{"id":"https://openalex.org/W4206238988","doi":"https://doi.org/10.1109/jiot.2022.3144405","title":"On Security of TrustZone-M-Based IoT Systems","display_name":"On Security of TrustZone-M-Based IoT Systems","publication_year":2022,"publication_date":"2022-01-19","ids":{"openalex":"https://openalex.org/W4206238988","doi":"https://doi.org/10.1109/jiot.2022.3144405"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2022.3144405","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2022.3144405","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021904060","display_name":"Lan Luo","orcid":"https://orcid.org/0000-0002-5627-3521"},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Lan Luo","raw_affiliation_strings":["Department of Computer Science, University of Central Florida, Orlando, FL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100333755","display_name":"Yue Zhang","orcid":"https://orcid.org/0000-0002-7786-0231"},"institutions":[{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]},{"id":"https://openalex.org/I159948400","display_name":"Jinan University","ror":"https://ror.org/02xe5ns62","country_code":"CN","type":"education","lineage":["https://openalex.org/I159948400"]}],"countries":["CN","US"],"is_corresponding":false,"raw_author_name":"Yue Zhang","raw_affiliation_strings":["Department of Computer Science, University of Massachusetts Lowell, Lowell, MA, USA","College of Information Science and Technology, Jinan University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Massachusetts Lowell, Lowell, MA, USA","institution_ids":["https://openalex.org/I133738476"]},{"raw_affiliation_string":"College of Information Science and Technology, Jinan University, Guangzhou, China","institution_ids":["https://openalex.org/I159948400"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009445064","display_name":"Clayton White","orcid":null},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]},{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Clayton White","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Central Florida, Orlando, FL, USA","Google, Chicago, IL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]},{"raw_affiliation_string":"Google, Chicago, IL, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025753416","display_name":"Brandon Keating","orcid":"https://orcid.org/0000-0001-7573-4912"},"institutions":[{"id":"https://openalex.org/I1289790988","display_name":"National Audubon Society","ror":"https://ror.org/039bbm920","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1289790988"]},{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]},{"id":"https://openalex.org/I4210140111","display_name":"Globus Medical (United States)","ror":"https://ror.org/04x4hjg39","country_code":"US","type":"company","lineage":["https://openalex.org/I4210140111"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brandon Keating","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Massachusetts Lowell, Lowell, MA, USA","Globus Medical, Audubon, PA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Massachusetts Lowell, Lowell, MA, USA","institution_ids":["https://openalex.org/I133738476"]},{"raw_affiliation_string":"Globus Medical, Audubon, PA, USA","institution_ids":["https://openalex.org/I4210140111","https://openalex.org/I1289790988"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053553094","display_name":"Bryan Pearson","orcid":null},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bryan Pearson","raw_affiliation_strings":["Department of Computer Science, University of Central Florida, Orlando, FL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074141748","display_name":"Xinhui Shao","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xinhui Shao","raw_affiliation_strings":["School of Computer Science and Engineering, Southeast University, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044255077","display_name":"Zhen Ling","orcid":"https://orcid.org/0000-0001-9691-8702"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhen Ling","raw_affiliation_strings":["School of Computer Science and Engineering, Southeast University, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086965272","display_name":"Haofei Yu","orcid":"https://orcid.org/0000-0002-7930-8934"},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haofei Yu","raw_affiliation_strings":["Department of Civil, Environmental and Construction Engineering, University of Central Florida, Orlando, FL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Civil, Environmental and Construction Engineering, University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052179538","display_name":"Cliff C. Zou","orcid":"https://orcid.org/0000-0003-4229-6957"},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Cliff Zou","raw_affiliation_strings":["Department of Computer Science, University of Central Florida, Orlando, FL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063375840","display_name":"Xinwen Fu","orcid":"https://orcid.org/0000-0003-2391-7789"},"institutions":[{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xinwen Fu","raw_affiliation_strings":["Department of Computer Science, University of Massachusetts Lowell, Lowell, MA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Massachusetts Lowell, Lowell, MA, USA","institution_ids":["https://openalex.org/I133738476"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5021904060"],"corresponding_institution_ids":["https://openalex.org/I106165777"],"apc_list":null,"apc_paid":null,"fwci":2.7763,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.91423123,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"9","issue":"12","first_page":"9683","last_page":"9699"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8175363540649414},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.7471277713775635},{"id":"https://openalex.org/keywords/microcontroller","display_name":"Microcontroller","score":0.6950801610946655},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.6155555844306946},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6024981141090393},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.6005098223686218},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5560384392738342},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3792757987976074},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3774855434894562},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2451918125152588},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.24495112895965576}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8175363540649414},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.7471277713775635},{"id":"https://openalex.org/C173018170","wikidata":"https://www.wikidata.org/wiki/Q165678","display_name":"Microcontroller","level":2,"score":0.6950801610946655},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.6155555844306946},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6024981141090393},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.6005098223686218},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5560384392738342},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3792757987976074},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3774855434894562},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2451918125152588},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.24495112895965576}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2022.3144405","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2022.3144405","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1108172750","display_name":null,"funder_award_id":"62072098","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G1980285867","display_name":null,"funder_award_id":"2018YFB0803400","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G2826312378","display_name":null,"funder_award_id":"1643835","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3403833277","display_name":null,"funder_award_id":"62022024","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3736233273","display_name":null,"funder_award_id":"DE-EE0009152","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G3796906924","display_name":null,"funder_award_id":"61972088","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4746029074","display_name":null,"funder_award_id":"BK20190060","funder_id":"https://openalex.org/F4320322769","funder_display_name":"Natural Science Foundation of Jiangsu Province"},{"id":"https://openalex.org/G6428032641","display_name":null,"funder_award_id":"2018YFB2100300","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G6462206956","display_name":null,"funder_award_id":"62072103","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6833359986","display_name":null,"funder_award_id":"1931871","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7686890973","display_name":null,"funder_award_id":"1915780","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322769","display_name":"Natural Science Foundation of Jiangsu Province","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335628","display_name":"Key Laboratory of Computer Network and Information Integration","ror":null},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W2108860402","https://openalex.org/W2139750209","https://openalex.org/W2159059513","https://openalex.org/W2400707318","https://openalex.org/W2460660454","https://openalex.org/W2664781091","https://openalex.org/W2686866989","https://openalex.org/W2752493903","https://openalex.org/W2809018224","https://openalex.org/W2963934162","https://openalex.org/W2969978901","https://openalex.org/W2979200095","https://openalex.org/W2982827547","https://openalex.org/W2986458967","https://openalex.org/W2986666149","https://openalex.org/W2993659480","https://openalex.org/W2995876284","https://openalex.org/W3008878014","https://openalex.org/W3011832042","https://openalex.org/W3016246341","https://openalex.org/W3118594333","https://openalex.org/W3122803386","https://openalex.org/W3127588826","https://openalex.org/W4205940482","https://openalex.org/W6741267353"],"related_works":["https://openalex.org/W2181627506","https://openalex.org/W3040945190","https://openalex.org/W2387089893","https://openalex.org/W2588479842","https://openalex.org/W3122803386","https://openalex.org/W2293245356","https://openalex.org/W2589805430","https://openalex.org/W2152749196","https://openalex.org/W4253678082","https://openalex.org/W2139419048"],"abstract_inverted_index":{"Internet":[0],"of":[1,59,107,122,152,175],"Things":[2],"(IoT)":[3],"devices":[4,16,37,72],"have":[5],"been":[6],"increasingly":[7],"integrated":[8],"into":[9],"our":[10],"daily":[11],"life.":[12],"However,":[13],"such":[14],"smart":[15],"suffer":[17],"a":[18,43,66,161,185],"broad":[19],"attack":[20,128],"surface.":[21],"Particularly,":[22],"attacks":[23,143,157],"targeting":[24],"the":[25,98,103,120,150,171,176],"device":[26,78,193],"software":[27,57,110,173],"at":[28],"runtime":[29,89,109,172],"are":[30],"challenging":[31],"to":[32],"defend":[33],"against":[34,144],"if":[35],"IoT":[36,61,71],"use":[38],"resource-constrained":[39],"microcontrollers":[40],"(MCUs).":[41],"TrustZone-M,":[42],"TrustZone":[44],"extension":[45],"designed":[46],"specifically":[47],"for":[48,70,129],"MCUs,":[49,75],"is":[50,80,182],"an":[51],"emerging":[52],"hardware":[53],"security":[54,58,68,79,105,111,180],"technique":[55],"fortifying":[56],"MCU-based":[60],"devices.":[62],"This":[63],"article":[64],"introduces":[65],"comprehensive":[67],"framework":[69,181],"using":[73,158,194],"TrustZone-M-enabled":[74,114],"in":[76,82,113,149,170],"which":[77],"protected":[81],"five":[83],"dimensions,":[84],"i.e.,":[85],"hardware,":[86],"boot-time":[87],"software,":[88,90],"network,":[91],"and":[92,142,166,188],"over-the-air":[93],"(OTA)":[94],"update.":[95],"Along":[96],"developing":[97],"framework,":[99],"we":[100,118],"also":[101],"present":[102],"first":[104],"analysis":[106],"potential":[108],"issues":[112],"MCUs.":[115],"In":[116],"particular,":[117],"explore":[119],"feasibility":[121],"launching":[123],"stack-based":[124],"buffer":[125],"overflow":[126],"(BOF)":[127],"code":[130],"injection,":[131],"return-oriented":[132],"programming":[133],"(ROP)":[134],"attack,":[135,138,141],"heap-based":[136],"BOF":[137],"format":[139],"string":[140],"nonsecure":[145],"callable":[146],"(NSC)":[147],"functions":[148],"context":[151],"TrustZone-M.":[153],"We":[154],"validate":[155],"these":[156],"SAM":[159,195],"L11,":[160],"microchip":[162],"MCU":[163],"with":[164,184],"TrustZone-M":[165],"provide":[167],"defense":[168],"mechanisms":[169],"dimension":[174],"proposed":[177],"framework.":[178],"The":[179],"implemented":[183],"full-fledged":[186],"secure":[187],"trustworthy":[189],"air":[190],"quality":[191],"monitoring":[192],"L11":[196],"as":[197],"its":[198],"MCU.":[199]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":2}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}