{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,24]],"date-time":"2025-04-24T17:40:03Z","timestamp":1745516403207,"version":"3.40.4"},"reference-count":76,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"NSRF via the Program Management Unit for Human Resources and Institutional Development, Research and Innovation","award":["B13F670122"],"award-info":[{"award-number":["B13F670122"]}]},{"name":"National Science, Research and Innovation Fund (NSRF) and Prince of Songkla University","award":["COC6701016S"],"award-info":[{"award-number":["COC6701016S"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3555179","type":"journal-article","created":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T02:25:01Z","timestamp":1743042301000},"page":"4167-4182","source":"Crossref","is-referenced-by-count":0,"title":["SLAPP: Poisoning Prevention in Federated Learning and Differential Privacy via Stateful Proofs of Execution"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1192-5079","authenticated-orcid":false,"given":"Norrathep","family":"Rattanavipanon","sequence":"first","affiliation":[{"name":"College of Computing, Prince of Songkla University, Phuket, Thailand"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3486-6550","authenticated-orcid":false,"given":"Ivan","family":"De Oliveira Nunes","sequence":"additional","affiliation":[{"name":"SPINS Group, Department of Informatics, University of Z&#x00FC;rich, Z&#x00FC;rich, Switzerland"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978358"},{"key":"ref2","first-page":"77","article-title":"Sok: Integrity, attestation, and auditing of program execution","volume-title":"Proc. IEEE Symp. Secur. Privacy (SP)","author":"Ammar"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1997.601317"},{"key":"ref4","first-page":"118","article-title":"Machine learning with adversaries: Byzantine tolerant gradient descent","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"30","author":"Blanchard"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2744922"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ICPADS47876.2019.00042"},{"key":"ref7","first-page":"947","article-title":"Data poisoning attacks to local differential privacy protocols","volume-title":"Proc. USENIX Secur. Symp.","author":"Cao"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3489517.3530550"},{"key":"ref9","first-page":"5827","article-title":"ACFA: Secure runtime auditing & guaranteed device healing via active control flow attestation","volume-title":"Proc. USENIX Secur. Symp.","author":"Caulfield"},{"key":"ref10","first-page":"147","article-title":"Soteria: Automated IoT safety and security analysis","volume-title":"Proc. USENIX ATC","author":"Celik"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3154503"},{"key":"ref12","first-page":"1429","article-title":"VRASED: A verified hardware\/software co-design for remote attestation","volume-title":"Proc. USENIX Secur. Symp.","author":"Nunes"},{"key":"ref13","first-page":"771","article-title":"APEX: A verified architecture for proofs of execution on remote devices under full software compromise","volume-title":"Proc. USENIX Secur. Symp.","author":"Nunes"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.23919\/DATE51398.2021.9474029"},{"article-title":"Fine-grained access control for sensors, actuators, and automation networks","year":"2023","author":"De Vaere","key":"ref15"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3657006"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3240765.3240821"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3061639.3062276"},{"key":"ref19","first-page":"3574","article-title":"Collecting telemetry data privately","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"30","author":"Ding"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3098243.3098261"},{"key":"ref21","first-page":"1","article-title":"SMART: Secure and minimal architecture for (establishing dynamic) root of trust","volume-title":"Proc. NDSS","author":"Eldefrawy"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660348"},{"key":"ref23","first-page":"1605","article-title":"Local model poisoning attacks to Byzantine-robust federated learning","volume-title":"Proc. USENIX Secur. Symp.","author":"Fang"},{"key":"ref24","first-page":"253","article-title":"Robust logistic regression and classification","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"27","author":"Feng"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"ref26","first-page":"3521","article-title":"The hidden vulnerability of distributed learning in byzantium","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Mhamdi"},{"key":"ref27","article-title":"Byzantine-robust and privacy-preserving framework for FedML","author":"Hashemi","year":"2021","journal-title":"arXiv:2105.02295"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2020.102498"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-51476-0_20"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49384-7_17"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00057"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23074"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2592798.2592824"},{"key":"ref34","article-title":"Federated learning: Strategies for improving communication efficiency","author":"Kone\u02c7c n\u00fd","year":"2016","journal-title":"arXiv:1610.05492"},{"issue":"1","key":"ref35","first-page":"1","article-title":"The impact of GDPR on global technology development","volume":"22","author":"Li","year":"2019","journal-title":"J. Global Inf. Technol. Manage."},{"key":"ref36","first-page":"429","article-title":"Federated optimization in heterogeneous networks","volume-title":"Proc. Mach. Learn. Syst.","author":"Li"},{"key":"ref37","first-page":"1739","article-title":"Fine-grained poisoning attack to local differential privacy protocols for mean and variance estimation","volume-title":"Proc. USENIX Secur. Symp.","author":"Li"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3169918"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352625"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.76"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3528535.3565255"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3458864.3466628"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/SSPS.2017.8071591"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/1878431.1878446"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/WoWMoM.2016.7523559"},{"volume-title":"National Vulnerability Database","year":"2017","key":"ref46"},{"volume-title":"National Vulnerability Database","year":"2020","key":"ref47"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS58335.2023.00018"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17433-9_12"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3079763"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833737"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.001.2300514"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18074.2021.9586180"},{"key":"ref54","article-title":"RARES: Runtime attack resilient embedded system design using verified proof-of-execution","author":"Patel","year":"2023","journal-title":"arXiv:2305.03266"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3291047"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS57875.2023.00069"},{"volume-title":"SLAPP Repo","year":"2025","author":"Rattanavipanon","key":"ref57"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/ICVD.2004.1260985"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.23233"},{"article-title":"Comparative study of ECC libraries for embedded devices","year":"2019","author":"Silde","key":"ref60"},{"volume-title":"Nucleo-l552ze-q","year":"2025","key":"ref61"},{"key":"ref62","first-page":"12613","article-title":"FL-WBC: Enhancing robustness against model poisoning attacks in federated learning from a client perspective","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Sun"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00042"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/ICC40277.2020.9148937"},{"key":"ref65","first-page":"121","article-title":"ScaRR: Scalable runtime remote attestation for complex systems","volume-title":"Proc. Int. Symp. Res. Attacks, Intrusions Defenses","author":"Toffalini"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"ref67","first-page":"1633","article-title":"On adaptive attacks to adversarial example defenses","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Tram\u00e8r"},{"volume-title":"Trusted Platform Module (tpm)","year":"2017","author":"Group","key":"ref68"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690379"},{"key":"ref70","first-page":"2761","article-title":"ARI: Attestation of real-time mission execution integrity","volume-title":"Proc. USENIX Secur. Symp.","author":"Wang"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00614"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC57260.2024.10570631"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3389685"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/ICCAD.2017.8203803"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3485900"},{"key":"ref76","article-title":"Federated learning with non-IID data","author":"Zhao","year":"2018","journal-title":"arXiv:1806.00582"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/10942392.pdf?arnumber=10942392","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,24]],"date-time":"2025-04-24T17:04:29Z","timestamp":1745514269000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10942392\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":76,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3555179","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2025]]}}}