{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:11:01Z","timestamp":1772039461620,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T00:00:00Z","timestamp":1731974400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Bundesministerium f\u00fcr Bildung und Forschung","award":["16KIS1314"],"award-info":[{"award-number":["16KIS1314"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,19]]},"DOI":"10.1145\/3689934.3690838","type":"proceedings-article","created":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T18:20:11Z","timestamp":1732040411000},"page":"11-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["IlluminaTEE: Effective Man-At-The-End Attacks from within ARM TrustZone"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-3615-7627","authenticated-orcid":false,"given":"Matti","family":"Schulze","sequence":"first","affiliation":[{"name":"FAU Erlangen-N\u00fcrnberg, Erlangen-N\u00fcrnberg, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2369-2196","authenticated-orcid":false,"given":"Christian","family":"Lindenmeier","sequence":"additional","affiliation":[{"name":"FAU Erlangen-N\u00fcrnberg, Erlangen-N\u00fcrnberg, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3970-5580","authenticated-orcid":false,"given":"Jonas","family":"R\u00f6ckl","sequence":"additional","affiliation":[{"name":"FAU Erlangen-N\u00fcrnberg, Erlangen-N\u00fcrnberg, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8279-8401","authenticated-orcid":false,"given":"Felix","family":"Freiling","sequence":"additional","affiliation":[{"name":"FAU Erlangen-N\u00fcrnberg, Erlangen-N\u00fcrnberg, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,11,19]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Trustzone: Integrated hardware and software security. Information Quarterly","author":"Alves Tiago","year":"2004","unstructured":"Tiago Alves. 2004. Trustzone: Integrated hardware and software security. Information Quarterly (2004)."},{"key":"e_1_3_2_1_2_1","unstructured":"ARM Holdings. 2022. ARM architecture reference manual for A-profile architecture. https:\/\/developer.arm.com\/documentation\/ddi0487\/latest\/. Accessed: 2023-09-28."},{"key":"e_1_3_2_1_3_1","unstructured":"Boundary-Devices. 2023. Nitrogen8M - Boundary Devices. https:\/\/boundarydevices.com\/product\/nitrogen8m\/. Accessed: 2023-09--14."},{"key":"e_1_3_2_1_4_1","volume-title":"14th USENIX Workshop on Offensive Technologies, WOOT 2020","author":"Busch Marcel","year":"2020","unstructured":"Marcel Busch, Johannes Westphal, and Tilo M\u00fcller. 2020. Unearthing the TrustedCore: A Critical Review on Huawei's Trusted Execution Environment. In 14th USENIX Workshop on Offensive Technologies, WOOT 2020, August 11, 2020."},{"key":"e_1_3_2_1_5_1","volume-title":"F. and R\u00fcckert, C. and Safferling","author":"Nicolai M.","year":"2021","unstructured":"Busch, M. and Nicolai, F. and Fleischer, F. and R\u00fcckert, C. and Safferling, C. and Freiling, F. 2021. Make Remote Forensic Investigations Forensic Again: Increasing the Evidential Value of Remote Forensic Investigations. In Digital Forensics and Cyber Crime: 11th EAI International Conference, ICDF2C 2020, Boston, MA, USA, October 15-16, 2020, Proceedings 11."},{"key":"e_1_3_2_1_6_1","volume-title":"SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems. In 2020 IEEE Symposium on Security and Privacy, SP 2020","author":"Cerdeira David","year":"2020","unstructured":"David Cerdeira, Nuno Santos, Pedro Fonseca, and Sandro Pinto. 2020. SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems. In 2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18-21, 2020."},{"key":"e_1_3_2_1_7_1","volume-title":"Wink: Deniable Secure Messaging. In 32nd USENIX Security Symposium, USENIX Security 2023","author":"Chakraborti Anrin","year":"2023","unstructured":"Anrin Chakraborti, Darius Suciu, and Radu Sion. 2023. Wink: Deniable Secure Messaging. In 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023."},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of HotOS-VIII: 8th Workshop on Hot Topics in Operating Systems","author":"Peter","year":"2001","unstructured":"Peter M. Chen and Brian D. Noble. 2001. When Virtual is Better than Real. In Proceedings of HotOS-VIII: 8th Workshop on Hot Topics in Operating Systems, May 20-23, 2001, Elmau\/Oberbayern, Germany."},{"key":"e_1_3_2_1_9_1","unstructured":"Commission of the European Union. 2022. Fighting child sexual abuse: Commission proposes new rules to protect children. https:\/\/ec.europa.eu\/commission\/presscorner\/detail\/en\/ip_22_2976. Accessed: 2023-12-05."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2017.8323953"},{"key":"e_1_3_2_1_11_1","volume":"201","author":"Demme John","unstructured":"John Demme, Matthew Maycock, Jared Schmitz, Adrian Tang, Adam Waksman, Simha Sethumadhavan, and Salvatore J. Stolfo. 2013. On the feasibility of online malware detection with performance counters. (2013).","journal-title":"Salvatore J. Stolfo."},{"key":"e_1_3_2_1_12_1","unstructured":"EEMBC. 2012. AndEBench-Pro. https:\/\/www.eembc.org\/andebench\/. Accessed: 2023-09-14."},{"key":"e_1_3_2_1_13_1","unstructured":"EEMBC. 2012. CoreMark-PRO. https:\/\/www.eembc.org\/coremark-pro\/. Accessed: 2023-09-14."},{"key":"e_1_3_2_1_14_1","volume-title":"4th International ICST Conference on Security and Privacy in Communication Networks, SECURECOMM 2008","author":"Embleton Shawn","year":"2008","unstructured":"Shawn Embleton, Sherri Sparks, and Cliff C. Zou. 2008. SMM rootkits: A new breed of OS independent malware. In 4th International ICST Conference on Security and Privacy in Communication Networks, SECURECOMM 2008, Istanbul, Turkey, September 22-25, 2008."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3407072"},{"key":"e_1_3_2_1_16_1","volume-title":"Exploring coremark a benchmark maximizing simplicity and efficacy","author":"Gal-On Shay","year":"2012","unstructured":"Shay Gal-On and Markus Levy. 2012. Exploring coremark a benchmark maximizing simplicity and efficacy. The Embedded Microprocessor Benchmark Consortium (2012)."},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS","author":"Garfinkel Tal","year":"2003","unstructured":"Tal Garfinkel and Mendel Rosenblum. 2003. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2003, San Diego, California, USA."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3081333.3081349"},{"key":"e_1_3_2_1_19_1","volume-title":"Introspection for ARM TrustZone with the ITZ Library. In 2018 IEEE International Conference on Software Quality, Reliability and Security, QRS 2018","author":"Guerra Miguel","year":"2018","unstructured":"Miguel Guerra, Benjamin Taubmann, Hans P. Reiser, Sileshi Demesie Yalew, and Miguel Correia. 2018. Introspection for ARM TrustZone with the ITZ Library. In 2018 IEEE International Conference on Software Quality, Reliability and Security, QRS 2018, Lisbon, Portugal, July 16-20, 2018."},{"key":"e_1_3_2_1_20_1","volume-title":"Felten","author":"Halderman J. Alex","year":"2009","unstructured":"J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. 2009. Lest we remember: Cold-boot attacks on encryption keys. Commun. ACM (2009)."},{"key":"e_1_3_2_1_21_1","volume-title":"PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation. In 29th USENIX Security Symposium, USENIX Security 2020","author":"Harrison Lee","year":"2020","unstructured":"Lee Harrison, Hayawardh Vijayakumar, Rohan Padhye, Koushik Sen, and Michael Grace. 2020. PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020."},{"key":"e_1_3_2_1_22_1","unstructured":"Amnesty International. 2021. Mobile Verification Toolkit. https:\/\/github.com\/mvt-project\/mvt. Accessed: 2024-06-18."},{"key":"e_1_3_2_1_23_1","volume-title":"SoK: Introspections on Trust and the Semantic Gap. In 2014 IEEE Symposium on Security and Privacy, SP 2014","author":"Jain Bhushan","year":"2014","unstructured":"Bhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E. Porter, and Radu Sion. 2014. SoK: Introspections on Trust and the Semantic Gap. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2015.35"},{"key":"e_1_3_2_1_25_1","volume-title":"Trusted Monitor: TEE-Based System Monitoring. In XII Brazilian Symposium on Computing Systems Engineering, SBESC 2022","author":"Jung Benedikt","year":"2022","unstructured":"Benedikt Jung, Christian Eichler, Jonas R\u00f6ckl, Ralph Schlenk, Timo H\u00f6nig, and Tilo M\u00fcller. 2022. Trusted Monitor: TEE-Based System Monitoring. In XII Brazilian Symposium on Computing Systems Engineering, SBESC 2022, Fortaleza, CE, Brazil, November 21-24, 2022."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243783"},{"key":"e_1_3_2_1_27_1","volume-title":"33rd USENIX Security Symposium, USENIX Security 2024","author":"Lindenmeier Christian","year":"2024","unstructured":"Christian Lindenmeier, Mathias Payer, and Marcel Busch. 2024. EL3XIR: Fuzzing COTS Secure Monitors. In 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/lindenmeier"},{"key":"e_1_3_2_1_28_1","unstructured":"Microsoft. 2023. Virtualization-based Security (VBS). https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/design\/device-experiences\/oem-vbs. Accessed: 2024-06-18."},{"key":"e_1_3_2_1_29_1","unstructured":"National Cyber Security Center under the Ministry of National Defence Republic of Lithuania. 2021. Assessment of cybersecurity of mobile devices supporting 5G technology sold in Lithuania. https:\/\/www.nksc.lt\/doc\/en\/analysis\/2021-08-23_5G-CN-analysis_env3.pdf. Accessed: 2024-02-20."},{"key":"e_1_3_2_1_30_1","volume-title":"Ninja: Towards Transparent Tracing and Debugging on ARM. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Ning Zhenyu","year":"2017","unstructured":"Zhenyu Ning and Fengwei Zhang. 2017. Ninja: Towards Transparent Tracing and Debugging on ARM. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017."},{"key":"e_1_3_2_1_31_1","unstructured":"Dmytro Oleksiuk. 2020. SmmBackdoor. https:\/\/github.com\/Cr4sh\/SmmBackdoorNg. Accessed: 2024-02-20."},{"key":"e_1_3_2_1_32_1","volume-title":"Freiling","author":"Palutke Ralph","year":"2018","unstructured":"Ralph Palutke and Felix C. Freiling. 2018. Styx: Countering robust memory acquisition. Digit. Investig. (2018)."},{"key":"e_1_3_2_1_33_1","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020","author":"Palutke Ralph","year":"2020","unstructured":"Ralph Palutke, Simon Ruderich, Matthias Wild, and Felix C. Freiling. 2020. HyperLeech: Stealthy System Virtualization with Minimal Target Impact through DMA-Based Hypervisor Injection. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020, San Sebastian, Spain, October 14-15, 2020."},{"key":"e_1_3_2_1_34_1","unstructured":"Trevor Perrin and Moxie Marlinspike. 2016. The double ratchet algorithm. https:\/\/kr-labs.com.ua\/books\/doubleratchet.pdf. Accessed: 2023-09-28."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3545948.3545962"},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks, Virtual Event, Republic of Korea","author":"Quarta Davide","year":"2021","unstructured":"Davide Quarta, Michele Ianni, Aravind Machiry, Yanick Fratantonio, Eric Gustafson, Davide Balzarotti, Martina Lindorfer, Giovanni Vigna, and Christopher Kruegel. 2021. Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone. In Checkmate@CCS 2021, Proceedings of the Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks, Virtual Event, Republic of Korea, 19 November 2021."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSCI54926.2021.00188"},{"key":"e_1_3_2_1_38_1","volume-title":"Subverting Vista kernel for fun and profit. https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2008\/08\/20084218\/BH-US-06-Rutkowska.pdf. Black hat briefings","author":"Rutkowska Joanna","year":"2006","unstructured":"Joanna Rutkowska. 2006. Subverting Vista kernel for fun and profit. https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2008\/08\/20084218\/BH-US-06-Rutkowska.pdf. Black hat briefings (2006)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.357"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052999"},{"key":"e_1_3_2_1_41_1","volume-title":"Wroclaw","author":"Sun He","year":"2014","unstructured":"He Sun, Kun Sun, Yuewu Wang, Jiwu Jing, and Sushil Jajodia. 2014. TrustDump: Reliable Memory Acquisition on Smartphones. In Computer Security - ESORICS 2014 - 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part I."},{"key":"e_1_3_2_1_42_1","volume-title":"Reiser","author":"Taubmann Benjamin","year":"2018","unstructured":"Benjamin Taubmann, Omar Alabduljaleel, and Hans P. Reiser. 2018. DroidKex: Fast extraction of ephemeral TLS keys from the memory of Android apps. Digit. Investig. (2018)."},{"key":"e_1_3_2_1_43_1","volume-title":"Reiser","author":"Taubmann Benjamin","year":"2016","unstructured":"Benjamin Taubmann, Christoph Fr\u00e4drich, Dominik Dusold, and Hans P. Reiser. 2016. TLSkex: Harnessing virtual machine introspection for decrypting TLS communication. Digit. Investig. (2016)."},{"key":"e_1_3_2_1_44_1","volume-title":"Freiling","author":"Latzo Tobias","year":"2019","unstructured":"Tobias Latzo and Ralph Palutke and Felix C. Freiling. 2019. A universal taxonomy and survey of forensic memory acquisition techniques. Digit. Investig. (2019)."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICIS54925.2022.9882517"},{"key":"e_1_3_2_1_46_1","unstructured":"Volatility Foundation. 2018. The Volatility Foundation - Open Source Mmemory Forensics. https:\/\/www.volatilityfoundation.org\/. Accessed: 2023-09-14."},{"key":"e_1_3_2_1_47_1","volume-title":"Black Hat 2006","author":"Dai Zovi Dino A","year":"2006","unstructured":"Dino A Dai Zovi. 2006. Hardware virtualization rootkits. https:\/\/www.blackhat.com\/presentations\/bh-usa-06\/BH-US-06-Zovi.pdf. Black Hat 2006, August (2006)."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 Workshop on Research on offensive and defensive techniques in the context of Man At The End (MATE) attacks"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689934.3690838","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689934.3690838","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T20:25:24Z","timestamp":1755980724000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689934.3690838"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,19]]},"references-count":47,"alternative-id":["10.1145\/3689934.3690838","10.1145\/3689934"],"URL":"https:\/\/doi.org\/10.1145\/3689934.3690838","relation":{},"subject":[],"published":{"date-parts":[[2024,11,19]]},"assertion":[{"value":"2024-11-19","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}