{"id":"https://openalex.org/W4401878981","doi":"https://doi.org/10.1109/jiot.2024.3450272","title":"Scrutinizing Code Signing: A Study of in-Depth Threat Modeling and Defense Mechanism","display_name":"Scrutinizing Code Signing: A Study of in-Depth Threat Modeling and Defense Mechanism","publication_year":2024,"publication_date":"2024-08-26","ids":{"openalex":"https://openalex.org/W4401878981","doi":"https://doi.org/10.1109/jiot.2024.3450272"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2024.3450272","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2024.3450272","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5029981326","display_name":"Tiantian Ji","orcid":"https://orcid.org/0000-0002-1124-3396"},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Tiantian Ji","raw_affiliation_strings":["Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China","institution_ids":["https://openalex.org/I139759216"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113587199","display_name":"Binxing Fang","orcid":null},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Binxing Fang","raw_affiliation_strings":["Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China","institution_ids":["https://openalex.org/I139759216"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055905208","display_name":"Xiang Cui","orcid":"https://orcid.org/0000-0003-4779-4365"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiang Cui","raw_affiliation_strings":["Fourth Department, Zhongguancun Laboratory, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Fourth Department, Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006546107","display_name":"Tian Wang","orcid":"https://orcid.org/0000-0003-4819-621X"},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tian Wang","raw_affiliation_strings":["Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China","institution_ids":["https://openalex.org/I139759216"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054488376","display_name":"Yuntao Zhang","orcid":"https://orcid.org/0009-0005-2756-3510"},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuntao Zhang","raw_affiliation_strings":["Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China","institution_ids":["https://openalex.org/I139759216"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102336574","display_name":"Fan Gu","orcid":null},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Fan Gu","raw_affiliation_strings":["Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Key Laboratory of Trustworthy Distributed Computing and Service, Ministry of Education, Beijing University of Posts and Telecommunications, Beijing, China","institution_ids":["https://openalex.org/I139759216"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078587022","display_name":"Chao Zheng","orcid":"https://orcid.org/0000-0001-8773-205X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chao Zheng","raw_affiliation_strings":["Research and Development Department, Geedge Networks, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Research and Development Department, Geedge Networks, Beijing, China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5029981326"],"corresponding_institution_ids":["https://openalex.org/I139759216"],"apc_list":null,"apc_paid":null,"fwci":1.6237,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.87279855,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":"11","issue":"24","first_page":"40051","last_page":"40069"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9902999997138977,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9902999997138977,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.989799976348877,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9868999719619751,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7687618732452393},{"id":"https://openalex.org/keywords/mechanism","display_name":"Mechanism (biology)","score":0.5598719716072083},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5506040453910828},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5004911422729492},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.28980743885040283}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7687618732452393},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.5598719716072083},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5506040453910828},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5004911422729492},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.28980743885040283},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2024.3450272","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2024.3450272","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1665720231","display_name":null,"funder_award_id":"YSGZZ2023003","funder_id":"https://openalex.org/F4320322866","funder_display_name":"Natural Science Foundation of Hainan Province"},{"id":"https://openalex.org/G5721528656","display_name":null,"funder_award_id":"62402056","funder_id":"https://openalex.org/F4320322866","funder_display_name":"Natural Science Foundation of Hainan Province"},{"id":"https://openalex.org/G6029196621","display_name":null,"funder_award_id":"62402056","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322866","display_name":"Natural Science Foundation of Hainan Province","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1497229971","https://openalex.org/W1540322871","https://openalex.org/W1969414390","https://openalex.org/W2092915750","https://openalex.org/W2117479921","https://openalex.org/W2339535537","https://openalex.org/W2752178278","https://openalex.org/W2766980353","https://openalex.org/W2785643584","https://openalex.org/W2793569095","https://openalex.org/W2912264626","https://openalex.org/W2922523459","https://openalex.org/W2983060509","https://openalex.org/W3203004344","https://openalex.org/W3203120992","https://openalex.org/W3214394505","https://openalex.org/W4206466268","https://openalex.org/W4302326255","https://openalex.org/W4308463084","https://openalex.org/W4388954805","https://openalex.org/W6698076488","https://openalex.org/W6712037765","https://openalex.org/W6742481633","https://openalex.org/W6754332063","https://openalex.org/W6767123700","https://openalex.org/W6784404078"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382997850","https://openalex.org/W2382290278"],"abstract_inverted_index":{"Abuse":[0],"of":[1,23,34,75,79,88,112,124,139,161,170,227,241],"code":[2,24,35,42,82,106,125,140,171],"signing":[3,25,36,43,83,107,126,141],"has":[4],"garnered":[5],"attention":[6],"from":[7,128,174],"security":[8,127,163,169,188,217],"researchers,":[9],"as":[10],"evidenced":[11],"by":[12],"threat":[13,90,150],"modeling":[14],"efforts":[15,101],"targeting":[16],"the":[17,32,48,62,73,80,86,110,118,168,196,220,225,237,242],"public":[18],"key":[19],"infrastructure":[20,22],"trust":[21],"and":[26,53,92,121,131,142,157,180,195,239],"empirical":[27],"studies":[28],"examining":[29],"issues":[30],"surrounding":[31],"revocation":[33],"certificates.":[37],"However,":[38],"current":[39],"research":[40],"on":[41,65,215],"remains":[44],"inadequate":[45],"in":[46,68],"bridging":[47],"gap":[49],"between":[50],"attack":[51,97,155,198],"strategies":[52,184,244],"defensive":[54,132,183,228],"measures.":[55],"This":[56,231],"shortfall":[57],"is":[58],"primarily":[59],"due":[60],"to":[61,102],"predominant":[63],"focus":[64],"quantitative":[66],"measurements":[67],"academic":[69],"studies,":[70],"often":[71],"at":[72,233],"expense":[74],"a":[76,136,159,210,234],"thorough":[77],"analysis":[78,123,213],"underlying":[81],"mechanisms.":[84],"Moreover,":[85],"misalignment":[87],"some":[89],"models":[91],"measurement":[93],"outcomes":[94],"with":[95,135,186,219],"real-world":[96],"scenarios":[98],"further":[99],"hampers":[100],"enhance":[103],"defenses":[104],"against":[105,203],"abuse.":[108],"To":[109],"best":[111],"our":[113],"knowledge,":[114],"this":[115,175,207],"article":[116,208],"represents":[117],"first":[119],"comprehensive":[120],"in-depth":[122],"both":[129],"offensive":[130],"perspectives.":[133],"Commencing":[134],"profound":[137],"understanding":[138],"its":[143],"verification":[144],"mechanisms,":[145],"we":[146,177],"constructed":[147],"an":[148],"integrated":[149],"model":[151],"encompassing":[152],"eight":[153],"typical":[154],"patterns":[156],"distilled":[158],"set":[160],"critical":[162],"properties":[164],"that":[165],"directly":[166,223],"influence":[167],"signing.":[172],"Proceeding":[173],"foundation,":[176],"systematically":[178],"reviewed":[179],"analyzed":[181],"various":[182],"associated":[185],"these":[187],"properties,":[189],"meticulously":[190],"discussing":[191],"their":[192],"strengths,":[193],"limitations,":[194],"specific":[197],"types":[199],"they":[200],"effectively":[201],"defend":[202],"or":[204],"mitigate.":[205],"Lastly,":[206],"conducts":[209],"risk":[211],"statistical":[212],"based":[214],"actual":[216],"incidents,":[218],"related":[221],"results":[222],"impacting":[224],"prioritization":[226],"mechanism":[229],"deployments.":[230],"ensures,":[232],"practical":[235],"level,":[236],"effectiveness":[238],"relevance":[240],"defense":[243],"implemented.":[245]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2025-12-21T01:58:51.020947","created_date":"2025-10-10T00:00:00"}