{"id":"https://openalex.org/W7127126111","doi":"https://doi.org/10.1109/trustcom66490.2025.00361","title":"VMPL-KMI: Protecting Kernel Module Integrity within Confidential VMs","display_name":"VMPL-KMI: Protecting Kernel Module Integrity within Confidential VMs","publication_year":2025,"publication_date":"2025-11-14","ids":{"openalex":"https://openalex.org/W7127126111","doi":"https://doi.org/10.1109/trustcom66490.2025.00361"},"language":null,"primary_location":{"id":"doi:10.1109/trustcom66490.2025.00361","is_oa":false,"landing_page_url":"https://doi.org/10.1109/trustcom66490.2025.00361","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5093974028","display_name":"Benshan Mei","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Benshan Mei","raw_affiliation_strings":["Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124834478","display_name":"Wenhao Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenhao Wang","raw_affiliation_strings":["Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047695782","display_name":"Dongdai Lin","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dongdai Lin","raw_affiliation_strings":["Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense","institution_ids":["https://openalex.org/I4210156404"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5093974028"],"corresponding_institution_ids":["https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.84300993,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"3032","last_page":"3037"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9854999780654907,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9854999780654907,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.003000000026077032,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10054","display_name":"Parallel Computing and Optimization Techniques","score":0.0012000000569969416,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.6718000173568726},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.6647999882698059},{"id":"https://openalex.org/keywords/synchronizing","display_name":"Synchronizing","score":0.6198999881744385},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.6110000014305115},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.5861999988555908},{"id":"https://openalex.org/keywords/memory-protection","display_name":"Memory protection","score":0.5615000128746033},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.45019999146461487}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7633000016212463},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.6718000173568726},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.6647999882698059},{"id":"https://openalex.org/C162932704","wikidata":"https://www.wikidata.org/wiki/Q1058791","display_name":"Synchronizing","level":3,"score":0.6198999881744385},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.6110000014305115},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.5861999988555908},{"id":"https://openalex.org/C18131444","wikidata":"https://www.wikidata.org/wiki/Q163585","display_name":"Memory protection","level":5,"score":0.5615000128746033},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.47909998893737793},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.45019999146461487},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.4262000024318695},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42570000886917114},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.38850000500679016},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.3409999907016754},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.31130000948905945},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.30160000920295715},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.30070000886917114},{"id":"https://openalex.org/C116537","wikidata":"https://www.wikidata.org/wiki/Q2169973","display_name":"Service provider","level":3,"score":0.29589998722076416},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.2921000123023987},{"id":"https://openalex.org/C57041688","wikidata":"https://www.wikidata.org/wiki/Q220644","display_name":"Service-oriented architecture","level":3,"score":0.27730000019073486},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.27390000224113464}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/trustcom66490.2025.00361","is_oa":false,"landing_page_url":"https://doi.org/10.1109/trustcom66490.2025.00361","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.641376793384552,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2019731328","https://openalex.org/W2065085847","https://openalex.org/W2067663659","https://openalex.org/W2168872572","https://openalex.org/W2240600741","https://openalex.org/W3048233659","https://openalex.org/W3177545773","https://openalex.org/W4287849805","https://openalex.org/W4292747997","https://openalex.org/W4389279188","https://openalex.org/W4391623933","https://openalex.org/W4408565004","https://openalex.org/W4408750116"],"related_works":[],"abstract_inverted_index":{"Confidential":[0],"Virtual":[1],"Machines":[2],"(CVMs),":[3],"such":[4],"as":[5],"AMD":[6,41],"SEV,":[7],"offer":[8,47],"external":[9],"protection":[10,70],"but":[11],"lack":[12],"a":[13,102,117],"privilege":[14],"hierarchy,":[15],"making":[16],"them":[17],"vulnerable":[18],"to":[19,37,63,116],"susceptible":[20],"loadable":[21],"kernel":[22,38,55],"modules":[23,129],"(LKMs).":[24],"Although":[25],"the":[26,77,98,107],"Integrity":[27],"Measurement":[28],"Architecture":[29],"(IMA)":[30],"checks":[31,84],"load-time":[32,66],"integrity,":[33],"it":[34],"is":[35],"prone":[36],"exploits.":[39],"While":[40],"SEV-SNP\u2019s":[42],"VM":[43,109],"Privilege":[44],"Levels":[45],"(VMPLs)":[46],"hardware-enforced":[48],"intra-CVM":[49],"isolation,":[50],"they":[51],"remain":[52],"underexploited":[53],"for":[54,127,132],"protection.":[56],"This":[57],"paper":[58],"presents":[59],"VMPL-KMI,":[60],"utilizing":[61],"VMPLs":[62],"enforce":[64],"both":[65],"measurement":[67],"and":[68,81,91,137],"runtime":[69],"of":[71],"LKMs.":[72],"By":[73],"maintaining":[74],"MList":[75],"in":[76],"most":[78],"privileged":[79],"VMPL0":[80],"synchronizing":[82],"integrity":[83],"with":[85],"memory":[86],"protection,":[87],"VMPL-KMI":[88],"prevents":[89],"tampering":[90],"eliminates":[92],"Time-Of-Check-to-Time-Of-Use":[93],"(TOCTTOU)":[94],"vulnerabilities.":[95],"To":[96],"minimize":[97],"overhead,":[99],"we":[100],"introduce":[101],"service":[103],"protocol":[104],"based":[105],"on":[106],"Secure":[108],"Service":[110],"Module":[111],"(SVSM)":[112],"standard,":[113],"reducing":[114],"verification":[115],"single":[118],"interaction.":[119],"Experimental":[120],"results":[121],"demonstrate":[122],"practical":[123],"efficiency:":[124],"5\u201310%":[125],"overhead":[126],"small":[128],"(over":[130],"20%":[131],"larger":[133],"ones)":[134],"during":[135,141],"loading":[136],"less":[138],"than":[139],"5%":[140],"unloading.":[142]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-02-03T00:00:00"}