{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:30Z","timestamp":1783965870512,"version":"3.55.0"},"reference-count":67,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T00:00:00Z","timestamp":1780617600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001871","name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","doi-asserted-by":"publisher","award":["2021.08587"],"award-info":[{"award-number":["2021.08587"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105005","type":"journal-article","created":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T16:14:32Z","timestamp":1780676072000},"page":"105005","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["RunPBA \u2014 Runtime attestation for microcontrollers with PACBTI"],"prefix":"10.1016","volume":"170","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3433-9809","authenticated-orcid":false,"given":"Andr\u00e9","family":"Cirne","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0268-9134","authenticated-orcid":false,"given":"Patr\u00edcia R.","family":"Sousa","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0125-4240","authenticated-orcid":false,"given":"Jo\u00e3o S.","family":"Resende","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9988-594X","authenticated-orcid":false,"given":"Lu\u00eds","family":"Antunes","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.105005_b1","series-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","first-page":"743","article-title":"C-FLAT: Control-flow attestation for embedded systems software","author":"Abera","year":"2016"},{"key":"10.1016\/j.cose.2026.105005_b2","series-title":"Proceedings of the 53rd Annual Design Automation Conference","article-title":"Invited - Things, trouble, trust","author":"Abera","year":"2016"},{"key":"10.1016\/j.cose.2026.105005_b3","series-title":"Proceedings 2020 Network and Distributed System Security Symposium","article-title":"uRAI: Return address integrity for embedded systems","author":"Almakhdhub","year":"2020"},{"key":"10.1016\/j.cose.2026.105005_b4","unstructured":"Ammar, M., Abdelraoof, A., Vlasceanu, S., 2024. On Bridging the Gap between Control Flow Integrity and Attestation Schemes. In: 33rd USENIX Security Symposium. USENIX Security 24, pp. 6633\u20136650."},{"issue":"5","key":"10.1016\/j.cose.2026.105005_b5","doi-asserted-by":"crossref","first-page":"1598","DOI":"10.3390\/s21051598","article-title":"State-of-the-art software-based remote attestation: Opportunities and open issues for internet of things","volume":"21","author":"Ankerg\u00e5rd","year":"2021","journal-title":"Sensors"},{"key":"10.1016\/j.cose.2026.105005_b6","series-title":"2020 IEEE International Symposium on Hardware Oriented Security and Trust","first-page":"305","article-title":"LAHEL: Lightweight attestation hardening embedded devices using macrocells","author":"Arias","year":"2020"},{"key":"10.1016\/j.cose.2026.105005_b7","series-title":"Arm cortex-m85 processor technical reference manual","author":"Arm Limited","year":"2020"},{"key":"10.1016\/j.cose.2026.105005_b8","unstructured":"Arm Limited, 2021. Platform Security Model. Technical Report JSADEN014, (Accessed on 13 June 2024)."},{"key":"10.1016\/j.cose.2026.105005_b9","series-title":"Initial attestation report - PSA certified attestation API 1.0","author":"Arm Limited","year":"2022"},{"key":"10.1016\/j.cose.2026.105005_b10","series-title":"PACMAN security vulnerability","author":"Arm Limited","year":"2023"},{"key":"10.1016\/j.cose.2026.105005_b11","series-title":"Trusted Firmware-M Documentation","author":"Arm Limited","year":"2024"},{"key":"10.1016\/j.cose.2026.105005_b12","series-title":"Armv8-M security extension user guide - State context","author":"Arm Limited","year":"2026"},{"key":"10.1016\/j.cose.2026.105005_b13","doi-asserted-by":"crossref","first-page":"4","DOI":"10.46586\/tosc.v2017.i1.4-44","article-title":"The QARMA block cipher family. Almost MDS matrices over rings with zero divisors, nearly symmetric even-mansour constructions with non-involutory central rounds, and search heuristics for low-latency s-boxes","author":"Avanzi","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"10.1016\/j.cose.2026.105005_b14","series-title":"Examining pointer authentication on the iphone XS","author":"Azad","year":"2019"},{"key":"10.1016\/j.cose.2026.105005_b15","series-title":"Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security","first-page":"30","article-title":"Jump-oriented programming: a new class of code-reuse attack","author":"Bletsch","year":"2011"},{"issue":"1","key":"10.1016\/j.cose.2026.105005_b16","doi-asserted-by":"crossref","DOI":"10.1145\/3054924","article-title":"Control-flow integrity: Precision, security, and performance","volume":"50","author":"Burow","year":"2017","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.cose.2026.105005_b17","series-title":"2019 IEEE Symposium on Security and Privacy","first-page":"985","article-title":"SoK: Shining light on shadow stacks","author":"Burow","year":"2019"},{"key":"10.1016\/j.cose.2026.105005_b18","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103568","article-title":"SuM: Efficient shadow stack protection on ARM Cortex-M","volume":"136","author":"Choi","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.105005_b19","first-page":"63","article-title":"Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks","volume":"vol. 98","author":"Cowan","year":"1998"},{"key":"10.1016\/j.cose.2026.105005_b20","doi-asserted-by":"crossref","unstructured":"Dang, T.H., Maniatis, P., Wagner, D., 2015. The performance cost of shadow stacks and stack canaries. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. pp. 555\u2013566.","DOI":"10.1145\/2714576.2714635"},{"key":"10.1016\/j.cose.2026.105005_b21","doi-asserted-by":"crossref","unstructured":"Davi, L., Hanreich, M., Paul, D., Sadeghi, A.R., Koeberl, P., Sullivan, D., Arias, O., Jin, Y., 2015. HAFIX: Hardware-assisted flow integrity extension. In: Proceedings of the 52nd Annual Design Automation Conference. pp. 1\u20136.","DOI":"10.1145\/2744769.2744847"},{"key":"10.1016\/j.cose.2026.105005_b22","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A.R., Winandy, M., 2009. Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In: Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing. pp. 49\u201354.","DOI":"10.1145\/1655108.1655117"},{"key":"10.1016\/j.cose.2026.105005_b23","series-title":"2020 57th ACM\/IEEE Design Automation Conference","first-page":"1","article-title":"Camouflage: Hardware-assisted cfi for the arm linux kernel","author":"Denis-Courmont","year":"2020"},{"key":"10.1016\/j.cose.2026.105005_b24","series-title":"Proceedings of the International Conference on Computer-Aided Design","first-page":"1","article-title":"LiteHAX: Lightweight hardware-assisted attestation of program execution","author":"Dessouky","year":"2018"},{"key":"10.1016\/j.cose.2026.105005_b25","series-title":"Proceedings of the 54th Annual Design Automation Conference 2017","article-title":"LO-FAT: Low-overhead control flow attestation in hardware","author":"Dessouky","year":"2017"},{"key":"10.1016\/j.cose.2026.105005_b26","series-title":"CoreMark-PRO - EEMBC embedded microprocessor benchmark consortium","author":"EEMBC","year":"2024"},{"issue":"11","key":"10.1016\/j.cose.2026.105005_b27","doi-asserted-by":"crossref","first-page":"3757","DOI":"10.1109\/TCAD.2022.3197511","article-title":"Toward register spilling security using LLVM and ARM pointer authentication","volume":"41","author":"Fanti","year":"2022","journal-title":"IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst."},{"key":"10.1016\/j.cose.2026.105005_b28","series-title":"Remote integrity verification of network devices containing trusted platform modules","author":"Fedorkow","year":"2024"},{"issue":"3","key":"10.1016\/j.cose.2026.105005_b29","doi-asserted-by":"crossref","first-page":"518","DOI":"10.1049\/ise2.12113","article-title":"Hardware-assisted remote attestation design for critical embedded systems","volume":"17","author":"Geden","year":"2023","journal-title":"IET Inf. Secur."},{"key":"10.1016\/j.cose.2026.105005_b30","series-title":"2014 IEEE 13th International Symposium on Network Computing and Applications","first-page":"145","article-title":"On the effectiveness of nx, ssp, renewssp, and aslr against stack buffer overflows","author":"Gisbert","year":"2014"},{"key":"10.1016\/j.cose.2026.105005_b31","series-title":"2018 IEEE Conference on Communications and Network Security","first-page":"1","article-title":"Function-oriented programming: A new class of code reuse attack in c applications","author":"Guo","year":"2018"},{"key":"10.1016\/j.cose.2026.105005_b32","doi-asserted-by":"crossref","unstructured":"Hristozov, S., Heyszl, J., Wagner, S., Sigl, G., 2018. Practical runtime attestation for tiny IoT devices. In: NDSS Workshop on Decentralized IoT Security and Standards, Vol. 18. DISS.","DOI":"10.14722\/diss.2018.23011"},{"key":"10.1016\/j.cose.2026.105005_b33","series-title":"2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems","first-page":"78","article-title":"LAPE: A lightweight attestation of program execution scheme for bare-metal systems","author":"Huo","year":"2020"},{"issue":"2","key":"10.1016\/j.cose.2026.105005_b34","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1007\/s10766-020-00673-z","article-title":"TZmCFI: RTOS-Aware Control-Flow Integrity Using TrustZone for Armv8-M","volume":"49","author":"Kawada","year":"2020","journal-title":"Int. J. Parallel Program."},{"key":"10.1016\/j.cose.2026.105005_b35","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2021.102498","article-title":"A survey of remote attestation in internet of things: Attacks, countermeasures, and prospects","volume":"112","author":"Kuang","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.105005_b36","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.101945","article-title":"DO-RA: Data-oriented runtime attestation for IoT devices","volume":"97","author":"Kuang","year":"2020","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.105005_b37","series-title":"Information Security","first-page":"290","article-title":"Towards transparent control-flow integrity in safety-critical systems","author":"Kuzhiyelil","year":"2020"},{"key":"10.1016\/j.cose.2026.105005_b38","series-title":"PACStack: an authenticated call stack","author":"Liljestrand","year":"2020"},{"key":"10.1016\/j.cose.2026.105005_b39","unstructured":"Liljestrand, H., Nyman, T., Wang, K., Perez, C.C., Ekberg, J.E., Asokan, N., 2019. PAC it up: Towards pointer integrity using ARM pointer authentication. In: 28th USENIX Security Symposium. USENIX Security 19, pp. 177\u2013194."},{"key":"10.1016\/j.cose.2026.105005_b40","series-title":"FOP mythoclast","author":"LMS57","year":"2023"},{"key":"10.1016\/j.cose.2026.105005_b41","series-title":"The Entity Attestation Token (EAT)","author":"Lundblade","year":"2024"},{"key":"10.1016\/j.cose.2026.105005_b42","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103384","article-title":"Detecting compromised IoT devices: Existing techniques, challenges, and a way forward","volume":"132","author":"Makhdoom","year":"2023","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.105005_b43","series-title":"Armv8.1-M pointer authentication and branch target identification extension","author":"Mujumdar","year":"2021"},{"key":"10.1016\/j.cose.2026.105005_b44","series-title":"2021 IEEE International Symposium on Hardware Oriented Security and Trust","first-page":"68","article-title":"Protecting indirect branches against fault attacks using ARM pointer authentication","author":"Nasahl","year":"2021"},{"key":"10.1016\/j.cose.2026.105005_b45","series-title":"2025 62nd ACM\/IEEE Design Automation Conference","first-page":"1","article-title":"RAP-track: Efficient control flow attestation via parallel tracking in commodity MCUs","author":"Neto","year":"2025"},{"key":"10.1016\/j.cose.2026.105005_b46","series-title":"Power profiler kit II","author":"Nordic Semiconductor","year":"2024"},{"key":"10.1016\/j.cose.2026.105005_b47","series-title":"Research in Attacks, Intrusions, and Defenses","first-page":"259","article-title":"CFI CaRE: Hardware-supported call and return enforcement for commercial microcontrollers","author":"Nyman","year":"2017"},{"key":"10.1016\/j.cose.2026.105005_b48","series-title":"2017 International Conference on Platform Technology and Service","first-page":"1","article-title":"Security requirements analysis for the IoT","author":"Oh","year":"2017"},{"key":"10.1016\/j.cose.2026.105005_b49","series-title":"BEEBS: Open benchmarks for energy measurements on embedded platforms","author":"Pallister","year":"2013"},{"issue":"1","key":"10.1016\/j.cose.2026.105005_b50","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1093\/comjnl\/bxt129","article-title":"Identifying compiler options to minimize energy consumption for embedded platforms","volume":"58","author":"Pallister","year":"2015","journal-title":"Comput. J."},{"key":"10.1016\/j.cose.2026.105005_b51","series-title":"Pointer authentication on ARMv8.3 design and analysis of the new software security instructions","author":"Qualcomm Technologies, Inc.","year":"2017"},{"key":"10.1016\/j.cose.2026.105005_b52","series-title":"Proceedings of the 49th Annual International Symposium on Computer Architecture","first-page":"685","article-title":"PACMAN: Attacking ARM pointer authentication with speculative execution","author":"Ravichandran","year":"2022"},{"key":"10.1016\/j.cose.2026.105005_b53","series-title":"Arm trust firmware m on RA8m1 - renesas engineering community forum","author":"Renesas","year":"2024"},{"key":"10.1016\/j.cose.2026.105005_b54","series-title":"Request for the latest trusted firmware-m sample project - renesas engineering community forum","author":"Renesas","year":"2024"},{"key":"10.1016\/j.cose.2026.105005_b55","series-title":"Proceedings of the 14th ACM Conference on Computer and Communications Security","first-page":"552","article-title":"The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)","author":"Shacham","year":"2007"},{"key":"10.1016\/j.cose.2026.105005_b56","series-title":"European Symposium on Research in Computer Security","first-page":"531","article-title":"fASLR: Function-based ASLR for resource-constrained IoT systems","author":"Shao","year":"2022"},{"key":"10.1016\/j.cose.2026.105005_b57","series-title":"2020 IEEE Secure Development","first-page":"7","article-title":"Fast execute-only memory for embedded systems","author":"Shen","year":"2020"},{"key":"10.1016\/j.cose.2026.105005_b58","series-title":"Bypassing Modern CPU Protections With Function-Oriented Programming","first-page":"433","author":"Stratton","year":"2023"},{"key":"10.1016\/j.cose.2026.105005_b59","series-title":"2020 IEEE Symposium on Security and Privacy","first-page":"1433","article-title":"OAT: Attesting operation integrity of embedded devices","author":"Sun","year":"2020"},{"key":"10.1016\/j.cose.2026.105005_b60","series-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","first-page":"1332","article-title":"SHERLOC: Secure and holistic control-flow violation detection on embedded systems","author":"Tan","year":"2023"},{"key":"10.1016\/j.cose.2026.105005_b61","series-title":"Arm\u2019s Platform Security Architecture (PSA) Attestation Token","author":"Tschofenig","year":"2024"},{"key":"10.1016\/j.cose.2026.105005_b62","series-title":"31st Euromicro Conference on Real-Time Systems","article-title":"Control-flow integrity for real-time embedded systems","author":"Walls","year":"2019"},{"key":"10.1016\/j.cose.2026.105005_b63","unstructured":"Wang, J., Wang, Y., Li, A., Xiao, Y., Zhang, R., Lou, W., Hou, Y.T., Zhang, N., 2023. ARI: Attestation of Real-time Mission Execution Integrity. In: 32nd USENIX Security Symposium. USENIX Security 23, pp. 2761\u20132778."},{"key":"10.1016\/j.cose.2026.105005_b64","doi-asserted-by":"crossref","first-page":"132675","DOI":"10.1109\/ACCESS.2022.3230791","article-title":"Efficient CFI enforcement for embedded systems using ARM TrustZone-M","volume":"10","author":"Yeo","year":"2022","journal-title":"IEEE Access"},{"key":"10.1016\/j.cose.2026.105005_b65","series-title":"Applied Cryptography in Computer and Communications: First EAI International Conference, AC3 2021, Virtual Event, May 15-16, 2021, Proceedings 1","first-page":"41","article-title":"A Security Enhanced Key Management Service for ARM Pointer Authentication","author":"Zhang","year":"2021"},{"key":"10.1016\/j.cose.2026.105005_b66","series-title":"2013 IEEE Symposium on Security and Privacy","first-page":"559","article-title":"Practical control flow integrity and randomization for binary executables","author":"Zhang","year":"2013"},{"key":"10.1016\/j.cose.2026.105005_b67","unstructured":"Zhou, J., Du, Y., Shen, Z., Ma, L., Criswell, J., Walls, R.J., 2020. Silhouette: Efficient protected shadow stacks for embedded systems. In: 29th USENIX Security Symposium. USENIX Security 20, pp. 1219\u20131236."}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826001811?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826001811?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:14:16Z","timestamp":1783962856000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826001811"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":67,"alternative-id":["S0167404826001811"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105005","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"RunPBA \u2014 Runtime attestation for microcontrollers with PACBTI","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105005","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Authors. Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"105005"}}