{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,17]],"date-time":"2025-09-17T15:34:20Z","timestamp":1758123260062,"version":"3.40.3"},"publisher-location":"Cham","reference-count":57,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030629731"},{"type":"electronic","value":"9783030629748"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-62974-8_17","type":"book-chapter","created":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T13:10:38Z","timestamp":1606223438000},"page":"290-311","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Towards Transparent Control-Flow Integrity in Safety-Critical Systems"],"prefix":"10.1007","author":[{"given":"Don","family":"Kuzhiyelil","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9658-1572","authenticated-orcid":false,"given":"Philipp","family":"Zieris","sequence":"additional","affiliation":[]},{"given":"Marine","family":"Kadar","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1107-4569","authenticated-orcid":false,"given":"Sergey","family":"Tverdyshev","sequence":"additional","affiliation":[]},{"given":"Gerhard","family":"Fohler","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,25]]},"reference":[{"key":"17_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity: principles, implementations, and applications. In: CCS. ACM (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"17_CR2","unstructured":"Abeni, L., Buttazzo, G.: Integrating multimedia applications in hard real-time systems. In: RTSS. IEEE (1998)"},{"key":"17_CR3","doi-asserted-by":"crossref","unstructured":"Abera, T., et al.: C-FLAT: control-flow attestation for embedded systems software. In: CCS. ACM (2016)","DOI":"10.1145\/2976749.2978358"},{"key":"17_CR4","doi-asserted-by":"crossref","unstructured":"Almakhdhub, N.S., Clements, A.A., Bagchi, S., Payer, M.: $$\\mu $$RAI: securing embedded systems with return address integrity. In: NDSS. Internet Society (2020)","DOI":"10.14722\/ndss.2020.24016"},{"issue":"3\/4","key":"17_CR5","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1504\/IJES.2006.014859","volume":"2","author":"J Alves-Foss","year":"2006","unstructured":"Alves-Foss, J., Oman, P.W., Taylor, C., Harrison, S.: The MILS architecture for high-assurance embedded systems. Int. J. Embed. Syst. 2(3\/4), 239\u2013247 (2006)","journal-title":"Int. J. Embed. Syst."},{"key":"17_CR6","unstructured":"Arm Holdings: Mbed OS MPU management. https:\/\/os.mbed.com\/docs\/mbed-os\/v5.15\/apis\/mpu-management.html. Accessed 10 Sep 2020"},{"key":"17_CR7","unstructured":"Arm Holdings: ARM CoreSight SoC-400 Technical Reference Manual (June 2016)"},{"key":"17_CR8","unstructured":"Arm Holdings: Juno ARM Development Platform SoC Technical Reference Manual (June 2016)"},{"key":"17_CR9","doi-asserted-by":"crossref","unstructured":"Baruah, S.K., Burns, A., Davis, R.I.: Response-time analysis for mixed criticality systems. In: RTSS. IEEE (2011)","DOI":"10.1109\/RTSS.2011.12"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: ASIACCS. ACM (2011)","DOI":"10.1145\/1966913.1966919"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing return-oriented programming to RISC. In: CCS. ACM (2008)","DOI":"10.1145\/1455770.1455776"},{"key":"17_CR12","unstructured":"Burns, A., Davis, R.: Mixed criticality systems\u2013a review. Department of Computer Science, University of York, Technical Report (2013)"},{"issue":"1","key":"17_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3054924","volume":"50","author":"N Burow","year":"2017","unstructured":"Burow, N., et al.: Control-flow integrity: Precision, security, and performance. ACM Comput. Surv. (CSUR) 50(1), 1\u201333 (2017)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Burow, N., Zhang, X., Payer, M.: SoK: shining light on shadow stacks. In: S&P. IEEE (2019)","DOI":"10.1109\/SP.2019.00076"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: CCS. ACM (2010)","DOI":"10.1145\/1866307.1866370"},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"Clements, A.A., et al.: Protecting bare-metal embedded systems with privilege overlays. In: S&P. IEEE (2017)","DOI":"10.1109\/SP.2017.37"},{"key":"17_CR17","unstructured":"Clements, A.A., Almakhdhub, N.S., Bagchi, S., Payer, M.: ACES: automatic compartments for embedded systems. In: USENIX Security. USENIX Association (2018)"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Davi, L., et al.: HAFIX: hardware-assisted flow integrity extension. In: DAC. ACM (2015)","DOI":"10.1145\/2744769.2744847"},{"key":"17_CR19","doi-asserted-by":"crossref","unstructured":"Davi, L., Koeberl, P., Sadeghi, A.R.: Hardware-assisted fine-grained control-flow integrity: towards efficient protection of embedded systems against software exploitation. In: DAC. ACM (2014)","DOI":"10.1109\/DAC.2014.6881460"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: ASIACCS. ACM (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"Francillon, A., Castelluccia, C.: Code injection attacks on harvard-architecture devices. In: CCS. ACM (2008)","DOI":"10.1145\/1455770.1455775"},{"key":"17_CR22","doi-asserted-by":"crossref","unstructured":"Gu, Y., Zhao, Q., Zhang, Y., Lin, Z.: PT-CFI: transparent backward-edge control flow violation detection using Intel processor trace. In: CODASPY. ACM (2017)","DOI":"10.1145\/3029806.3029830"},{"key":"17_CR23","doi-asserted-by":"crossref","unstructured":"Hu, H., et al.: Enforcing unique code target property for control-flow integrity. In: CCS. ACM (2018)","DOI":"10.1145\/3243734.3243797"},{"issue":"6","key":"17_CR24","doi-asserted-by":"publisher","first-page":"1802","DOI":"10.1109\/JIOT.2017.2703172","volume":"4","author":"A Humayed","year":"2017","unstructured":"Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security-a survey. IEEE Int. Things J. 4(6), 1802\u20131831 (2017)","journal-title":"IEEE Int. Things J."},{"key":"17_CR25","doi-asserted-by":"crossref","unstructured":"Jang, D., Tatlock, Z., Lerner, S.: SafeDispatch: securing C++ virtual calls from memory corruption attacks. In: NDSS. Internet Society (2014)","DOI":"10.14722\/ndss.2014.23287"},{"key":"17_CR26","unstructured":"John, R.: Partitioning in avionics architectures: Requirements, mechanisms, and assurance. Technical Report, SRI International Computer Science Laboratory (1999)"},{"key":"17_CR27","unstructured":"Kath, O., Schreiner, R., Favaro, J.: Safety, security, and software reuse: A model-based approach. In: RESAFE. Springer (2009)"},{"key":"17_CR28","doi-asserted-by":"crossref","unstructured":"Kim, C.H., et al.: Securing real-time microcontroller systems through customized memory view switching. In: NDSS. Internet Society (2018)","DOI":"10.14722\/ndss.2018.23107"},{"key":"17_CR29","unstructured":"Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: USENIX OSDI. USENIX Association (2014)"},{"key":"17_CR30","unstructured":"Kwon, D., Shin, J., Kim, G., Lee, B., Cho, Y., Paek, Y.: uXOM: efficient eXecute-only memory on ARM Cortex-M. In: USENIX Security. USENIX Association (2019)"},{"key":"17_CR31","doi-asserted-by":"crossref","unstructured":"Lee, Y., Heo, I., Hwang, D., Kim, K., Paek, Y.: Towards a practical solution to detect code reuse attacks on ARM mobile devices. In: HASP. ACM (2015)","DOI":"10.1145\/2768566.2768569"},{"key":"17_CR32","unstructured":"Lehoczky, J.P., Sha, L., Strosnider, J.K.: Enhanced aperiodic responsiveness in hard real-time environments. In: Unknown Host Publication Title. IEEE (1987)"},{"issue":"5","key":"17_CR33","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1145\/224057.224075","volume":"29","author":"J Liedtke","year":"1995","unstructured":"Liedtke, J.: On micro-kernel construction. ACM SIGOPS Oper. Syst. Rev. 29(5), 237\u2013250 (1995)","journal-title":"ACM SIGOPS Oper. Syst. Rev."},{"issue":"1","key":"17_CR34","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1145\/321738.321743","volume":"20","author":"CL Liu","year":"1973","unstructured":"Liu, C.L., Layland, J.W.: Scheduling algorithms for multiprogramming in a hard-real-time environment. J. ACM (JACM) 20(1), 46\u201361 (1973)","journal-title":"J. ACM (JACM)"},{"key":"17_CR35","doi-asserted-by":"crossref","unstructured":"Liu, Y., Shi, P., Wang, X., Chen, H., Zang, B., Guan, H.: Transparent and efficient CFI enforcement with Intel processor trace. In: HPCA. IEEE (2017)","DOI":"10.1109\/HPCA.2017.18"},{"key":"17_CR36","first-page":"91","volume":"2015","author":"C Miller","year":"2015","unstructured":"Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015, 91 (2015)","journal-title":"Black Hat USA"},{"key":"17_CR37","doi-asserted-by":"crossref","unstructured":"Niu, B., Tan, G.: Per-input control-flow integrity. In: CCS. ACM (2015)","DOI":"10.1145\/2810103.2813644"},{"key":"17_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/978-3-319-66332-6_12","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Thomas Nyman","year":"2017","unstructured":"Nyman, Thomas., Ekberg, Jan-Erik., Davi, Lucas, Asokan, N.: CFI CaRE: hardware-supported call and\u00a0return enforcement for commercial microcontrollers. In: Dacier, Marc, Bailey, Michael, Polychronakis, Michalis, Antonakakis, Manos (eds.) RAID 2017. LNCS, vol. 10453, pp. 259\u2013284. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66332-6_12"},{"key":"17_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-319-20550-2_8","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Mathias Payer","year":"2015","unstructured":"Payer, Mathias., Barresi, Antonio, Gross, Thomas R.: Fine-grained control-flow integrity through binary hardening. In: Almgren, Magnus, Gulisano, Vincenzo, Maggi, Federico (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 144\u2013164. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20550-2_8"},{"key":"17_CR40","unstructured":"Real Time Engineers Ltd.: FreeRTOS memory protection unit (MPU) support. https:\/\/www.freertos.org\/FreeRTOS-MPU-memory-protection-unit.html. Accessed 10 Sep 2020"},{"key":"17_CR41","unstructured":"Rico, J.E., Ba\u00f1\u00f3n, M., Ortega, A., Hametner, R., Blasum, H., Hager, M.: Compositional security certification methodology. Zenodo (2018)"},{"key":"17_CR42","doi-asserted-by":"publisher","first-page":"101561","DOI":"10.1016\/j.cose.2019.06.015","volume":"87","author":"JE Rubio","year":"2019","unstructured":"Rubio, J.E., Alcaraz, C., Roman, R., Lopez, J.: Current cyber-defense trends in industrial control systems. Comput. Secur. 87, 101561 (2019)","journal-title":"Comput. Secur."},{"key":"17_CR43","doi-asserted-by":"crossref","unstructured":"Rushby, J.: The design and verification of secure systems. In: Eighth ACM Symposium on Operating System Principles. ACM (1981)","DOI":"10.1145\/800216.806586"},{"key":"17_CR44","doi-asserted-by":"crossref","unstructured":"Schlehuber, C., Heinrich, M., Vateva-Gurova, T., Katzenbeisser, S., Suri, N.: Challenges and approaches in securing safety-relevant railway signalling. In: EuroS & PW. IEEE (2017)","DOI":"10.1109\/EuroSPW.2017.63"},{"key":"17_CR45","doi-asserted-by":"crossref","unstructured":"Schulz, T., Gries, C., Golatowski, F., Timmermann, D.: Strategy for security certification of high assurance industrial automation and control systems. In: SIES. IEEE (2018)","DOI":"10.1109\/SIES.2018.8442081"},{"key":"17_CR46","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: CCS. ACM (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"17_CR47","unstructured":"Sinnhofer, A.D., Raschke, W., Steger, C., Kreiner, C.: Evaluation paradigm selection according to common criteria for an incremental product development. In: MILS@HiPEAC. Zenodo (2015)"},{"key":"17_CR48","doi-asserted-by":"crossref","unstructured":"Sprunt, B., Sha, L., Lehoczky, J.: Aperiodic task scheduling for hard-real-time systems. Real-Time Systems 1(1), (1989)","DOI":"10.1007\/BF02341920"},{"key":"17_CR49","doi-asserted-by":"crossref","unstructured":"Strosnider, J.K., Lehoczky, J.P., Sha, L.: The deferrable server algorithm for enhanced aperiodic responsiveness in hard real-time environments. IEEE Transactions on Computers 44(1), (1995)","DOI":"10.1109\/12.368008"},{"key":"17_CR50","unstructured":"SYSGO GmbH: PikeOS hypervisor webpage. https:\/\/www.sysgo.com\/products\/pikeos-hypervisor\/, retrieved September 10, 2020"},{"key":"17_CR51","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: Eternal war in memory. In: S&P. IEEE (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"17_CR52","unstructured":"Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, U., Lozano, L., Pike, G.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: USENIX Security. USENIX Association (2014)"},{"key":"17_CR53","unstructured":"Tverdyshev, S., Blasum, H., Langenstein, B., Maebe, J., De Sutter, B., Leconte, B., Triquet, B., M\u00fcller, K., Paulitsch, M., S\u00f6ding-Freiherr von Blomberg, A., Tillequin, A.: MILS architecture. Zenodo (2013)"},{"key":"17_CR54","doi-asserted-by":"crossref","unstructured":"van der Veen, V., Andriesse, D., Stamatogiannakis, M., Chen, X., Bos, H., Giuffrdia, C.: The dynamics of innocent flesh on the bone: Code reuse ten years later. In: CCS. ACM (2017)","DOI":"10.1145\/3133956.3134026"},{"key":"17_CR55","doi-asserted-by":"crossref","unstructured":"van der Veen, V., G\u00f6kta\u015f, E., Contag, M., Pawoloski, A., Chen, X., Rawat, S., Bos, H., Holz, T., Athanasopoulos, E., Giuffrida, C.: A tough call: Mitigating advanced code-reuse attacks at the binary level. In: S&P. IEEE (2016)","DOI":"10.1109\/SP.2016.60"},{"key":"17_CR56","unstructured":"Zhang, M., Sekar, R.: Control flow integrity for COTS binaries. In: USENIX Security. USENIX Association (2013)"},{"key":"17_CR57","doi-asserted-by":"crossref","unstructured":"Zieris, P., Horsch, J.: A leak-resilient dual stack scheme for backward-edge control-flow integrity. In: ASIACCS. ACM (2018)","DOI":"10.1145\/3196494.3196531"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-62974-8_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:11:56Z","timestamp":1607299916000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-62974-8_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030629731","9783030629748"],"references-count":57,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-62974-8_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"25 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bali","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Indonesia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/isc2020.petra.ac.id\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"87","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}