{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T18:55:47Z","timestamp":1763664947240,"version":"3.45.0"},"reference-count":55,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2512972","2453496","2523436","2508320"],"award-info":[{"award-number":["2512972","2453496","2523436","2508320"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Centers of Academic Excellence in Cybersecurity","award":["H98230-22-1-0307"],"award-info":[{"award-number":["H98230-22-1-0307"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3625394","type":"journal-article","created":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T17:56:58Z","timestamp":1761587818000},"page":"12096-12111","source":"Crossref","is-referenced-by-count":0,"title":["Microft: Exploring and Mitigating Cross-State Control-Flow Hijacking Attacks on ARM Cortex-M TrustZone"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-5631-0466","authenticated-orcid":false,"given":"Zheyuan","family":"Ma","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, University at Buffalo, Buffalo, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-8957-4507","authenticated-orcid":false,"given":"Xi","family":"Tan","sequence":"additional","affiliation":[{"name":"CactiLab, Boston, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4353-1998","authenticated-orcid":false,"given":"Lukasz","family":"Ziarek","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University at Buffalo, Buffalo, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0670-2161","authenticated-orcid":false,"given":"Ning","family":"Zhang","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Washington University in St. Louis, St. Louis, MO, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0596-1703","authenticated-orcid":false,"given":"Shambhu","family":"Upadhyaya","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University at Buffalo, Buffalo, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8710-247X","authenticated-orcid":false,"given":"Hongxin","family":"Hu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University at Buffalo, Buffalo, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4930-5556","authenticated-orcid":false,"given":"Ziming","family":"Zhao","sequence":"additional","affiliation":[{"name":"CactiLab, Boston, USA"}]}],"member":"263","reference":[{"volume-title":"The Arm Ecosystem Ships a Record 6.7 Billion Arm-Based Chips in a Single Quarter","year":"2025","key":"ref1"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3291047"},{"volume-title":"Armv8-M Architecture Reference Manual","year":"2025","key":"ref3"},{"key":"ref4","article-title":"ARMv8-M architecture technical overview","volume-title":"ARM Ltd., White Paper","author":"Yiu","year":"2015"},{"volume-title":"TrustZone technology for the Armv8-M Architecture Version 2.1","year":"2025","key":"ref5"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/54289.871709"},{"key":"ref7","first-page":"1","article-title":"Towards taming privilege-escalation attacks on Android","volume-title":"Proc. Netw. Distrib. Syst. Secur. (NDSS)","author":"Bugiel"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363206"},{"key":"ref9","first-page":"1","article-title":"Horizontal privilege escalation in trusted applications","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur.)","author":"Suciu"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23227"},{"key":"ref11","first-page":"39","article-title":"KGuard: Lightweight kernel protection against return-to-user attacks","volume-title":"Proc. USENIX Secur. Symp.","author":"Kemerlis"},{"key":"ref12","first-page":"957","article-title":"Ret2Dir: Rethinking kernel isolation","volume-title":"Proc. USENIX Secur. Symp.","author":"Kemerlis"},{"volume-title":"Cortex-M23 Technical Reference Manual","year":"2025","key":"ref13"},{"volume-title":"Cortex-M33 Technical Reference Manual","year":"2025","key":"ref14"},{"volume-title":"Cortex-M35P","year":"2025","key":"ref15"},{"volume-title":"Cortex-M55 Technical Reference Manual","year":"2025","key":"ref16"},{"volume-title":"Cortex-M85 Technical Reference Manual","year":"2025","key":"ref17"},{"volume-title":"Armv8.1-M Architecture Reference Manual","year":"2025","key":"ref18"},{"volume-title":"Definitive Guide to Arm Cortex-M23 and Cortex-M33 Processors","year":"2020","author":"Yiu","key":"ref19"},{"volume-title":"FreeRTOS","year":"2025","key":"ref20"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.37"},{"key":"ref22","first-page":"1","article-title":"ACES: Automatic compartments for embedded systems","volume-title":"Proc. 27th USENIX Secur. Symp. (USENIX Secur.)","author":"Clements"},{"volume-title":"Trusted Firmware-M","year":"2025","key":"ref23"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/GLOBECOM42002.2020.9322370"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2022.3144405"},{"key":"ref26","first-page":"1","article-title":"SoK: Where\u2019s the \u2019up\u2019?! A comprehensive (bottom-up) study on the security of arm cortex-M systems","volume-title":"Proc. 18th USeNIX WOOT Conf. Offensive Technol.","author":"Tan"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833610"},{"volume-title":"AN505: Cortex-M33 With IoT Kit FPGA for MPS2+ Version 2.0","year":"2025","key":"ref28"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.51593\/20190016"},{"volume-title":"ARM Cortex-M55 Helium DSP MCU Market Research Report 2033","year":"2025","author":"Sharma","key":"ref30"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2016.18"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2016.070463"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.45"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00061"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/c2009-0-30579-6"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3494107.3522774"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3147262"},{"key":"ref38","first-page":"1","article-title":"Control-system stability under consecutive deadline misses constraints","volume-title":"Proc. 32nd Euromicro Conf. Real-Time Syst. (ECRTS)","author":"Maggio"},{"key":"ref39","first-page":"1","article-title":"Analyzing the effects of missed deadlines in control systems","volume-title":"Proc. ARTES Real-Time Graduate Student Conf.","author":"Cervin"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-82r3"},{"volume-title":"TF-M Crypto Service Design","year":"2025","author":"de Angelis","key":"ref41"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom63139.2024.00041"},{"article-title":"Taking DMA attacks to the next level","year":"2017","author":"Trikalinou","key":"ref43"},{"volume-title":"Renesas Teams Up With Applus+ Laboratories to Achieve PSA Certified Level 1 With CRA Extension for Three New MCU Groups","year":"2025","key":"ref44"},{"volume-title":"IoT Security is at Its Highest Demand; PSA Certified Reports Find","year":"2025","author":"Valerio","key":"ref45"},{"volume-title":"Cellular IoT Module Market Q2 2023: 66% of IoT Modules Shipped Without Dedicated Hardware Security","year":"2025","author":"Sinha","key":"ref46"},{"key":"ref47","first-page":"1","article-title":"TRITON: The first ICS cyber attack on safety instrument systems","volume-title":"Proc. Black Hat USA","volume":"2018","author":"Di Pinto"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA46521.2020.9212128"},{"volume-title":"Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions","year":"2023","key":"ref49"},{"key":"ref50","first-page":"94","article-title":"A survey of remote automotive attack surfaces","volume":"2014","author":"Miller","year":"2014","journal-title":"Black Hat USA"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2022.3201557"},{"volume-title":"Common Microcontroller Software Interface Standard (CMSIS)","year":"2025","key":"ref52"},{"volume-title":"Trusted Firmware-M (TF-M)","year":"2025","key":"ref53"},{"volume-title":"Platform Security Architecture (PSA) Certified","year":"2025","key":"ref54"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.26599\/TST.2021.9010094"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/10206\/10810755\/11217201-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11217201.pdf?arnumber=11217201","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T18:41:02Z","timestamp":1763664062000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11217201\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":55,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3625394","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2025]]}}}