{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,8]],"date-time":"2026-07-08T15:20:31Z","timestamp":1783524031413,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T00:00:00Z","timestamp":1731974400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"German Federal Ministry for Education and Research (BMBF)","award":["16KIS1955"],"award-info":[{"award-number":["16KIS1955"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,19]]},"DOI":"10.1145\/3690134.3694816","type":"proceedings-article","created":{"date-parts":[[2024,11,22]],"date-time":"2024-11-22T06:22:58Z","timestamp":1732256578000},"page":"41-54","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["BT\n            <sup>2<\/sup>\n            X: Multi-Leveled Binary Transparency to Protect the Software Supply Chain of Operational Technology"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1094-4828","authenticated-orcid":false,"given":"Michael P.","family":"Heinl","sequence":"first","affiliation":[{"name":"Technical University of Munich, Fraunhofer AISEC &amp; Munich University of Applied Sciences HM, Garching bei M\u00fcnchen, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3641-0506","authenticated-orcid":false,"given":"Victor","family":"Embacher","sequence":"additional","affiliation":[{"name":"Technical University of Munich &amp; Fraunhofer AISEC, Garching bei M\u00fcnchen, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030-00305-0_8"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3472292"},{"key":"e_1_3_2_1_3_1","unstructured":"Henk Birkholz Antoine Delignat-Lavaud Ceic Fournet and Yogesh Deshpande. 2023. An Architecture for Trustworthy and Transparent Digital Supply Chains. Internet Draft draft-ietf-scitt-architecture-01. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-ietf-scitt-architecture Num Pages: 38."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45741-3_8"},{"key":"e_1_3_2_1_5_1","unstructured":"European Union Agency for Cybersecurity (ENISA). 2021. Threat Landscape for Supply Chain Attacks. Report\/Study. ENISA. https:\/\/www.enisa.europa.eu\/publications\/threat-landscape-for-supply-chain-attacks"},{"key":"e_1_3_2_1_6_1","unstructured":"F-Droid. 2023. deploy binary transparency log for f-droid.org. https:\/\/gitlab.com\/fdroid\/admin\/-\/issues\/240"},{"key":"e_1_3_2_1_7_1","unstructured":"F-Droid. 2023. f-droid.org-transparency-log. https:\/\/gitlab.com\/fdroid\/f-droid.org-transparency-log"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660311"},{"key":"e_1_3_2_1_9_1","unstructured":"Marco De Falco. 2012. Stuxnet Facts Report: A Technical and Strategic Analysis. Technical Report. CCDCOE. https:\/\/ccdcoe.org\/uploads\/2018\/10\/Falco2012_StuxnetFactsReport.pdf"},{"key":"e_1_3_2_1_10_1","unstructured":"Google LLC. 2021. Binary Transparency. https:\/\/binary.transparency.dev"},{"key":"e_1_3_2_1_11_1","unstructured":"Google LLC. 2021. Pixel 6: Setting a new standard for mobile security. https:\/\/security.googleblog.com\/2021\/10\/pixel-6-setting-new-standard-for-mobile.html"},{"key":"e_1_3_2_1_12_1","volume-title":"Certificate Transparency: Go Code. https:\/\/github.com\/google\/certificate-transparency-go","author":"Google","year":"2023","unstructured":"Google LLC. 2023. Certificate Transparency: Go Code. https:\/\/github.com\/google\/certificate-transparency-go"},{"key":"e_1_3_2_1_13_1","unstructured":"Google LLC. 2023. Pixel Binary Transparency Technical Details. https:\/\/developers.google.com\/android\/binary_transparency\/pixel"},{"key":"e_1_3_2_1_14_1","unstructured":"Google LLC. 2023. Trillian lets you add tamper checking to a package manager textbar Trillian. https:\/\/transparency.dev\/application\/add-tamper-checking-to-a-package-manager\/"},{"key":"e_1_3_2_1_15_1","volume-title":"Sigstore: Bring-your-own sTUF with TUF - Sigstore Blog. https:\/\/blog.sigstore.dev\/sigstore-bring-your-own-stuf-with-tuf-40febfd2badd\/","author":"Blauzvern Hayden","year":"2022","unstructured":"Hayden Blauzvern and Asra Ali. 2022. Sigstore: Bring-your-own sTUF with TUF - Sigstore Blog. https:\/\/blog.sigstore.dev\/sigstore-bring-your-own-stuf-with-tuf-40febfd2badd\/"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338466.3358917"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-031--40923--3_15"},{"key":"e_1_3_2_1_18_1","unstructured":"Benjamin Hof and Georg Carle. 2017. Software Distribution Transparency and Auditability. https:\/\/arxiv.org\/abs\/1711.07278"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","unstructured":"Aneas Huelsing Denis Butin Stefan-Lukas Gazdag Joost Rijneveld and Aziz Mohaisen. 2018. XMSS: eXtended Merkle Signature Scheme. Request for Comments RFC 8391. Internet Engineering Task Force. https:\/\/doi.org\/10.17487\/RFC8391 Num Pages: 74.","DOI":"10.17487\/RFC8391"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3418295"},{"key":"e_1_3_2_1_21_1","volume-title":"Joshua Lock, Marina Moore, and Lukas P\u00fchringer.","author":"Cappos Justin","year":"2023","unstructured":"Justin Cappos, Trishank Karthik Kuppusamy, Joshua Lock, Marina Moore, and Lukas P\u00fchringer. 2023. The Update Framework Specification (Version 1.0.32). https:\/\/theupdateframework.github.io\/specification\/v1.0.32\/index.html"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133958"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319-07620--1_7"},{"key":"e_1_3_2_1_24_1","unstructured":"kpcyrd. 2023. pacman bintrans. https:\/\/github.com\/kpcyrd\/pacman-bintrans"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.00010"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","unstructured":"Ben Laurie Adam Langley Emilia Kasper Eran Messeri and Rob Stradling. 2021. Certificate Transparency Version 2.0. Request for Comments RFC 9162. Internet Engineering Task Force. https:\/\/doi.org\/10.17487\/RFC9162 Num Pages: 53.","DOI":"10.17487\/RFC9162"},{"key":"e_1_3_2_1_28_1","unstructured":"Kerry Maletsky. 2020. RSA vs. ECC Comparison for Embedded Systems (Microchip). https:\/\/ww1.microchip.com\/downloads\/en\/DeviceDoc\/00003442A.pdf"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","unstructured":"Sarah Meiklejohn Joe DeBlasio Devon O'Brien Chris Thompson Kevin Yeo and Emily Stark. 2022. SoK: SCT Auditing in Certificate Transparency. 336--353 pages. https:\/\/doi.org\/10.56553\/popets-2022-0075","DOI":"10.56553\/popets-2022-0075"},{"key":"e_1_3_2_1_30_1","unstructured":"Dustin Moody. 2019. NIST Focus on the Cortex M4 slide 22. NIST. https:\/\/csrc.nist.gov\/CSRC\/media\/Presentations\/the-2nd-round-of-the-nist-pqc-standardization-proc\/images-media\/moody-opening-remarks.pdf"},{"key":"e_1_3_2_1_31_1","unstructured":"Mozilla. 2017. Binary Transparency. https:\/\/wiki.mozilla.org\/Security\/Binary_Transparency"},{"key":"e_1_3_2_1_32_1","unstructured":"Zachary Newman. 2023. Why you cant use Sigstore without Sigstore - Sigstore Blog. https:\/\/blog.sigstore.dev\/why-you-cant-use-sigstore-without-sigstore-de1ed745f6fc"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560596"},{"key":"e_1_3_2_1_34_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Nikitin Kirill","year":"2017","unstructured":"Kirill Nikitin, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Justin Cappos, and Bryan Ford. 2017. CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1271--1287. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/nikitin"},{"key":"e_1_3_2_1_35_1","unstructured":"L. Nordberg D. Gillmore and T. Ritter. 2018. Gossiping in CT. Technical Report. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-trans-gossip-05#section-9.3"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030--52683--2_2"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3409183"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3560835.3564556"},{"key":"e_1_3_2_1_39_1","unstructured":"Mike Ounsworth John Gray and Massimiliano Pala. 2023. Composite Signatures For Use In Internet PKI. Internet Draft draft-ounsworth-pq-composite-sigs-09. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-ounsworth-pq-composite-sigs-09 Num Pages: 24."},{"key":"e_1_3_2_1_40_1","unstructured":"Mike Ounsworth John Gray Massimiliano Pala and Jan Klau\u00dfner. 2023. Composite Public and Private Keys For Use In Internet PKI. Internet Draft draft-ounsworth-pq-composite-keys-04. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-ounsworth-pq-composite-keys-04 Num Pages: 52."},{"key":"e_1_3_2_1_41_1","volume-title":"Heinl","author":"Pursche Maximilian","year":"2024","unstructured":"Maximilian Pursche, Nikolai Puch, Sebastian N. Peters, and Michael P. Heinl. 2024. SoK: The Engineers Guide to Post-Quantum Cryptography for Embedded Devices. Cryptology ePrint Archive, Paper 2024\/1345. https:\/\/eprint.iacr.org\/2024\/1345"},{"key":"e_1_3_2_1_42_1","unstructured":"Raspberry Pi Ltd. 2023. Raspberry Pi Pico Datasheet. https:\/\/datasheets.raspberrypi.com\/pico\/pico-datasheet.pdf"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866315"},{"key":"e_1_3_2_1_44_1","unstructured":"Sigstore Project. 2023. Frequently asked questions. https:\/\/docs.sigstore.dev\/faq\/docs.sigstore.dev"},{"key":"e_1_3_2_1_45_1","unstructured":"Sigstore Project. 2023. Rekor API Specification. https:\/\/github.com\/sigstore\/rekor\/blob\/22d40caf7a9d9dd1ab01afc190508b54ebd1f9c8\/openapi.yaml"},{"key":"e_1_3_2_1_46_1","unstructured":"Sigstore Technical Steering Committee. 2023. Sigstore Support in NPM launches for Public Beta - Sigstore Blog. https:\/\/blog.sigstore.dev\/npm-public-beta\/"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3322431.3325108"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Keith Stouffer Michael Pease CheeYee Tang Timothy Zimmerman Victoria Pillitteri and Suzanne Lightman. 2022. Guide to Operational Technology (OT) Security. Technical Report NIST Special Publication (SP) 800--82 Rev. 3 (Draft). National Institute of Standards and Technology. https:\/\/doi.org\/10.6028\/NIST.SP.800--82r3.ipd","DOI":"10.6028\/NIST.SP.800-82r3.ipd"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2020.3011208"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","unstructured":"Stefan Tatschner Michael P. Heinl Nicole Pappler Tobias Specht Sven Plaga and Thomas Newe. 2024. Tracking Down Software Cluster Bombs: A Health State Analysis of the Free Open-Source Software (FOSS) Ecosystem. http:\/\/dx.doi.org\/10.2139\/ssrn.4847570","DOI":"10.2139\/ssrn.4847570"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3664476.3669935"},{"key":"e_1_3_2_1_52_1","unstructured":"Trusted Firmware. 2023. Mbed TLS documentation (Revision 1acb1091). https:\/\/mbed-tls.readthedocs.io\/"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.107978"},{"key":"e_1_3_2_1_54_1","unstructured":"wolfSSL. 2021. Certificate Transparency. https:\/\/www.wolfssl.com\/certificate-transparency\/"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the Sixth Workshop on CPS&amp;IoT Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3690134.3694816","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3690134.3694816","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T02:29:00Z","timestamp":1755916140000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3690134.3694816"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,19]]},"references-count":54,"alternative-id":["10.1145\/3690134.3694816","10.1145\/3690134"],"URL":"https:\/\/doi.org\/10.1145\/3690134.3694816","relation":{},"subject":[],"published":{"date-parts":[[2024,11,19]]},"assertion":[{"value":"2024-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}