{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T13:50:10Z","timestamp":1765547410103,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T00:00:00Z","timestamp":1731974400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,19]]},"DOI":"10.1145\/3703790.3703820","type":"proceedings-article","created":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T12:30:00Z","timestamp":1744115400000},"page":"261-266","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["How Memory-Safe is IoT? Assessing the Impact of Memory-Protection Solutions for Securing Wireless Gateways"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-6431-0125","authenticated-orcid":false,"given":"Vadim","family":"Safronov","sequence":"first","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8656-0454","authenticated-orcid":false,"given":"Ionut","family":"Bostan","sequence":"additional","affiliation":[{"name":"NquiringMinds, Southampton, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7473-0565","authenticated-orcid":false,"given":"Nicholas","family":"Allott","sequence":"additional","affiliation":[{"name":"NquiringMinds, Southampton, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8236-980X","authenticated-orcid":false,"given":"Andrew","family":"Martin","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2025,3,31]]},"reference":[{"key":"e_1_3_3_1_2_2","unstructured":"Inc. Anchore. 2024. Syft: a CLI tool and library for generating a Software Bill of Materials (SBOM) from container images and filesystems. https:\/\/github.com\/anchore\/syft Accessed: 2024-08-27."},{"key":"e_1_3_3_1_3_2","unstructured":"Arm. 2019. Armv8.5-A Memory Tagging Extension White Paper. https:\/\/developer.arm.com\/documentation\/102925\/latest\/ Accessed: 2024-09-04."},{"key":"e_1_3_3_1_4_2","unstructured":"Joseph Biden. 2021. Executive Order on Improving the Nation\u2019s Cybersecurity. https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\/. Accessed: 2024-06-20."},{"key":"e_1_3_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1145\/2899007.2899009"},{"key":"e_1_3_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2016.48"},{"key":"e_1_3_3_1_7_2","unstructured":"CycloneDX. 2024. CycloneDX: The International Standard for Bill of Materials (ECMA-424). https:\/\/cyclonedx.org\/. Accessed: 2024-08-28."},{"key":"e_1_3_3_1_8_2","unstructured":"DG\u00a0CONNECT European\u00a0Commission. 2023. Cyber Resilience Act. https:\/\/www.cisa.gov\/sites\/default\/files\/2023-09\/EU%20Commission%20SBOM%20Work_508c.pdf Accessed: 2024-08-27."},{"key":"e_1_3_3_1_9_2","doi-asserted-by":"publisher","unstructured":"Andrew Hale Barry Kirwan and Urban Kjell\u00e9n. 2007. Safe by design: where are we now? Safety Science 45 1 (2007) 305\u2013327. 10.1016\/j.ssci.2006.08.007Safety by Design.","DOI":"10.1016\/j.ssci.2006.08.007"},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"publisher","unstructured":"Roger Jiao Mitchell Tseng Qinhai Ma and Yi Zou. 2000. Generic Bill-of-Materials-and-Operations for High-Variety Production Management. Concurrent Engineering: Research and Applications - Concurrent Engineering: RA 8 (12 2000) 297\u2013321. 10.1177\/1063293X0000800404","DOI":"10.1177\/1063293X0000800404"},{"key":"e_1_3_3_1_11_2","unstructured":"Michael Johnson and Patricia Wilson. 2023. Penetrating Shields: A Systematic Analysis of Memory Corruption Mitigations in the Spectre Era. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2309.04119 (2023)."},{"key":"e_1_3_3_1_12_2","doi-asserted-by":"publisher","unstructured":"Ralf Jung Jacques-Henri Jourdan Robbert Krebbers and Derek Dreyer. 2017. RustBelt: securing the foundations of the Rust programming language. Proc. ACM Program. Lang. 2 POPL Article 66 (dec 2017) 34\u00a0pages. 10.1145\/3158154","DOI":"10.1145\/3158154"},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"publisher","unstructured":"Ashwin Karale. 2021. The Challenges of IoT Addressing Security Ethics Privacy and Laws. Internet of Things 15 (2021) 100420. 10.1016\/j.iot.2021.100420","DOI":"10.1016\/j.iot.2021.100420"},{"key":"e_1_3_3_1_14_2","unstructured":"ReFirm Labs. 2024. Binwalk. https:\/\/github.com\/ReFirmLabs\/binwalk. Accessed: 2024-08-05."},{"key":"e_1_3_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3605801.3605808"},{"key":"e_1_3_3_1_16_2","doi-asserted-by":"publisher","unstructured":"Nicholas\u00a0D. Matsakis and Felix\u00a0S. Klock\u00a0II. 2014. The Rust Language. ACM SIGAda Ada Letters 34 3 (2014) 103\u2013104. 10.1145\/2663171.2663188","DOI":"10.1145\/2663171.2663188"},{"key":"e_1_3_3_1_17_2","unstructured":"Matt Miller. 2019. Trends Challenge and Shifts in Software Vulnerability Mitigation. https:\/\/github.com\/Microsoft\/MSRC-Security-Research\/tree\/master\/presentations\/2019_02_BlueHatIL Microsoft Security Response Center."},{"key":"e_1_3_3_1_18_2","unstructured":"MITRE. 2024. Common Weakness Enumeration (CWE). https:\/\/cwe.mitre.org\/. Accessed: 2024-08-29."},{"key":"e_1_3_3_1_19_2","unstructured":"Microsoft Security Response\u00a0Center (MSRC). 2020. Security Analysis of Memory Tagging. https:\/\/github.com\/microsoft\/MSRC-Security-Research\/blob\/daf8d2e203be1047d86ec8c3378c9c8ab2364c29\/papers\/2020\/Security%20analysis%20of%20memory%20tagging.pdf Accessed: 2024-09-26."},{"key":"e_1_3_3_1_20_2","unstructured":"Nquiringminds. 2024. SBOM-GAP. https:\/\/github.com\/nqminds\/SBOM-GAP Accessed: 2024-08-27."},{"key":"e_1_3_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN58367.2023.00051"},{"key":"e_1_3_3_1_22_2","unstructured":"OpenAI. 2024. Hello GPT-4o. https:\/\/openai.com\/index\/hello-gpt-4o\/ Accessed: 2024-08-27."},{"key":"e_1_3_3_1_23_2","series-title":"(USENIX ATC\u201912)","first-page":"28","volume-title":"Proceedings of the 2012 USENIX Conference on Annual Technical Conference","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. 2012. AddressSanitizer: a fast address sanity checker. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference (Boston, MA) (USENIX ATC\u201912). USENIX Association, USA, 28."},{"key":"e_1_3_3_1_24_2","unstructured":"Satyajit Sinha. 2024. State of IoT 2024: Number of connected IoT devices growing 13% to 18.8 billion globally. https:\/\/iot-analytics.com\/number-connected-iot-devices\/ Accessed: 2024-09-04."},{"key":"e_1_3_3_1_25_2","doi-asserted-by":"publisher","unstructured":"John Smith and Jane Doe. 2022. A Comprehensive Survey of Tagged Memory-Protection Techniques. Comput. Surveys 53 4 (2022) 1\u201330. 10.1145\/3533704","DOI":"10.1145\/3533704"},{"key":"e_1_3_3_1_26_2","doi-asserted-by":"publisher","unstructured":"Dorsaf Swessi and Hanen Idoudi. 2022. A Survey on Internet-of-Things Security: Threats and Emerging Countermeasures. Wirel. Pers. Commun. 124 2 (may 2022) 1557\u20131592. 10.1007\/s11277-021-09420-0","DOI":"10.1007\/s11277-021-09420-0"},{"key":"e_1_3_3_1_27_2","unstructured":"Clang Team. 2012. MemorySanitizer: A Detector of Uninitialized Memory Reads. https:\/\/clang.llvm.org\/docs\/MemorySanitizer.html."},{"key":"e_1_3_3_1_28_2","unstructured":"National Telecommunications and Information Administration. 2021. Software Bill of Materials (SBOM). https:\/\/www.ntia.gov\/page\/software-bill-materials Accessed: 2024-08-27."},{"key":"e_1_3_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2014.6853201"},{"key":"e_1_3_3_1_30_2","first-page":"5627","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Wu Yuhao","year":"2024","unstructured":"Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, and Ning Zhang. 2024. Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 5627\u20135644. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/wu-yuhao"},{"key":"e_1_3_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446761"},{"key":"e_1_3_3_1_32_2","unstructured":"Ruotong Yu Francesca\u00a0Del Nin Yuchen Zhang Shan Huang Pallavi Kaliyar Sarah Zakto Mauro Conti Georgios Portokalidis and Jun Xu. 2022. Building Embedded Systems Like It\u2019s 1996. arxiv:https:\/\/arXiv.org\/abs\/2203.06834\u00a0[cs.CR] https:\/\/arxiv.org\/abs\/2203.06834"},{"key":"e_1_3_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534366"},{"key":"e_1_3_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534366"}],"event":{"name":"IoT 2024: 14th International Conference on the Internet of Things","acronym":"IoT 2024","location":"Oulu Finland"},"container-title":["Proceedings of the 14th International Conference on the Internet of Things"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3703790.3703820","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3703790.3703820","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:09:42Z","timestamp":1750295382000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3703790.3703820"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,19]]},"references-count":33,"alternative-id":["10.1145\/3703790.3703820","10.1145\/3703790"],"URL":"https:\/\/doi.org\/10.1145\/3703790.3703820","relation":{},"subject":[],"published":{"date-parts":[[2024,11,19]]},"assertion":[{"value":"2025-03-31","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}