{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T04:07:12Z","timestamp":1769746032104,"version":"3.49.0"},"reference-count":61,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2023,3,15]],"date-time":"2023-03-15T00:00:00Z","timestamp":1678838400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,3,15]],"date-time":"2023-03-15T00:00:00Z","timestamp":1678838400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,3,15]],"date-time":"2023-03-15T00:00:00Z","timestamp":1678838400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2021YFB2012402"],"award-info":[{"award-number":["2021YFB2012402"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61872111"],"award-info":[{"award-number":["61872111"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2023,3,15]]},"DOI":"10.1109\/jiot.2022.3222074","type":"journal-article","created":{"date-parts":[[2022,11,18]],"date-time":"2022-11-18T20:47:52Z","timestamp":1668804472000},"page":"5378-5392","source":"Crossref","is-referenced-by-count":6,"title":["Securing Operating Systems Through Fine-Grained Kernel Access Limitation for IoT Systems"],"prefix":"10.1109","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1981-5878","authenticated-orcid":false,"given":"Dongyang","family":"Zhan","sequence":"first","affiliation":[{"name":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2114-8533","authenticated-orcid":false,"given":"Zhaofeng","family":"Yu","sequence":"additional","affiliation":[{"name":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiangzhan","family":"Yu","sequence":"additional","affiliation":[{"name":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8167-7106","authenticated-orcid":false,"given":"Hongli","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9647-0271","authenticated-orcid":false,"given":"Lin","family":"Ye","sequence":"additional","affiliation":[{"name":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2113-4679","authenticated-orcid":false,"given":"Likun","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Cyberspace Science, Harbin Institute of Technology, Harbin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3006358"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/s12083-017-0564-6"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.09.058"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.3390\/s19081793"},{"key":"ref5","volume-title":"CVE-2017-7308","year":"2022"},{"key":"ref6","volume-title":"CVE-2017-5123","year":"2022"},{"key":"ref7","volume-title":"CVE-2016-8655","year":"2022"},{"key":"ref8","volume-title":"2020 IoT developer survey","year":"2020"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2963145"},{"key":"ref10","volume-title":"Linux seccomp","year":"2020"},{"key":"ref11","first-page":"443","article-title":"Confine: Automated system call policy generation for container attack surface reduction","volume-title":"Proc. 23rd Int. Symp. Res. Attacks Intrusions Defenses (RAID)","author":"Ghavamnia"},{"key":"ref12","volume-title":"Nabla containers: A new approach to container isolation"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2592798.2592812"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_11"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2017.16"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1147\/JRD.2016.2574138"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/MSN50589.2020.00070"},{"key":"ref18","first-page":"459","article-title":"Sysfilter: Automated system call filtering for commodity software","volume-title":"Proc. 23rd Int. Symp. Res. Attacks Intrusions Defenses (RAID)","author":"DeMarinis"},{"key":"ref19","article-title":"Tailored application-specific system call tables","author":"Zeng","year":"2014"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3474123.3486762"},{"key":"ref21","first-page":"1","article-title":"Breaking payloads with runtime code stripping and image freezing","volume-title":"Proc. Black Hat USA","author":"Mulliner"},{"key":"ref22","volume-title":"The most important Linux files to protect(and how)","year":"2017"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274703"},{"key":"ref24","first-page":"1769","article-title":"Detecting missing-check bugs via semantic-and context-aware criticalness and constraints inferences","volume-title":"Proc. 28th USENIX Security Symp. (USENIX Security)","author":"Lu"},{"key":"ref25","volume-title":"System call wrappers\u2014Glibc wiki","year":"2017"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354244"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594295"},{"key":"ref28","first-page":"941","article-title":"Enforcing forward-edge control-flow integrity in GCC & LLVM","volume-title":"Proc. 23rd USENIX Security Symp. (USENIX Security)","author":"Tice"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274739"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931047"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"ref32","volume-title":"Firmware analysis tool","year":"2022"},{"key":"ref33","volume-title":"Script for searching the extracted firmware file system for goodies!","year":"2020"},{"key":"ref34","article-title":"The exploit database\u2014Exploits, Shellcode, 0days, remote exploits, local exploits, Web Apps, vulnerability reports, security articles, tutorials and more","year":"2022"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2016.100"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2541883.2541895"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/IOTSMS48152.2019.8939164"},{"key":"ref38","volume-title":"gViosr: A container sandbox runtime focused on security, efficiency, and ease of use","year":"2022"},{"key":"ref39","first-page":"81","article-title":"BASTION: A security enforcement network stack for container networks","volume-title":"Proc. USENIX Annu. Tech. Conf. (USENIXATC)","author":"Nam"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2017.49"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2879605"},{"key":"ref42","first-page":"1749","article-title":"Temporal system call specialization for attack surface reduction","volume-title":"Proc. 29th USENIX Security Symp. (USENIX Security)","author":"Ghavamnia"},{"key":"ref43","first-page":"689","article-title":"SCONE: Secure Linux containers with Intel SGX","volume-title":"Proc. 12th USENIX Symp. Oper. Syst. Des. Implement. (OSDI)","author":"Arnautov"},{"key":"ref44","first-page":"869","article-title":"Debloating software through piece-wise compilation and loading","volume-title":"Proc. 27th USENIX Security Symp. (USENIX Security)","author":"Quach"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359823"},{"key":"ref46","volume-title":"LibFilter: Debloating dynamically-linked libraries through binary recompilation","author":"Shteinfeld","year":"2019"},{"key":"ref47","first-page":"1733","article-title":"RAZOR: A framework for post-deployment software debloating","volume-title":"Proc. 28th USENIX Security Symp. (USENIX Security)","author":"Qian"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.11.022"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2924045"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2018.11.025"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2018.2825478"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2020.2988293"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.37"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.49"},{"key":"ref55","first-page":"1115","article-title":"Not everything is dark and gloomy: Power grid protections against IoT demand attacks","volume-title":"Proc. 28th USENIX Security Symp. (USENIX Security)","author":"Huang"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.05.055"},{"key":"ref57","first-page":"1133","article-title":"Discovering and understanding the security hazards in the interactions between IoT devices, mobile apps, and clouds on smart home platforms","volume-title":"Proc. 28th USENIX Security Symp. (USENIX Security)","author":"Zhou"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24016"},{"key":"ref59","first-page":"1219","article-title":"Silhouette: Efficient protected shadow stacks for embedded systems","volume-title":"Proc. 29th USENIX Security Symp. (USENIX Security)","author":"Zhou"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23107"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.5555\/3277203.3277210"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6488907\/10061500\/09955404.pdf?arnumber=9955404","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,1]],"date-time":"2024-02-01T03:07:26Z","timestamp":1706756846000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9955404\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,15]]},"references-count":61,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2022.3222074","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"value":"2327-4662","type":"electronic"},{"value":"2372-2541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,15]]}}}