{"id":"https://openalex.org/W7131275838","doi":"https://doi.org/10.1109/acsac67867.2025.00072","title":"Zeus-IoT: Comprehensive Code Signing to Prevent IoT Device Weaponization","display_name":"Zeus-IoT: Comprehensive Code Signing to Prevent IoT Device Weaponization","publication_year":2025,"publication_date":"2025-12-08","ids":{"openalex":"https://openalex.org/W7131275838","doi":"https://doi.org/10.1109/acsac67867.2025.00072"},"language":null,"primary_location":{"id":"doi:10.1109/acsac67867.2025.00072","is_oa":false,"landing_page_url":"https://doi.org/10.1109/acsac67867.2025.00072","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Annual Computer Security Applications Conference (ACSAC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5126702635","display_name":"Alireza Roshandel","orcid":null},"institutions":[{"id":"https://openalex.org/I111088046","display_name":"Boston University","ror":"https://ror.org/05qwgg493","country_code":"US","type":"education","lineage":["https://openalex.org/I111088046"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Alireza Roshandel","raw_affiliation_strings":["Boston University,Boston,USA"],"affiliations":[{"raw_affiliation_string":"Boston University,Boston,USA","institution_ids":["https://openalex.org/I111088046"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044975798","display_name":"Manuel Egele","orcid":"https://orcid.org/0000-0001-5038-2682"},"institutions":[{"id":"https://openalex.org/I111088046","display_name":"Boston University","ror":"https://ror.org/05qwgg493","country_code":"US","type":"education","lineage":["https://openalex.org/I111088046"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Manuel Egele","raw_affiliation_strings":["Boston University,Boston,USA"],"affiliations":[{"raw_affiliation_string":"Boston University,Boston,USA","institution_ids":["https://openalex.org/I111088046"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5126702635"],"corresponding_institution_ids":["https://openalex.org/I111088046"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.74638197,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"845","last_page":"857"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10273","display_name":"IoT and Edge/Fog Computing","score":0.0843999981880188,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10273","display_name":"IoT and Edge/Fog Computing","score":0.0843999981880188,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13420","display_name":"Arduino and IoT Applications","score":0.055399999022483826,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12079","display_name":"IoT Networks and Protocols","score":0.031099999323487282,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.801800012588501},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5785999894142151},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.5595999956130981},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.47920000553131104},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.4681999981403351},{"id":"https://openalex.org/keywords/bottleneck","display_name":"Bottleneck","score":0.4415000081062317},{"id":"https://openalex.org/keywords/upgrade","display_name":"Upgrade","score":0.42160001397132874},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.4106999933719635},{"id":"https://openalex.org/keywords/initialization","display_name":"Initialization","score":0.40310001373291016},{"id":"https://openalex.org/keywords/usable","display_name":"USable","score":0.38989999890327454}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8442999720573425},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.801800012588501},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5785999894142151},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.5595999956130981},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.47920000553131104},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.46860000491142273},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.4681999981403351},{"id":"https://openalex.org/C2780513914","wikidata":"https://www.wikidata.org/wiki/Q18210350","display_name":"Bottleneck","level":2,"score":0.4415000081062317},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.43130001425743103},{"id":"https://openalex.org/C2780615140","wikidata":"https://www.wikidata.org/wiki/Q920419","display_name":"Upgrade","level":2,"score":0.42160001397132874},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.4106999933719635},{"id":"https://openalex.org/C114466953","wikidata":"https://www.wikidata.org/wiki/Q6034165","display_name":"Initialization","level":2,"score":0.40310001373291016},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39469999074935913},{"id":"https://openalex.org/C2780615836","wikidata":"https://www.wikidata.org/wiki/Q2471869","display_name":"USable","level":2,"score":0.38989999890327454},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.3824000060558319},{"id":"https://openalex.org/C22174128","wikidata":"https://www.wikidata.org/wiki/Q175869","display_name":"Microcode","level":2,"score":0.38019999861717224},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.34850001335144043},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3481999933719635},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.34689998626708984},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.33709999918937683},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.33559998869895935},{"id":"https://openalex.org/C118463975","wikidata":"https://www.wikidata.org/wiki/Q220849","display_name":"Digital signature","level":3,"score":0.3212999999523163},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.3138999938964844},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.31380000710487366},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.3098999857902527},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.3057999908924103},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3027999997138977},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.3019999861717224},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.30059999227523804},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.28940001130104065},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.2872999906539917},{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.2870999872684479},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.28040000796318054},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.27900001406669617},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.2786000072956085},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.2766000032424927},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2750999927520752},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.274399995803833},{"id":"https://openalex.org/C536060405","wikidata":"https://www.wikidata.org/wiki/Q226264","display_name":"BIOS","level":2,"score":0.26980000734329224},{"id":"https://openalex.org/C162372511","wikidata":"https://www.wikidata.org/wiki/Q218341","display_name":"Checksum","level":2,"score":0.2676999866962433}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/acsac67867.2025.00072","is_oa":false,"landing_page_url":"https://doi.org/10.1109/acsac67867.2025.00072","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Annual Computer Security Applications Conference (ACSAC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3200775386","display_name":null,"funder_award_id":"CNS-1942793,CNS-2211576","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W1941427975","https://openalex.org/W1966825932","https://openalex.org/W1984350393","https://openalex.org/W2003568760","https://openalex.org/W2123886726","https://openalex.org/W2167240430","https://openalex.org/W2169685348","https://openalex.org/W2606193874","https://openalex.org/W2945722842","https://openalex.org/W2960507082","https://openalex.org/W3046653481","https://openalex.org/W3136767761"],"related_works":[],"abstract_inverted_index":{"The":[0],"explosive":[1],"growth":[2],"of":[3,133],"IoT":[4,31,126,231,307,338],"devices":[5,18,127],"has":[6,162],"not":[7],"been":[8],"matched":[9],"by":[10,121,146],"equivalent":[11],"security":[12],"efforts,":[13],"as":[14,75],"manufacturers":[15],"often":[16],"ship":[17],"with":[19,203],"limited":[20],"built-in":[21],"defenses.":[22],"Existing":[23],"host-based":[24],"malware":[25,232],"detection":[26],"&":[27],"prevention":[28],"systems":[29],"for":[30,119,179,336],"face":[32],"three":[33],"fundamental":[34],"limitations.":[35],"First,":[36],"they":[37,65,94],"depend":[38],"on":[39,156,226,305,312],"runtime":[40],"profiling":[41,120,217],"to":[42,88,96,111,167,210,269,319],"learn":[43],"normal":[44],"behavior,":[45],"a":[46,129,224,246,292,313],"process":[47],"that":[48,70,125,137,154,301,325],"inevitably":[49],"misses":[50],"legitimate":[51],"but":[52],"infrequent":[53],"code":[54],"paths":[55,62],"and":[56,79,135,152,164,187,234,244,261,276,315,333],"can":[57,85],"break":[58],"functionality":[59,309],"when":[60],"those":[61],"execute.":[63],"Second,":[64],"ignore":[66],"interpreter-level":[67,190],"execution,":[68],"meaning":[69],"both":[71,331],"scripting":[72],"engines":[73],"such":[74],"Lua":[76],"or":[77,218],"Python,":[78],"the":[80,117,123,157,160,170,197,207,281,298,317],"ELF":[81],"interpreter":[82],"(dynamic":[83],"linker)":[84],"be":[86,320],"used":[87],"run":[89,128,173],"malicious":[90],"payloads":[91],"undetected.":[92],"Third,":[93],"struggle":[95],"scale":[97],"across":[98],"diverse":[99],"firmware":[100,158,213],"platforms":[101],"without":[102,215],"per-device":[103,216],"tuning.":[104],"In":[105],"this":[106,177],"paper,":[107],"we":[108],"propose":[109],"Zeus-IoT":[110,115,142,175,194,238,265,302],"address":[112],"these":[113],"challenges.":[114],"removes":[116],"need":[118],"leveraging":[122],"insight":[124],"small,":[130],"fixed":[131],"set":[132],"binaries":[134],"scripts":[136],"rarely":[138],"change":[139],"once":[140,273],"deployed.":[141],"builds":[143],"an":[144],"allowlist":[145,178,328],"hashing":[147],"every":[148],"binary,":[149],"shared":[150,185,259],"library,":[151],"script":[153],"exists":[155],"image":[159],"vendor":[161],"built":[163],"is":[165,330],"ready":[166],"flash":[168],"onto":[169],"device.":[171],"At":[172],"time,":[174,271],"enforces":[176],"all":[180],"executions,":[181],"including":[182],"native":[183],"binaries,":[184],"libraries,":[186,260],"scripts,":[188,256],"closing":[189],"gaps.":[191],"By":[192],"integrating":[193],"directly":[195],"into":[196],"manufacturer's":[198],"build":[199],"pipeline":[200],"(as":[201],"demonstrated":[202],"our":[204],"OpenWrt":[205],"implementation),":[206],"framework":[208],"scales":[209],"any":[211],"Linux-based":[212],"platform":[214],"manual":[219],"configuration.":[220],"We":[221,295],"evaluate":[222],"Zeus-IoT,":[223],"prototype":[225],"OpenWrt,":[227],"against":[228],"81,152":[229],"real-world":[230],"samples":[233],"achieve":[235],"100%":[236],"prevention.":[237],"adds":[239,266],"virtually":[240],"no":[241],"memory":[242],"overhead":[243,290,300],"incurs":[245],"modest":[247],"CPU":[248],"cost.":[249],"During":[250],"one-time":[251],"initialization":[252],"(running":[253],"220":[254],"shell":[255],"loading":[257],"2,790":[258],"executing":[262],"751":[263],"binaries),":[264],"25":[267],"seconds":[268],"setup":[270],"paid":[272],"per":[274],"boot":[275],"negligible":[277],"in":[278],"practice.":[279],"After":[280],"device":[282,308],"reaches":[283],"steady":[284],"state,":[285],"it":[286],"shows":[287],"zero":[288],"measurable":[289],"over":[291],"five-minute":[293],"window.":[294],"also":[296],"measure":[297],"performance":[299],"could":[303],"introduce":[304],"core":[306],"(e.g.,":[310],"routing":[311],"router)":[314],"find":[316],"impact":[318],"negligible.":[321],"These":[322],"results":[323],"demonstrate":[324],"comprehensive":[326],"static":[327],"enforcement":[329],"practical":[332],"highly":[334],"effective":[335],"resource-constrained":[337],"environments.":[339]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-02-25T00:00:00"}