security benefits of the Nitro architecture. https:\/\/www.youtube.com\/watch?v=0qcUOKupt7Y."},{"key":"e_1_3_2_1_10_1","unstructured":"AWS. 2020. Deep dive on AWS Nitro Enclaves for applications running on Amazon EC2. https:\/\/www.youtube.com\/watch?v=yDe_C_fpkfg."},{"key":"e_1_3_2_1_11_1","unstructured":"AWS. 2022. C5 Instances and the Evolution of Amazon EC2 Virtualization. https:\/\/www.youtube.com\/watch?v=LabltEXk0VQ."},{"key":"e_1_3_2_1_12_1","unstructured":"AWS. 2022. Powering Amazon EC2: Deep dive on the AWS Nitro System. https:\/\/www.youtube.com\/watch?v=jAaqfeyvvSE."},{"key":"e_1_3_2_1_13_1","unstructured":"AWS. 2024. The Security Design of the AWS Nitro System. https:\/\/docs.aws.amazon.com\/pdfs\/whitepapers\/latest\/security-design-of-aws-nitro-system\/security-design-of-aws-nitro-system.pdf."},{"key":"e_1_3_2_1_14_1","volume-title":"CURE: A Security Architecture with CUstomizable and Resilient Enclaves. In 30th USENIX Security Symposium, USENIX Security 2021","author":"Bahmani Raad","year":"2021","unstructured":"Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2021. CURE: A Security Architecture with CUstomizable and Resilient Enclaves. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael D. Bailey and Rachel Greenstadt (Eds.). 1073\u20131090. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/bahmani"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Sumeet Bajaj and Radu Sion. 2011. TrustedDB: A Trusted Hardware Based Database with Privacy and Data Confidentiality. 205\u2013216. http:\/\/doi.acm.org\/10.1145\/1989323.1989346","DOI":"10.1145\/1989323.1989346"},{"key":"e_1_3_2_1_16_1","unstructured":"Jeff Barr. 2018. AWS News Blog. Amazon EC2 Update - Additional Instance Types Nitro System and CPU Options. https:\/\/aws.amazon.com\/blogs\/aws\/amazon-ec2-update-additional-instance-types-nitro-system-and-cpu-options\/."},{"key":"e_1_3_2_1_17_1","volume-title":"Hunt","author":"Baumann Andrew","year":"2014","unstructured":"Andrew Baumann, Marcus Peinado, and Galen C. Hunt. 2014. Shielding Applications from an Untrusted Cloud with Haven. 267\u2013283. https:\/\/www.usenix.org\/conference\/osdi14\/technical-sessions\/presentation\/baumann"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2205.05747"},{"key":"e_1_3_2_1_19_1","volume-title":"27th USENIX Security Symposium, USENIX Security 2018","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). 991\u20131008. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/bulck"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00089"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3152701.3152706"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243822"},{"key":"e_1_3_2_1_23_1","volume-title":"26th USENIX Security Symposium, USENIX Security 2017","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck, Nico Weichbrodt, R\u00fcdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017. 1041\u20131056. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/van-bulck"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","unstructured":"Ji-Won Byun and Ninghui Li. 2008. Purpose based access control for privacy protection in relational database systems. VLDB J. (2008) 603\u2013619. https:\/\/doi.org\/10.1007\/s00778-006-0023-0","DOI":"10.1007\/s00778-006-0023-0"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363219"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179397"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2019.2963021"},{"key":"e_1_3_2_1_28_1","volume-title":"32nd USENIX Security Symposium, USENIX Security 2023","author":"Chen Hongbo","year":"2023","unstructured":"Hongbo Chen, Haobin Hiroki Chen, Mingshen Sun, Kang Li, Zhaofeng Chen, and XiaoFeng Wang. 2023. A Verified Confidential Computing as a Service Framework for Privacy Preservation. In 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, Joseph A. Calandrino and Carmela Troncoso (Eds.). 4733\u20134750. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/chen-hongbo"},{"key":"e_1_3_2_1_29_1","volume-title":"30th USENIX Security Symposium, USENIX Security 2021","author":"Chen Zitai","year":"2021","unstructured":"Zitai Chen, Georgios Vasilakis, Kit Murdock, Edward Dean, David F. Oswald, and Flavio D. Garcia. 2021. VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael D. Bailey and Rachel Greenstadt (Eds.). 699\u2013716. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/chen-zitai"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-019-09319-x"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2025.3535803"},{"key":"e_1_3_2_1_32_1","first-page":"4","article-title":"Privacy Aware Access Control for Big Data","volume":"2","author":"Colombo Pietro","year":"2015","unstructured":"Pietro Colombo and Elena Ferrari. 2015. Privacy Aware Access Control for Big Data. Big Data Res. 2, 4 (dec 2015), 145\u2013154.","journal-title":"Big Data Res."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","unstructured":"Pietro Colombo and Elena Ferrari. 2015. Privacy Aware Access Control for Big Data: A Research Roadmap. Big Data Res. (2015) 145\u2013154. https:\/\/doi.org\/10.1016\/j.bdr.2015.08.001","DOI":"10.1016\/j.bdr.2015.08.001"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2497680"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3205977.3205998"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.13154\/TCHES.V2018.I2.171-191"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.29012\/JPC.V7I3.405"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1985.1057074"},{"key":"e_1_3_2_1_39_1","volume-title":"Confidential Computing Consortium","author":"Project Enarx","year":"2023","unstructured":"Enarx Project. Confidential Computing Consortium. Linux Foundation. 2023. Enarx: Confidential Computing with WebAssembly. https:\/\/enarx.dev\/."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1145\/3538513","article-title":"Intent-based Networking for the Enterprise: A Modern Network Architecture","volume":"65","author":"Falkner M.","year":"2022","unstructured":"M. Falkner and J. Apostolopoulos. 2022. Intent-based Networking for the Enterprise: A Modern Network Architecture. Commun. ACM 65, 11 (2022), 108\u2013117.","journal-title":"Commun. ACM"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/EUROSP53844.2022.00017"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1536414.1536440"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.5555\/2008684.2008697"},{"key":"e_1_3_2_1_44_1","volume-title":"Smart","author":"Gentry Craig","year":"2012","unstructured":"Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012. Homomorphic Evaluation of the AES Circuit. IACR Cryptol. ePrint Arch. (2012), 99. http:\/\/eprint.iacr.org\/2012\/099"},{"key":"e_1_3_2_1_45_1","volume-title":"1982 IEEE Symposium on Security and Privacy. IEEE, 11\u201320","author":"Goguen Joseph A","year":"1982","unstructured":"Joseph A Goguen and Jos\u00e9 Meseguer. 1982. Security policies and security models. In 1982 IEEE Symposium on Security and Privacy. IEEE, 11\u201320."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/28395.28416"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2018.00024"},{"key":"e_1_3_2_1_48_1","volume-title":"Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In 27th USENIX Security Symposium, USENIX Security 2018","author":"Gras Ben","year":"2018","unstructured":"Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2018. Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). 955\u2013972."},{"key":"e_1_3_2_1_49_1","unstructured":"Brendan Gregg. 2017. AWS EC2 Virtualization 2017: Introducing Nitro. https:\/\/www.brendangregg.com\/blog\/2017-11-29\/aws-ec2-virtualization-2017.html."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"e_1_3_2_1_51_1","volume-title":"Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In 24th USENIX Security Symposium, USENIX Security 15","author":"Gruss Daniel","year":"2015","unstructured":"Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015, Jaeyeon Jung and Thorsten Holz (Eds.). 897\u2013912. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/gruss"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180457.3180463"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-61176-1_4"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.13154\/TCHES.V2020.I1.321-347"},{"key":"e_1_3_2_1_55_1","unstructured":"IBM. 2024. Cost of a Data Breach Report. https:\/\/wp.table.media\/wp-content\/uploads\/2024\/07\/30132828\/Cost-of-a-Data-Breach-Report-2024.pdf."},{"key":"e_1_3_2_1_56_1","unstructured":"Intel. 2023. Intel TDX module 1.0 specification. https:\/\/cdrdv2.intel.com\/v1\/dl\/getContent\/733568(2023)."},{"key":"e_1_3_2_1_57_1","unstructured":"David Kaplan. 2017. Protecting VM Register State With SEV-ES. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-business-docs\/white-papers\/Protecting-VM-Register-State-with-SEV-ES.pdf."},{"key":"e_1_3_2_1_58_1","volume-title":"Waldspurger","author":"Kiriansky Vladimir","year":"2018","unstructured":"Vladimir Kiriansky and Carl A. Waldspurger. 2018. Speculative Buffer Overflows: Attacks and Defenses. CoRR abs\/1807.03757 (2018). arXiv:1807.03757 http:\/\/arxiv.org\/abs\/1807.03757"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-68697-5_9"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560595"},{"key":"e_1_3_2_1_62_1","volume-title":"Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Lee Sangho","year":"2017","unstructured":"Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). 557\u2013574."},{"key":"e_1_3_2_1_63_1","volume-title":"28th USENIX Security Symposium, USENIX Security 2019","author":"Li Mengyuan","year":"2019","unstructured":"Mengyuan Li, Yinqian Zhang, Zhiqiang Lin, and Yan Solihin. 2019. Exploiting Unprotected I\/O Operations in AMD's Secure Encrypted Virtualization. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 1257\u20131272. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li-mengyuan"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.14778\/3583140.3583158"},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the 2017 USENIX Annual Technical Conference, USENIX ATC 2017","author":"Lind Joshua","year":"2017","unstructured":"Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David M. Eyers, R\u00fcdiger Kapitza, Christof Fetzer, and Peter R. Pietzuch. 2017. Glamdring: Automatic Application Partitioning for Intel SGX. In Proceedings of the 2017 USENIX Annual Technical Conference, USENIX ATC 2017, Santa Clara, CA, USA, July 12-14, 2017, Dilma Da Silva and Bryan Ford (Eds.). USENIX Association, 285\u2013298. https:\/\/www.usenix.org\/conference\/atc17\/technical-sessions\/presentation\/lind"},{"key":"e_1_3_2_1_66_1","unstructured":"Linux. 2019. Linux vsock address family. https:\/\/manpages.ubuntu.com\/manpages\/jammy\/man7\/vsock.7.html."},{"key":"e_1_3_2_1_67_1","unstructured":"Linux. 2021. Multipurpose relay (SOcket CAT). https:\/\/manpages.ubuntu.com\/manpages\/jammy\/man7\/vsock.7.html."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.43"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","unstructured":"Xiaoxuan Lou Tianwei Zhang Jun Jiang and Yinqian Zhang. 2022. A Survey of Microarchitectural Side-channel Vulnerabilities Attacks and Defenses in Cryptography. ACM Comput. Surv. (2022) 122:1\u2013122:37. https:\/\/doi.org\/10.1145\/3456629","DOI":"10.1145\/3456629"},{"key":"e_1_3_2_1_70_1","volume-title":"Power analysis attacks - revealing the secrets of smart cards","author":"Mangard Stefan","unstructured":"Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2007. Power analysis attacks - revealing the secrets of smart cards. Springer."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3591231"},{"key":"e_1_3_2_1_72_1","volume-title":"ROTE: Rollback Protection for Trusted Execution. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Matetic Sinisa","year":"2017","unstructured":"Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David M. Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. 2017. ROTE: Rollback Protection for Trusted Execution. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). 1289\u20131306. https:\/\/www.usenix.org\/conference\/usenixsecuritty17\/technical-sessions\/presentation\/matetic"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30556-9_27"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/2948618.2954331"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3700418"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3214292.3214301"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66787-4_4"},{"key":"e_1_3_2_1_78_1","volume-title":"GUPT: Privacy Preserving Data Analysis Made Easy. In ACM SIGMOD International Conference on Management of Data (SIGMOD'12)","author":"Mohan P.","unstructured":"P. Mohan, A. Thakurta, E. Shi, D. Song, and D. Culler. 2012. GUPT: Privacy Preserving Data Analysis Made Easy. In ACM SIGMOD International Conference on Management of Data (SIGMOD'12). 349\u2013360."},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/3193111.3193112"},{"key":"e_1_3_2_1_80_1","unstructured":"K. Morris. 2021. Infrastructure as Code: Dynamic Systems for the Cloud Age (2 ed.). O'Reilly."},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00057"},{"key":"e_1_3_2_1_82_1","unstructured":"OPAQUE. 2023. OPAQUE. The Confidential AI Company. https:\/\/www.opaque.co\/."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1007\/11605805_1"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"crossref","unstructured":"Pascal Paillier. 1999. Public-key Cryptosystems Based on Composite Degree Residuosity Classes. 223\u2013238. http:\/\/dl.acm.org\/citation.cfm?id=1756123.1756146","DOI":"10.1007\/3-540-48910-X_16"},{"key":"e_1_3_2_1_85_1","volume-title":"12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016","author":"Papadimitriou Antonis","year":"2016","unstructured":"Antonis Papadimitriou, Ranjita Bhagwan, Nishanth Chandran, Ramachandran Ramjee, Andreas Haeberlen, Harmeet Singh, Abhishek Modi, and Saikrishna Badrinarayanan. 2016. Big Data Analytics over Encrypted Datasets with Seabed. In 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016, Savannah, GA, USA, November 2-4, 2016, Kimberly Keeton and Timothy Roscoe (Eds.). USENIX Association, 587\u2013602. https:\/\/www.usenix.org\/conference\/osdi16\/technical-sessions\/presentation\/papadimitriou"},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/2330667.2330691"},{"key":"e_1_3_2_1_87_1","volume-title":"SparkXS: Efficient Access Control for Intelligent and Large-Scale Streaming Data Applications. In 2015 International Conference on Intelligent Environments. 96\u2013103","author":"Preuveneers Davy","year":"2015","unstructured":"Davy Preuveneers and Wouter Joosen. 2015. SparkXS: Efficient Access Control for Intelligent and Large-Scale Streaming Data Applications. In 2015 International Conference on Intelligent Environments. 96\u2013103."},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3314129"},{"key":"e_1_3_2_1_89_1","unstructured":"Ronald L Rivest Len Adleman Michael L Dertouzos et al. 1978. On data banks and privacy homomorphisms. Foundations of secure computation (1978)."},{"key":"e_1_3_2_1_90_1","volume-title":"Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010, April 28-30","author":"Roy Indrajit","year":"2010","unstructured":"Indrajit Roy, Srinath T. V. Setty, Ann Kilzer, Vitaly Shmatikov, and Emmett Witchel. 2010. Airavat: Security and Privacy for MapReduce. In Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010, April 28-30, 2010, San Jose, CA, USA. USENIX Association, 297\u2013312. http:\/\/www.usenix.org\/events\/nsdi10\/tech\/full_papers\/roy.pdf"},{"key":"e_1_3_2_1_91_1","first-page":"1","article-title":"PLASMA","volume":"42","author":"Sang B.","year":"2020","unstructured":"B. Sang, P.-L. Roman, P. Eugster, H. Lu, S. Ravi, and G. Petri. 2020. PLASMA: Programmable Elasticity for Stateful Cloud Computing Applications. Vol. 42. 1\u201315 pages.","journal-title":"Programmable Elasticity for Stateful Cloud Computing Applications."},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.14778\/3389133.3389144"},{"key":"e_1_3_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1145\/3127479.3129256"},{"key":"e_1_3_2_1_94_1","volume-title":"Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 38\u201354","author":"Schuster Felix","year":"2015","unstructured":"Felix Schuster, Manuel Costa, C\u00e9dric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy data analytics in the cloud using SGX. In Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 38\u201354."},{"key":"e_1_3_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354252"},{"key":"e_1_3_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378469"},{"key":"e_1_3_2_1_97_1","volume-title":"Panoply: Low-TCB Linux Applications With SGX Enclaves. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Shinde Shweta","year":"2017","unstructured":"Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. Panoply: Low-TCB Linux Applications With SGX Enclaves. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017-programme\/panoply-low-tcb-linux-applications-sgx-enclaves\/"},{"key":"e_1_3_2_1_98_1","unstructured":"Simon Johnson Raghunandan Makaram Amy Santoni and Vinnie Scarlata. 2021. Supporting intel sgx on multi-socket platforms. https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/white-papers\/supporting-intel-sgx-on-mulit-socket-platforms.pdf."},{"key":"e_1_3_2_1_99_1","doi-asserted-by":"publisher","unstructured":"Jakub Szefer. 2019. Survey of Microarchitectural Side and Covert Channels Attacks and Defenses. J. Hardw. Syst. Secur. (2019) 219\u2013234. https:\/\/doi.org\/10.1007\/S41635-018-0046-1","DOI":"10.1007\/S41635-018-0046-1"},{"key":"e_1_3_2_1_100_1","volume-title":"CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Tang Adrian","year":"2017","unstructured":"Adrian Tang, Simha Sethumadhavan, and Salvatore J. Stolfo. 2017. CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). 1057\u20131074. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/tang"},{"key":"e_1_3_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516666"},{"key":"e_1_3_2_1_102_1","unstructured":"TPC. 1988. TPC-H benchmark. http:\/\/www.tpc.org\/tpch\/."},{"key":"e_1_3_2_1_103_1","volume-title":"Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In USENIX Annual Technical Conference (ATC '17)","author":"Porter Donald E.","year":"2017","unstructured":"Chia-che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In USENIX Annual Technical Conference (ATC '17). 645\u2013658."},{"key":"e_1_3_2_1_104_1","volume-title":"Processing Analytical Queries over Encrypted Data. 6, 5","author":"Tu Stephen","year":"2013","unstructured":"Stephen Tu, M. Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich. 2013. Processing Analytical Queries over Encrypted Data. 6, 5 (2013), 289\u2013300. http:\/\/www.vldb.org\/pvldb\/vol6\/p289-tu.pdf"},{"key":"e_1_3_2_1_105_1","unstructured":"UC Berkley RISE Lab. 2021. MC2. https:\/\/mc2-project.github.io\/opaque-sql-docs\/src\/benchmarking\/benchmarking.html."},{"key":"e_1_3_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714624"},{"key":"e_1_3_2_1_107_1","doi-asserted-by":"publisher","DOI":"10.1109\/BIGDATA.CONGRESS.2014.16"},{"key":"e_1_3_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00087"},{"key":"e_1_3_2_1_109_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00260"},{"key":"e_1_3_2_1_110_1","volume-title":"Veracruz: Confidential Collaborative Computation. https:\/\/veracruz.readthedocs.io\/en\/latest\/.","author":"Contributors Veracruz","year":"2024","unstructured":"Veracruz Contributors. 2024. Veracruz: Confidential Collaborative Computation. https:\/\/veracruz.readthedocs.io\/en\/latest\/."},{"key":"e_1_3_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1145\/2948618.2954330"},{"key":"e_1_3_2_1_112_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"e_1_3_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3149544"},{"key":"e_1_3_2_1_114_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427640"},{"key":"e_1_3_2_1_115_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, Kevin Fu and Jaeyeon Jung (Eds.). 719\u2013732. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical- sessions\/presentation\/yarom"},{"key":"e_1_3_2_1_116_1","volume-title":"Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2012","author":"Zaharia Matei","year":"2012","unstructured":"Matei Zaharia, Mosharaf Chowdhury, Tathagata Das, Ankur Dave, Justin Ma, Murphy McCauly, Michael J. Franklin, Scott Shenker, and Ion Stoica. 2012. Resilient Distributed Datasets: A Fault-Tolerant Abstraction for In-Memory Cluster Computing. In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2012, San Jose, CA, USA, April 25-27, 2012, Steven D. Gribble and Dina Katabi (Eds.). USENIX Association, 15\u201328. https:\/\/www.usenix.org\/conference\/nsdi12\/technical-sessions\/presentation\/zaharia"},{"key":"e_1_3_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2018.8486293"},{"key":"e_1_3_2_1_118_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2018.8486293"},{"key":"e_1_3_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1109\/JCC56315.2022.00019"},{"key":"e_1_3_2_1_120_1","volume-title":"Opaque: An Oblivious and Encrypted Distributed Analytics Platform. In 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17)","author":"Zheng Wenting","year":"2017","unstructured":"Wenting Zheng, Ankur Dave, Jethro G. Beekman, Raluca Ada Popa, Joseph E. Gonzalez, and Ion Stoica. 2017. Opaque: An Oblivious and Encrypted Distributed Analytics Platform. In 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17). USENIX Association, Boston, MA, 283\u2013298. https:\/\/www.usenix.org\/conference\/nsdi17\/technical-sessions\/presentation\/zheng"},{"key":"e_1_3_2_1_121_1","volume-title":"Cerebro: A Platform for Multi-Party Cryptographic Collaborative Learning. In 30th USENIX Security Symposium, USENIX Security 2021","author":"Zheng Wenting","year":"2021","unstructured":"Wenting Zheng, Ryan Deng, Weikeng Chen, Raluca Ada Popa, Aurojit Panda, and Ion Stoica. 2021. Cerebro: A Platform for Multi-Party Cryptographic Collaborative Learning. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael D. Bailey and Rachel Greenstadt (Eds.). USENIX Association, 2723\u20132740. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/zheng"}],"event":{"name":"SoCC '25: ACM Symposium on Cloud Computing","location":"Online USA","acronym":"SoCC '25","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems","SIGMOD ACM Special Interest Group on Management of Data"]},"container-title":["Proceedings of the 2025 ACM Symposium on Cloud Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3772052.3772209","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T16:25:14Z","timestamp":1768321514000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3772052.3772209"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":121,"alternative-id":["10.1145\/3772052.3772209","10.1145\/3772052"],"URL":"https:\/\/doi.org\/10.1145\/3772052.3772209","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2026-01-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}