{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:11:09Z","timestamp":1772039469926,"version":"3.50.1"},"reference-count":86,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Beijing Tianjin Hebei"},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["V1640354653903"],"award-info":[{"award-number":["V1640354653903"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004826","name":"Beijing Natural Science Foundation","doi-asserted-by":"publisher","award":["L234033"],"award-info":[{"award-number":["L234033"]}],"id":[{"id":"10.13039\/501100004826","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2238264"],"award-info":[{"award-number":["CNS-2238264"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003246","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"publisher","award":["VI.Veni.202.212 VENI \u201cVulcan\u201d"],"award-info":[{"award-number":["VI.Veni.202.212 VENI \u201cVulcan\u201d"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2025,1]]},"DOI":"10.1109\/tdsc.2024.3399068","type":"journal-article","created":{"date-parts":[[2024,5,9]],"date-time":"2024-05-09T17:46:56Z","timestamp":1715276816000},"page":"343-358","source":"Crossref","is-referenced-by-count":2,"title":["InvisiGuard: Data Integrity for Microcontroller-Based Devices via Hardware-Triggered Write Monitoring"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-7484-1333","authenticated-orcid":false,"given":"Dongliang","family":"Fang","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4311-9434","authenticated-orcid":false,"given":"Anni","family":"Peng","sequence":"additional","affiliation":[{"name":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences (UCAS), Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8205-5616","authenticated-orcid":false,"given":"Le","family":"Guan","sequence":"additional","affiliation":[{"name":"University of Georgia, Athens, GA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0312-9913","authenticated-orcid":false,"given":"Erik","family":"van der Kouwe","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0826-4425","authenticated-orcid":false,"given":"Klaus","family":"von Gleissenthall","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0840-4846","authenticated-orcid":false,"given":"Wenwen","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Georgia, Athens, GA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8306-7195","authenticated-orcid":false,"given":"Yuqing","family":"Zhang","sequence":"additional","affiliation":[{"name":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences (UCAS), Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2745-7521","authenticated-orcid":false,"given":"Limin","family":"Sun","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"ref2","first-page":"1","article-title":"Ghost in the PLC designing an undetectable programmable logic controller rootkit via pin control attack","volume-title":"Proc. Black Hat Europe","author":"Abbasi"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00013"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978358"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.30"},{"key":"ref6","first-page":"2243","article-title":"GAROTA: Generalized active root-of-trust architecture (for tiny embedded devices)","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Aliaj"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24016"},{"key":"ref8","article-title":"FreeRTOS memory management","year":"2022"},{"key":"ref9","article-title":"ARM cortex-M programming guide to memory barrier instructions","year":"2012"},{"key":"ref10","article-title":"Armv8-M architecture reference manual","year":"2022"},{"key":"ref11","article-title":"Data watch trace","year":"2022"},{"key":"ref12","article-title":"Introduction to the armv8-M architecture","year":"2022"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00058"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660350"},{"key":"ref15","article-title":"Over the air: Exploiting Broadcom\u2019s Wi-Fi stack","author":"Beniamini","year":"2017"},{"key":"ref16","first-page":"161","article-title":"Control-flow bending: On the effectiveness of control-flow integrity","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Carlini"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052983"},{"key":"ref18","first-page":"147","article-title":"Securing software by enforcing data-flow integrity","volume-title":"Proc. 7th Symp. Operating Syst. Des. Implementation","author":"Castro"},{"key":"ref19","article-title":"Non-control-data attacks are realistic threats","volume-title":"Proc. 14th USENIX Secur. Symp.","author":"Chen"},{"key":"ref20","article-title":"WIN32\/INDUSTROYER: A new threat for industrial control systems","author":"Cherepanov","year":"2017","journal-title":"White paper, ESET"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.5555\/3277203.3277210"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.37"},{"key":"ref23","article-title":"Alarm system for home based on Raspberry PI 3","author":"DDrazir","year":"2016"},{"key":"ref24","article-title":"PID controller library for ARM Cortex M (STM32)","author":"Derhambakhsh","year":"2022"},{"key":"ref25","article-title":"Digital laboratory syringe pump dLSP500","year":"2023"},{"key":"ref26","first-page":"2281","article-title":"Holistic control-flow protection on real-time embedded systems with kage","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Du"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3490176"},{"key":"ref28","first-page":"911","article-title":"SweynTooth: Unleashing mayhem over bluetooth low energy","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Garbelini"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23313"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3093336.3037716"},{"key":"ref31","article-title":"The top 20 cyber attacks against industrial control systems","author":"Ginter","year":"2017","journal-title":"White Paper, Waterfall Secur. Solutions"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102424"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3081333.3081349"},{"key":"ref34","first-page":"135","article-title":"Toward the analysis of embedded firmware through automated re-hosting","volume-title":"Proc. 22nd Int. Symp. Res. Attacks Intrusions Defenses","author":"Gustafson"},{"key":"ref35","first-page":"177","article-title":"Automatic generation of data-oriented exploits","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Hu"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.62"},{"key":"ref37","article-title":"Root-of-trust architectures for low-end embedded systems","author":"Jakkamsetti","year":"2023"},{"key":"ref38","first-page":"1","article-title":"In-process memory isolation using hardware watchpoint","volume-title":"Proc. 56th ACM\/IEEE Des. Automat. Conf.","author":"Jang"},{"key":"ref39","first-page":"1","article-title":"Revisiting the arm debug facility for os kernel security","volume-title":"Proc. 56th ACM\/IEEE Des. Automat. Conf.","author":"Jang"},{"key":"ref40","article-title":"Light controller for controlling remote controllable switches","author":"Judin","year":"2016"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2019.23074"},{"key":"ref42","article-title":"FreeRTOS TCP\/IP stack vulnerabilities \u2013 The details","author":"Karliner","year":"2018"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/s10766-020-00673-z"},{"key":"ref44","article-title":"19 Zero-day vulnerabilities amplified by the supply chain","author":"Kol","year":"2020","journal-title":"JSOF, White Paper"},{"key":"ref45","first-page":"231","article-title":"uXOM: Efficient eXecute-only memory on ARM Cortex-M","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Kwon"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/161494.161501"},{"key":"ref47","article-title":"MIPS debugger and trace","year":"2022"},{"key":"ref48","article-title":"An arduino firmware that outputs a PWM signal for steering motor control via serial","author":"Mayer","year":"2016"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3538275"},{"key":"ref50","article-title":"Hacker tries to poison water supply of Florida town","author":"Montalbano","year":"2021"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542504"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/1806651.1806657"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/1065887.1065892"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS58335.2023.00018"},{"key":"ref55","first-page":"771","article-title":"APEX: A verified architecture for proofs of execution on remote devices under full software compromise","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Nunes"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833737"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18074.2021.9586180"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.23919\/DATE51398.2021.9474029"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_12"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00082"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/1357010.1352616"},{"key":"ref62","article-title":"Open-source syringe pump","author":"Pearce","year":"2016"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/ASPDAC.2001.913312"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/3291047"},{"key":"ref65","article-title":"Industrial control systems killed once and will again, experts warn","year":"2008"},{"key":"ref66","article-title":"Monitor mode debugging","year":"2023"},{"key":"ref67","first-page":"309","article-title":"AddressSanitizer: A fast address sanity checker","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Serebryany"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev45635.2020.00017"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00036"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00039"},{"key":"ref71","article-title":"RISC-V debug specification","year":"2022"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23218"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-82r2"},{"key":"ref74","article-title":"Question regarding the callgraph","author":"Sui","year":"2022"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892235"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00042"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484788"},{"key":"ref78","article-title":"BadAlloc \u2013 Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks","author":"Team","year":"2021"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00031"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833604"},{"key":"ref81","first-page":"2761","article-title":"ARI: Attestation of real-time mission execution integrity","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Wang"},{"key":"ref82","article-title":"Identifying non-control security-critical data in program binaries with a deep neural model","author":"Wang","year":"2021"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423344"},{"key":"ref84","article-title":"There\u2019s more to vulnerability management than CVSS score","author":"Yadin","year":"2022"},{"key":"ref85","first-page":"1219","article-title":"Silhouette: Efficient protected shadow stacks for embedded systems","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Zhou"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519573"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/8858\/10843954\/10526458-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10843954\/10526458.pdf?arnumber=10526458","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,21]],"date-time":"2025-01-21T03:56:21Z","timestamp":1737431781000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10526458\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1]]},"references-count":86,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2024.3399068","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1]]}}}