{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T08:29:40Z","timestamp":1772008180388,"version":"3.50.1"},"reference-count":144,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,8]]},"DOI":"10.1109\/acsac67867.2025.00032","type":"proceedings-article","created":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T20:54:58Z","timestamp":1771966498000},"page":"228-244","source":"Crossref","is-referenced-by-count":0,"title":["It's a Non-Stop PARTEE! Practical Multi-Enclave Availability Through Partitioning and Asynchrony"],"prefix":"10.1109","author":[{"given":"Richard","family":"Habeeb","sequence":"first","affiliation":[{"name":"Yale University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hao","family":"Chen","sequence":"additional","affiliation":[{"name":"Yale University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Man-Ki","family":"Yoon","sequence":"additional","affiliation":[{"name":"North Carolina State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhong","family":"Shao","sequence":"additional","affiliation":[{"name":"Yale University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","article-title":"ROS: an open-source robot operating system","volume-title":"ICRA Workshop on Open Source Software","author":"Quigley"},{"key":"ref2","volume-title":"NVIDIA DRIVE thor strikes AI performance balance, uniting AV and cockpit on a single computer","author":"Kani","year":"2022"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/CODESISSS.2015.7331385"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/857076.857078"},{"key":"ref5","first-page":"31","article-title":"How do you architect your robots? State of the practice and guidelines for ROS-based systems","volume-title":"2020 IEEE\/ACM 42nd International Conference on Software Engineering: Software Engineering in Practice, ser. ICSE-SEIP \u201920","author":"Malavolta"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2735960.2735980"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.tra.2015.04.003"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.20"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2855563"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2020.100218"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102150"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00005"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101677"},{"key":"ref14","article-title":"Free-fall: Hacking tesla from wireless to CAN bus","author":"Nie","year":"2017","journal-title":"Black Hat USA 2017, Las Vegas, NV"},{"key":"ref15","volume-title":"The connected car: Ways to get unauthorized access and potential implications","author":"Daan Keuper","year":"2018"},{"key":"ref16","article-title":"0-days & mitigations: Roadways to exploit and secure connected BMW cars","author":"Cai","year":"2019","journal-title":"Black Hat USA 2019, Las Vegas, NV"},{"key":"ref17","article-title":"TBONE-a zero-click exploit for Tesla MCUs","author":"Weinmann","year":"2020","journal-title":"ComSecuris, Tech. Rep."},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24217"},{"key":"ref19","article-title":"0-click RCE on the Tesla infotainment through cellular network","volume-title":"OffensiveCon","author":"Berard","year":"2024"},{"key":"ref20","article-title":"I feel a draft. opening the doors and windows 0-click RCE on the Tesla Model3","author":"Berard","year":"2022","journal-title":"Hexacon, Vancouver, BC"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.357"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1049\/cmu2.12759"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3578359.3593038"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/CIC.2016.065"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833604"},{"key":"ref26","article-title":"Dual operating system architecture for real-time embedded systems","volume-title":"6th International Workshop on Operating Systems Platforms for Embedded Real-Time Applications, ser. OSPERT \u201910","author":"Sangorrin","year":"2010"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjtrans.5.47"},{"key":"ref28","article-title":"Open portable trusted execution environment","volume-title":"Linaro"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/1353535.1346284"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451146"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/2541940.2541986"},{"key":"ref32","first-page":"409","article-title":"MiniBox: A two-way sandbox for x86 native code","volume-title":"2014 USENIX Annual Technical Conference, ser. USENIX ATC \u201914","author":"Li"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"ref35","first-page":"689","article-title":"SCONE: Secure Linux containers with Intel SGX","volume-title":"12th USENIX Symposium on Operating Systems Design and Implementation, ser. OSDI \u201916","author":"Arnautov"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064219"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3081333.3081349"},{"key":"ref38","first-page":"645","article-title":"Graphene-SGX: A practical library OS for unmodified applications on SGX","volume-title":"USENIX Annual Technical Conference, ser. USENIX ATC \u201917","author":"Tsai"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23500"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00014"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378469"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24057"},{"key":"ref43","first-page":"683","article-title":"BlackBox: a container security monitor for protecting containers on untrusted operating systems","volume-title":"16th USENIX Symposium on Operating Systems Design and Implementation, ser. OSDI \u201922","author":"Van\u2019t Hof"},{"key":"ref44","article-title":"Intel SGX explained","volume-title":"Cryptology ePrint Archive, Paper 2016\/086","author":"Costan","year":"2016"},{"key":"ref45","article-title":"Resource containers: A new facility for resource management in server systems","volume-title":"Proceedings of the 3rd Symposium on Operating Systems Design and Implementation, ser. OSDI \u201999","author":"Banga"},{"key":"ref46","first-page":"4:1","article-title":"LTZVisor: TrustZone is the key","volume-title":"29th Euromicro Conference on Real-Time Systems, ser. ECRTS \u201917","author":"Pinto"},{"key":"ref47","article-title":"Remote exploitation of an unaltered passenger vehicle","volume-title":"Black Hat USA, Las Vegas, NV","author":"Miller","year":"2015"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3131347"},{"key":"ref49","article-title":"Mixed criticality systems\u2014a review","author":"Burns","year":"2022","journal-title":"Department of Computer Science, University of York, Tech. Rep. 13"},{"key":"ref50","article-title":"Recovering critical data from tesla autopilot using voltage glitching","author":"K\u00fchnapfel","year":"2023","journal-title":"37th Chaos Communication Congress, ser. 37C3, Hamburg, Germany"},{"key":"ref51","article-title":"Jailbreaking an electric vehicle in 2023","author":"Werling","year":"2023","journal-title":"Black Hat USA, Las Vegas, NV"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/1067627.806586"},{"key":"ref54","article-title":"Vxworks safety planforms","volume-title":"WindRiver"},{"key":"ref55","article-title":"Partitioning in avionics architectures: Requirements, mechanisms, and assurance","author":"Rushby","year":"1999","journal-title":"NASA, Tech. Rep."},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2008.4702751"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS58335.2023.00011"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1002\/rob.20255"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3313808.3313810"},{"key":"ref60","article-title":"Horizontal privilege escalation in trusted applications","volume-title":"29th USENIX Security Symposium, ser. USENIX Security \u201920","author":"Suciu"},{"key":"ref61","first-page":"2261","article-title":"ReZone: Disarming TrustZone with TEE privilege reduction","volume-title":"31st USENIX Security Symposium, ser. USENIX Security \u201922","author":"Cerdeira"},{"key":"ref62","first-page":"5537","article-title":"GlobalConfusion: TrustZone trusted application 0-days by design","volume-title":"33rd USENIX Security Symposium, ser. USENIX Security \u201924","author":"Busch"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/ICCVE.2013.6799789"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.3390\/electronics6040093"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/RTCSA.2018.00016"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2021.102368"},{"key":"ref67","volume-title":"GlobalPlatform Device Technology TEE Client API Specification Version 1.0, GlobalPlatform","year":"2010"},{"key":"ref68","volume-title":"GlobalPlatform Technology TEE Internal Core API Specification Version 1.1.2.50, GlobalPlatform","year":"2018"},{"key":"ref69","volume-title":"GlobalPlatform Technology TEE System Architecture Version 1.2, GlobalPlatform","year":"2018"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/54289.871709"},{"key":"ref71","article-title":"ARM Trusted Firmware","volume-title":"ARM"},{"key":"ref72","volume-title":"ARM CoreLink TZC-400 TrustZone Address Space Controller Technical Reference Manual, ARM","year":"2014"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/103727.103729"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-71237-6_14"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCSW.2003.1203555"},{"issue":"12","key":"ref76","first-page":"188","article-title":"Design and performance of DDS-based middleware for real-time control systems","volume":"7","author":"Guesmi","year":"2007","journal-title":"International Journal of Computer Science and Network Security (IJCSNS)"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC63791.2024.00085"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66787-4_22"},{"key":"ref79","article-title":"Ghost in the air (traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices","author":"Costin","year":"2012","journal-title":"Black Hat USA, Las Vegas, NV"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1002\/rob.21513"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24130"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00264"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2001.936213"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/RTCSA.2016.17"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2013.6531076"},{"key":"ref86","first-page":"143","article-title":"VirtualDrone: virtual sensing, actuation, and communication for attack-resilient unmanned aerial systems","volume-title":"Proceedings of the 8th International Conference on Cyber-Physical Systems, ser. ICCPS \u201917","author":"Yoon"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1145\/3086439.3086443"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/3338507.3358615"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/ICAA52185.2022.00010"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/3576841.3585934"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134623"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1145\/3592607"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI44817.2019.9002737"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3078111"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.14722\/vehiclesec.2024.23055"},{"key":"ref96","article-title":"Drone security white paper (version 3.0)","volume-title":"DJI. Tech. Rep.","year":"2024"},{"key":"ref97","volume-title":"Parrot drones hijacking","author":"Cabrera","year":"2018"},{"key":"ref98","volume-title":"Ukrainian marines hacked a russian drone to locate its base\u2014then blew up the base with artillery","author":"Axe","year":"2023"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2924410"},{"key":"ref100","volume-title":"Unixbench: the original BYTE UNIX benchmark suite","author":"Smith"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1109\/WWC.2001.990739"},{"key":"ref102","article-title":"Evolution of the pikeos microkernel","volume-title":"First International Workshop on MicroKernels for Embedded Systems, ser. MIKES \u201907","author":"Kaiser"},{"key":"ref103","article-title":"Look mum, no vm exits!(almost)","author":"Ramsauer","year":"2017","journal-title":"arXiv preprint arXiv"},{"key":"ref104","article-title":"Bao: A lightweight static partitioning hypervisor for modern multi-core embedded systems","volume-title":"Workshop on Next Generation Real-Time Embedded Systems, ser. NG-RES \u201920","author":"Martins"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1145\/1165389.945462"},{"issue":"4","key":"ref106","first-page":"182","article-title":"Reliable and efficient dual-OS communications for real-time embedded virtualization","volume":"29","author":"Sangorrin","year":"2012","journal-title":"Computer Software"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/LCA.2016.2617308"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/IECON.2017.8216603"},{"key":"ref109","first-page":"6:1","article-title":"VOSYSmonitor, a low latency monitor layer for mixed-criticality systems on ARMv8-A","volume-title":"29th Euromicro Conference on Real-Time Systems, ser. ECRTS \u201917","author":"Lucas"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/ISIE.2018.8433781"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2019.00032"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1145\/1435458.1435461"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1109\/ECRTS.2010.28"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1109\/RTSS52674.2021.00015"},{"key":"ref115","article-title":"PikeOS-VirtIO","volume-title":"SYSGO"},{"key":"ref116","article-title":"SMACCM: TS in the DARPA HACMS Program","volume-title":"UNSW Trustworthy Systems Group"},{"key":"ref117","article-title":"Secure mathematically-assured composition of control models","author":"Cofer","year":"2017","journal-title":"Air Force Research Laboratory (RITA), Tech. Rep."},{"key":"ref118","article-title":"HACMS: High Assurance Cyber Military Systems","volume-title":"Lookwerks"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2013.6531079"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2019.00037"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2014.6925999"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1145\/3302424.3303976"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420960"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484782"},{"key":"ref126","first-page":"2243","article-title":"GAROTA: Generalized active Root-Of-Trust architecture (for tiny embedded devices)","volume-title":"31st USENIX Security Symposium, ser. USENIX Security \u201922","author":"Aliaj"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2744922"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1145\/2592798.2592824"},{"key":"ref129","article-title":"ER-TOS: Enclaves in real-time operating systems","volume-title":"Fifth Workshop on Computer Architecture Research with RISC-V, ser. CARRV \u201921","author":"Thomas"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387532"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.23009"},{"key":"ref132","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507754"},{"key":"ref133","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23041"},{"key":"ref134","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519565"},{"key":"ref135","first-page":"285","article-title":"M2MON: Building an MMIO-based security reference monitor for unmanned vehicles","volume-title":"30th USENIX Security Symposium, ser. USENIX Security \u201921","author":"Khan"},{"key":"ref136","first-page":"541","article-title":"vTZ: Virtualizing ARM TrustZone","volume-title":"26th USENIX Security Symposium, ser. USENIX Security \u201917","author":"Hua"},{"key":"ref137","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2022.3152555"},{"key":"ref138","article-title":"Aster: Fixing the android TEE ecosystem with ARM CCA","author":"Kuhne","year":"2024","journal-title":"arXiv preprint arXiv"},{"key":"ref139","first-page":"3953","article-title":"Formally verified memory protection for a commodity multiprocessor hypervisor","volume-title":"30th USENIX Security Symposium, ser. USENIX Security \u201921","author":"Li"},{"key":"ref140","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1977.229904"},{"key":"ref141","doi-asserted-by":"publisher","DOI":"10.1145\/1882486.1882508"},{"key":"ref142","doi-asserted-by":"publisher","DOI":"10.1145\/2695664.2695924"},{"key":"ref143","article-title":"Iceoryx: Lock-free queue","volume-title":"Eclipse Foundation"},{"key":"ref144","doi-asserted-by":"publisher","DOI":"10.1109\/ISORC.2010.10"}],"event":{"name":"2025 IEEE Annual Computer Security Applications Conference (ACSAC)","location":"Honolulu, HI, USA","start":{"date-parts":[[2025,12,8]]},"end":{"date-parts":[[2025,12,12]]}},"container-title":["2025 IEEE Annual Computer Security Applications Conference (ACSAC)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11391636\/11391706\/11391946.pdf?arnumber=11391946","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T07:52:23Z","timestamp":1772005943000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11391946\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":144,"URL":"https:\/\/doi.org\/10.1109\/acsac67867.2025.00032","relation":{},"subject":[],"published":{"date-parts":[[2025,12,8]]}}}