{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T14:27:33Z","timestamp":1766068053238,"version":"3.40.1"},"reference-count":67,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T00:00:00Z","timestamp":1740787200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T00:00:00Z","timestamp":1740787200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T00:00:00Z","timestamp":1740787200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202194"],"award-info":[{"award-number":["62202194"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"CCF-Huawei Populus Grove Fund"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2025,3]]},"DOI":"10.1109\/tdsc.2024.3445296","type":"journal-article","created":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T17:30:18Z","timestamp":1723829418000},"page":"1491-1505","source":"Crossref","is-referenced-by-count":1,"title":["MaTEE: Efficiently Bridging the Semantic Gap in TrustZone via Arm Pointer Authentication"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9164-8069","authenticated-orcid":false,"given":"Shiqi","family":"Liu","sequence":"first","affiliation":[{"name":"Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China"}]},{"given":"Xiang","family":"Li","sequence":"additional","affiliation":[{"name":"Research Center for Basic Theories of Intelligent Computing, Research Institute of Basic Theories, Zhejiang Laboratory, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0841-1045","authenticated-orcid":false,"given":"Jie","family":"Wang","sequence":"additional","affiliation":[{"name":"Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-3709-4069","authenticated-orcid":false,"given":"Yongpeng","family":"Gao","sequence":"additional","affiliation":[{"name":"Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-9652-5040","authenticated-orcid":false,"given":"Jiajin","family":"Hu","sequence":"additional","affiliation":[{"name":"Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, China"}]}],"member":"263","reference":[{"key":"ref1","first-page":"1","article-title":"Adapting software fault isolation to contemporary {CPU} architectures","volume-title":"Proc. 19th USENIX Secur. Symp.","author":"Sehr"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254111"},{"key":"ref3","first-page":"699","article-title":"Retrofitting fine grain isolation in the firefox renderer","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Narayan"},{"article-title":"Trust, but verify: SFi safety for native-compiled wasm","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.. Internet Soc.","author":"Johnson","key":"ref4"},{"key":"ref5","first-page":"1975","article-title":"{Provably-Safe} multilingual software sandboxing using {WebAssembly}","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Bosamiya"},{"article-title":"Security technology building a secure system using trustzone technology (white paper)","year":"2009","author":"Arm","key":"ref6"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.400"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102628"},{"key":"ref9","first-page":"267","article-title":"Exploiting trustzone on android","volume":"2","author":"Shen","year":"2015","journal-title":"Black Hat USA"},{"article-title":"Trustzone kernel privilege escalation (CVE-2016\u20132431)","year":"2016","author":"Beniamini","key":"ref10"},{"key":"ref11","article-title":"Reflections on trusting trustzone","author":"Rosenberg","year":"2014","journal-title":"BlackHat USA"},{"article-title":"Kinibi tee: Trusted application exploitation","year":"2018","author":"Berard","key":"ref12"},{"article-title":"Unbox your phone","year":"2018","author":"Komaromy","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/54289.871709"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23227"},{"key":"ref16","first-page":"825","article-title":"Horizontal privilege escalation in trusted applications","volume-title":"Proc. 29th USENIX Conf. Secur. Symp.","author":"Suciu"},{"key":"ref17","first-page":"137","article-title":"Access control: Policies, models, and mechanisms","volume-title":"Proc. Int. Sch. Found. Secur. Anal. Des.","author":"Samarati"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/381792.195579"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.9"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00098"},{"key":"ref21","first-page":"787","article-title":"Capstone: A capability-based foundation for trustless secure memory access","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Yu"},{"year":"2023","key":"ref22","article-title":"Fixed virtual platforms"},{"year":"2023","key":"ref23","article-title":"Op-tee sanity testsuite"},{"article-title":"Android verified boot (avb) in op-tee","year":"2018","author":"Wiklander","key":"ref24"},{"article-title":"Trusted keys in op-tee","year":"2020","author":"Garg","key":"ref25"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3386901.3388946"},{"year":"2022","key":"ref27","article-title":"Learn the architecture - aarch64 exception model"},{"year":"2010","key":"ref28","article-title":"Tee client API specification version 1.0"},{"year":"2021","key":"ref29","article-title":"Tee internal core API specification version 1.3.1"},{"year":"2017","key":"ref30","article-title":"Pointer authentication on ARMv8.3"},{"key":"ref31","first-page":"1037","article-title":"PTAuth: Temporal memory safety via robust points-to authentication","volume-title":"Proc. USENIX Secur. Symp.","author":"Farkhani"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.46586\/tosc.v2017.i1.4-44"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3470496.3527429"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2017.10"},{"key":"ref35","first-page":"487","article-title":"An {Off-Chip} attack on hardware enclaves via the memory bus","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Lee"},{"year":"2023","key":"ref36","article-title":"Common weakness enumeration."},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-99766-3_5"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560598"},{"year":"2022","key":"ref39","article-title":"Apple platform security"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD.2017.112"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2678373.2665740"},{"article-title":"AOS-RISC-V: Towards always-on heap memory safety","volume-title":"Proc. 6th Workshop Comput. Archit. Res. RISC-V 49th Int. Symp. Comput. Archit.","author":"Kim","key":"ref43"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3517208.3523758"},{"key":"ref45","first-page":"177","article-title":"PAC it up: Towards pointer integrity using ARM pointer authentication","volume-title":"Proc. USENIX Secur. Symp.","author":"Liljestrand"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS54340.2022.00027"},{"key":"ref47","first-page":"3717","article-title":"Tightly seal your sensitive pointers with pactight","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Ismail"},{"key":"ref48","first-page":"357","article-title":"PACStack: An authenticated call stack","volume-title":"Proc. USENIX Secur. Symp.","author":"Liljestrand"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18072.2020.9218535"},{"key":"ref50","first-page":"89","article-title":"In-kernel control-flow integrity on commodity OSes using ARM pointer authentication","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Yoo"},{"article-title":"ARM pointer authentication based forward-edge and backward-edge control flow integrity for kernels","year":"2019","author":"Yang","key":"ref51"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24026"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO50266.2020.00095"},{"key":"ref54","article-title":"Unlocking the motorola bootloader","author":"Rosenberg","year":"2013","journal-title":"Azimuth Secur. Blog"},{"key":"ref55","first-page":"1057","article-title":"{CLKSCREW}: Exposing the perils of {Security-oblivious} energy management","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Tang"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354201"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978406"},{"key":"ref58","first-page":"2261","article-title":"REZONE: Disarming trustzone with TEE privilege reduction","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Cerdeira"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483554"},{"article-title":"Hafnium - trusted firmware","year":"2023","author":"Firmware","key":"ref60"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.11"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3251418"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23327"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23448"},{"key":"ref65","first-page":"541","article-title":"vTZ: Virtualizing ARM TrustZone","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Hua"},{"key":"ref66","first-page":"565","article-title":"Hardware-assisted on-demand hypervisor activation for efficient security critical code execution on mobile devices","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Cho"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2622261"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/10925471\/10638181.pdf?arnumber=10638181","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,17]],"date-time":"2025-03-17T21:20:04Z","timestamp":1742246404000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10638181\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3]]},"references-count":67,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2024.3445296","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"type":"print","value":"1545-5971"},{"type":"electronic","value":"1941-0018"},{"type":"electronic","value":"2160-9209"}],"subject":[],"published":{"date-parts":[[2025,3]]}}}