{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T10:49:43Z","timestamp":1779101383904,"version":"3.51.4"},"reference-count":62,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"24","license":[{"start":{"date-parts":[[2024,12,15]],"date-time":"2024-12-15T00:00:00Z","timestamp":1734220800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,12,15]],"date-time":"2024-12-15T00:00:00Z","timestamp":1734220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,12,15]],"date-time":"2024-12-15T00:00:00Z","timestamp":1734220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foun-dation of China","doi-asserted-by":"publisher","award":["62402056"],"award-info":[{"award-number":["62402056"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004761","name":"Academician Fang Binxing Workstation in Hainan Province, China","doi-asserted-by":"publisher","award":["62402056"],"award-info":[{"award-number":["62402056"]}],"id":[{"id":"10.13039\/501100004761","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004761","name":"Academician Fang Binxing Workstation in Hainan Province, China","doi-asserted-by":"publisher","award":["YSGZZ2023003"],"award-info":[{"award-number":["YSGZZ2023003"]}],"id":[{"id":"10.13039\/501100004761","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2024,12,15]]},"DOI":"10.1109\/jiot.2024.3450272","type":"journal-article","created":{"date-parts":[[2024,8,26]],"date-time":"2024-08-26T13:34:28Z","timestamp":1724679268000},"page":"40051-40069","source":"Crossref","is-referenced-by-count":3,"title":["Scrutinizing Code Signing: A Study of in-Depth Threat Modeling and Defense Mechanism"],"prefix":"10.1109","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1124-3396","authenticated-orcid":false,"given":"Tiantian","family":"Ji","sequence":"first","affiliation":[{"name":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Binxing","family":"Fang","sequence":"additional","affiliation":[{"name":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiang","family":"Cui","sequence":"additional","affiliation":[{"name":"Fourth Department, Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tian","family":"Wang","sequence":"additional","affiliation":[{"name":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-2756-3510","authenticated-orcid":false,"given":"Yuntao","family":"Zhang","sequence":"additional","affiliation":[{"name":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fan","family":"Gu","sequence":"additional","affiliation":[{"name":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chao","family":"Zheng","sequence":"additional","affiliation":[{"name":"Research and Development Department, Geedge Networks, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Symantec security response","author":"Nicolas","year":"2011"},{"key":"ref2","volume-title":"SolarWinds Compromise","year":"2023"},{"key":"ref3","volume-title":"Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor","year":"2020"},{"key":"ref4","volume-title":"Authenticode Digital Signatures","year":"2021"},{"key":"ref5","volume-title":"X.509","year":"2021"},{"key":"ref6","volume-title":"PKCS 12","year":"2021"},{"key":"ref7","volume-title":"\u2018Destover\u2019 Malware Now Digitally Signed by Sony Certificates (Updated)","year":"2014"},{"key":"ref8","volume-title":"Where is the origin?: QAKBOT uses valid code signing","author":"Kimura","year":"2022"},{"key":"ref9","volume-title":"Attack-incidents-related-to-code-signing","year":"2024"},{"key":"ref10","volume-title":"PKCS 7","year":"2021"},{"key":"ref11","first-page":"1393","article-title":"In-toto: Providing farm-to-table guarantees for bits and bytes","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Security)","author":"Torres-Arias"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2507288.2507307"},{"key":"ref13","first-page":"1","article-title":"Where do you want to go today? Escalating privileges by pathname manipulation","volume-title":"Proc. NDSS","author":"Chari"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.11"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.17"},{"key":"ref16","first-page":"567","article-title":"Diplomat: Using delegations to protect community repositories","volume-title":"Proc. 13th USENIX Symp. Netw. Syst. Design Implement. (NSDI)","author":"Kuppusamy"},{"key":"ref17","first-page":"673","article-title":"Mercury:Bandwidth-effective prevention of rollback attacks against community repositories","volume-title":"Proc. USENIX Annu. Techn. Conf. (USENIX ATC)","author":"Kuppusamy"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3605770.3625209"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31912-9_20"},{"key":"ref20","first-page":"1121","article-title":"SafetyPin: Encrypted backups with human-memorable secrets","volume-title":"Proc. 14th USENIX Symp. Oper. Syst. Design Implement. (OSDI)","author":"Dauterman"},{"key":"ref21","volume-title":"SafeNet Luna Network Hardware Security Module","author":"Kumar","year":"2018"},{"key":"ref22","volume-title":"YubiHSM 2","year":"2024"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ICSESS.2018.8663805"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i4.149-172"},{"key":"ref25","article-title":"Everybody be cool, this is a robbery","volume-title":"Black Hat USA","author":"B\u00e8drune"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484785"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560596"},{"key":"ref28","volume-title":"Self-Custody More Secure Than a Hardware Wallet","year":"2024"},{"key":"ref29","volume-title":"Keep Your Funds Safe From Here On","year":"2024"},{"key":"ref30","first-page":"207","article-title":"Practical threshold signatures","volume-title":"Proc. Int. Conf. Theory Appl. Cryptogr. Techn.","author":"V"},{"key":"ref31","volume-title":"tss-rsa-cpp","year":"2022"},{"key":"ref32","volume-title":"Multi-Party-Sig-Cpp","year":"2023"},{"key":"ref33","volume-title":"Threshold code signing scheme based on distributed private key sharding","year":"2024"},{"key":"ref34","volume-title":"Microsoft Defender SmartScreen","year":"2023"},{"key":"ref35","volume-title":"ATool","year":"2023"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/PKIA.2017.8278956"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2019.1800240"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354242"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133989"},{"key":"ref40","first-page":"851","article-title":"The broken shield: Measuring revocation effectiveness in the windows code-signingPKI","volume-title":"Proc. 27th USENIX Secur. Symp. (USENIX Security)","author":"Kim"},{"key":"ref41","volume-title":"Subverting Trust in Windows","author":"Graeber","year":"2018"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2872518.2888610"},{"key":"ref43","volume-title":"ATT&CK Matrix for Enterprise","year":"2024"},{"key":"ref44","volume-title":"Vulnerability DB","year":"2024"},{"key":"ref45","volume-title":"CVE\u00ae Program Mission","year":"2024"},{"key":"ref46","volume-title":"Ukraine: Disk-Wiping Attacks Precede Russian Invasion","year":"2022"},{"key":"ref47","volume-title":"Spear phishing attacks target organizations in Ukraine, payloads include the document stealer outsteel and the downloader SaintBot","year":"2022"},{"key":"ref48","volume-title":"Possible hidden malicious campaign targeting financial sector using sophisticated malware and valid certificates","year":"2019"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133958"},{"key":"ref50","volume-title":"Flash zero-day exploit deployed by the ScarCruft APT group","author":"Raiu","year":"2016"},{"key":"ref51","volume-title":"Subvert Trust Controls: Code Signing","year":"2022"},{"key":"ref52","volume-title":"The Duqu 2.0 persistence module","year":"2015"},{"key":"ref53","volume-title":"CVE-2020-0601","year":"2020"},{"key":"ref54","volume-title":"CVE-2020-1464","year":"2024"},{"key":"ref55","volume-title":"Baseline requirements for the issuance and management of publicly-trusted code signing certificates","year":"2022"},{"key":"ref56","volume-title":"Why Code Signing is The Talk Of The Dark Web","year":"2022"},{"key":"ref57","volume-title":"Dark Web Consultancy: Detect exposures early with Forensic Pathways","year":"2024"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-92317-4_4"},{"key":"ref59","volume-title":"Researchers found misconfigured Jenkins servers leaking sensitive data","author":"Paganini","year":"2018"},{"key":"ref60","volume-title":"CVE-2022-34689","year":"2023"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813665"},{"key":"ref62","article-title":"Issued for abuse: Measuring the underground trade in code signing certificate","author":"Koz\u00e1k","year":"2018","journal-title":"arXiv:1803.02931"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6488907\/10786863\/10648805.pdf?arnumber=10648805","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T21:08:20Z","timestamp":1771276100000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10648805\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,15]]},"references-count":62,"journal-issue":{"issue":"24"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2024.3450272","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"value":"2327-4662","type":"electronic"},{"value":"2372-2541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,15]]}}}