{"id":"https://openalex.org/W4389269346","doi":"https://doi.org/10.1145/3635162","title":"Mixed-trust Computing: Safe and Secure Real-time Systems","display_name":"Mixed-trust Computing: Safe and Secure Real-time Systems","publication_year":2023,"publication_date":"2023-12-02","ids":{"openalex":"https://openalex.org/W4389269346","doi":"https://doi.org/10.1145/3635162"},"language":"en","primary_location":{"id":"doi:10.1145/3635162","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3635162","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3635162","source":{"id":"https://openalex.org/S2506189754","display_name":"ACM Transactions on Cyber-Physical Systems","issn_l":"2378-962X","issn":["2378-962X","2378-9638"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Cyber-Physical Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3635162","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5055445096","display_name":"Dionisio de Niz","orcid":"https://orcid.org/0000-0002-5560-590X"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dionisio de Niz","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, USA","Carnegie Mellon University, USA"],"raw_orcid":"https://orcid.org/0000-0002-5560-590X","affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"Carnegie Mellon University, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111558021","display_name":"Bj\u00f6rn Andersson","orcid":"https://orcid.org/0000-0002-4718-5722"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bjorn Andersson","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, USA","Carnegie Mellon University, USA"],"raw_orcid":"https://orcid.org/0000-0002-4718-5722","affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"Carnegie Mellon University, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Mark Klein","orcid":"https://orcid.org/0000-0001-5605-7995"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mark Klein","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, USA","Carnegie Mellon University, USA"],"raw_orcid":"https://orcid.org/0000-0001-5605-7995","affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"Carnegie Mellon University, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054006216","display_name":"John P. Lehoczky","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"John Lehoczky","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, USA","Carnegie Mellon University, USA"],"raw_orcid":"https://orcid.org/0009-0007-5638-5279","affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"Carnegie Mellon University, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081504885","display_name":"Hyoseung Kim","orcid":"https://orcid.org/0000-0002-8553-732X"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]},{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hyoseung Kim","raw_affiliation_strings":["University of California, Riverside, USA","Carnegie Mellon University, USA"],"raw_orcid":"https://orcid.org/0000-0002-8553-732X","affiliations":[{"raw_affiliation_string":"University of California, Riverside, USA","institution_ids":["https://openalex.org/I103635307"]},{"raw_affiliation_string":"Carnegie Mellon University, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":null,"display_name":"Gabriel Moreno","orcid":"https://orcid.org/0000-0002-4604-0839"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]},{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gabriel Moreno","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, USA","University of California, Riverside, USA"],"raw_orcid":"https://orcid.org/0000-0002-4604-0839","affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"University of California, Riverside, USA","institution_ids":["https://openalex.org/I103635307"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.5767,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.64395437,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":"9","issue":"1","first_page":"1","last_page":"25"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10933","display_name":"Real-Time Systems Scheduling","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10933","display_name":"Real-Time Systems Scheduling","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.8570149540901184},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8488531112670898},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.4940545856952667},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.4840397238731384},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.4779900908470154},{"id":"https://openalex.org/keywords/crash","display_name":"Crash","score":0.46430614590644836},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.4430106282234192},{"id":"https://openalex.org/keywords/trusted-computing","display_name":"Trusted Computing","score":0.4359404444694519},{"id":"https://openalex.org/keywords/model-checking","display_name":"Model checking","score":0.43096011877059937},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3814164400100708},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.37569016218185425},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.3242170214653015},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.15028193593025208},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.09568479657173157}],"concepts":[{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.8570149540901184},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8488531112670898},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.4940545856952667},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.4840397238731384},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.4779900908470154},{"id":"https://openalex.org/C183469790","wikidata":"https://www.wikidata.org/wiki/Q333501","display_name":"Crash","level":2,"score":0.46430614590644836},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4430106282234192},{"id":"https://openalex.org/C2776831232","wikidata":"https://www.wikidata.org/wiki/Q966812","display_name":"Trusted Computing","level":2,"score":0.4359404444694519},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.43096011877059937},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3814164400100708},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37569016218185425},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.3242170214653015},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.15028193593025208},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.09568479657173157},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3635162","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3635162","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3635162","source":{"id":"https://openalex.org/S2506189754","display_name":"ACM Transactions on Cyber-Physical Systems","issn_l":"2378-962X","issn":["2378-962X","2378-9638"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Cyber-Physical Systems","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3635162","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3635162","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3635162","source":{"id":"https://openalex.org/S2506189754","display_name":"ACM Transactions on Cyber-Physical Systems","issn_l":"2378-962X","issn":["2378-962X","2378-9638"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Cyber-Physical Systems","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.4099999964237213,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2144278397","display_name":null,"funder_award_id":"FA8702-15-D-0002","funder_id":"https://openalex.org/F4320306078","funder_display_name":"U.S. Department of Defense"},{"id":"https://openalex.org/G526907975","display_name":null,"funder_award_id":"FA8702-15-D-0002","funder_id":"https://openalex.org/F4320310207","funder_display_name":"Carnegie Mellon University"}],"funders":[{"id":"https://openalex.org/F4320306078","display_name":"U.S. Department of Defense","ror":"https://ror.org/0447fe631"},{"id":"https://openalex.org/F4320310207","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4389269346.pdf","grobid_xml":"https://content.openalex.org/works/W4389269346.grobid-xml"},"referenced_works_count":24,"referenced_works":["https://openalex.org/W1556614804","https://openalex.org/W1569199077","https://openalex.org/W2001244554","https://openalex.org/W2008166752","https://openalex.org/W2057847320","https://openalex.org/W2058980727","https://openalex.org/W2073294836","https://openalex.org/W2092289885","https://openalex.org/W2106327115","https://openalex.org/W2119167559","https://openalex.org/W2136310957","https://openalex.org/W2145132630","https://openalex.org/W2147448476","https://openalex.org/W2156093990","https://openalex.org/W2157605676","https://openalex.org/W2489194021","https://openalex.org/W2606525299","https://openalex.org/W2752598627","https://openalex.org/W2758078094","https://openalex.org/W2798916184","https://openalex.org/W2887699125","https://openalex.org/W2985970291","https://openalex.org/W4298112463","https://openalex.org/W6683146447"],"related_works":["https://openalex.org/W2763925850","https://openalex.org/W2016134224","https://openalex.org/W157845512","https://openalex.org/W2974256982","https://openalex.org/W2186866137","https://openalex.org/W2108312388","https://openalex.org/W103184648","https://openalex.org/W2124535345","https://openalex.org/W2211851094","https://openalex.org/W1991529287"],"abstract_inverted_index":{"Verifying":[0],"complex":[1,88],"Cyber-physical":[2],"Systems":[3],"(CPSs)":[4],"is":[5,111,120,141,156,206],"increasingly":[6],"important":[7],"given":[8],"the":[9,24,42,117,124,128,138,157,160,177,184,190,194,213,216],"push":[10],"to":[11,23,35,132,143,227],"deploy":[12],"safety-critical":[13],"autonomous":[14],"features.":[15],"Unfortunately,":[16],"traditional":[17],"verification":[18,61],"methods":[19,34],"do":[20,30],"not":[21,31,40],"scale":[22],"complexity":[25],"of":[26,162,179,215,220],"these":[27,49],"systems":[28],"and":[29,62,80,119,172,189,196,223],"provide":[32],"systematic":[33],"protect":[36],"verified":[37],"properties":[38],"when":[39],"all":[41],"components":[43,164,222],"can":[44,75],"be":[45],"verified.":[46],"To":[47],"address":[48],"challenges,":[50],"this":[51],"article":[52],"proposes":[53],"a":[54,67,81,92,96,101,105,135,148,202,224],"real-time":[55,97],"mixed-trust":[56],"computing":[57],"framework":[58,65,155],"that":[59],"combines":[60],"protection.":[63],"The":[64,84,108],"introduces":[66],"new":[68],"task":[69,74],"model,":[70],"where":[71],"an":[72,78],"application":[73,226],"have":[76],"both":[77],"untrusted":[79,85,125,129,163,197,221],"trusted":[82,106,109,139,195],"part.":[83,126],"part":[86,110,130,140],"allows":[87],"computations":[89],"supported":[90],"by":[91,104,113,134],"full":[93],"OS":[94],"with":[95,210],"scheduler":[98,115],"running":[99],"in":[100,176],"VM":[102],"hosted":[103],"hypervisor.":[107],"executed":[112],"another":[114],"within":[116],"hypervisor":[118],"thus":[121],"protected":[122],"from":[123],"If":[127],"fails":[131],"finish":[133],"specific":[136],"time,":[137],"activated":[142],"preserve":[144],"safety":[145],"(e.g.,":[146],"prevent":[147],"crash)":[149],"including":[150],"its":[151,186,229],"timing":[152,173],"guarantees.":[153],"This":[154],"first":[158],"allowing":[159],"use":[161],"for":[165],"CPS":[166],"critical":[167],"functions":[168],"while":[169],"preserving":[170],"logical":[171],"guarantees,":[174],"even":[175],"presence":[178],"malicious":[180],"attackers.":[181],"We":[182],"present":[183],"framework,":[185],"schedulability":[187],"analysis,":[188],"coordination":[191],"protocol":[192],"between":[193],"parts.":[198],"Our":[199],"implementation":[200],"on":[201],"Raspberry":[203],"Pi":[204],"3":[205],"also":[207],"discussed":[208],"along":[209],"experiments":[211],"showing":[212],"behavior":[214],"system":[217],"under":[218],"failures":[219],"drone":[225],"demonstrate":[228],"practicality.":[230]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}