{"id":"https://openalex.org/W4407942566","doi":"https://doi.org/10.1145/3708493.3712694","title":"Secure Scripting with CHERIoT MicroPython","display_name":"Secure Scripting with CHERIoT MicroPython","publication_year":2025,"publication_date":"2025-02-25","ids":{"openalex":"https://openalex.org/W4407942566","doi":"https://doi.org/10.1145/3708493.3712694"},"language":"en","primary_location":{"id":"doi:10.1145/3708493.3712694","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3708493.3712694","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3708493.3712694","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th ACM SIGPLAN International Conference on Compiler Construction","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3708493.3712694","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101494971","display_name":"Duncan Lowther","orcid":"https://orcid.org/0009-0004-9310-8092"},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Duncan Lowther","raw_affiliation_strings":["University of Glasgow, Glasgow, United Kingdom"],"raw_orcid":"https://orcid.org/0009-0004-9310-8092","affiliations":[{"raw_affiliation_string":"University of Glasgow, Glasgow, United Kingdom","institution_ids":["https://openalex.org/I7882870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027135948","display_name":"Dejice Jacob","orcid":"https://orcid.org/0000-0002-4137-0353"},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Dejice Jacob","raw_affiliation_strings":["University of Glasgow, Glasgow, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-4137-0353","affiliations":[{"raw_affiliation_string":"University of Glasgow, Glasgow, United Kingdom","institution_ids":["https://openalex.org/I7882870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5116421871","display_name":"Jacob Trevor","orcid":null},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Jacob Trevor","raw_affiliation_strings":["University of Glasgow, Glasgow, United Kingdom"],"raw_orcid":"https://orcid.org/0009-0009-8819-0374","affiliations":[{"raw_affiliation_string":"University of Glasgow, Glasgow, United Kingdom","institution_ids":["https://openalex.org/I7882870"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064718447","display_name":"Jeremy Singer","orcid":"https://orcid.org/0000-0001-9462-6802"},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Jeremy Singer","raw_affiliation_strings":["University of Glasgow, Glasgow, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0001-9462-6802","affiliations":[{"raw_affiliation_string":"University of Glasgow, Glasgow, United Kingdom","institution_ids":["https://openalex.org/I7882870"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5101494971"],"corresponding_institution_ids":["https://openalex.org/I7882870"],"apc_list":null,"apc_paid":null,"fwci":2.1733,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.87295767,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"180","last_page":"191"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.720923900604248},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.5786109566688538},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.5560426712036133}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.720923900604248},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.5786109566688538},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5560426712036133}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3708493.3712694","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3708493.3712694","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3708493.3712694","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th ACM SIGPLAN International Conference on Compiler Construction","raw_type":"proceedings-article"},{"id":"pmh:oai:eprints.gla.ac.uk:345001","is_oa":true,"landing_page_url":"http://eprints.gla.ac.uk/view/author/72305.html>","pdf_url":null,"source":{"id":"https://openalex.org/S4210235606","display_name":"ENLIGHTEN (Jurnal Bimbingan dan Konseling Islam)","issn_l":"2622-8912","issn":["2622-8912","2622-8920"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"}],"best_oa_location":{"id":"doi:10.1145/3708493.3712694","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3708493.3712694","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3708493.3712694","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th ACM SIGPLAN International Conference on Compiler Construction","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3968745403","display_name":null,"funder_award_id":"EP/X037525/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4407942566.pdf"},"referenced_works_count":18,"referenced_works":["https://openalex.org/W2171482413","https://openalex.org/W2187802606","https://openalex.org/W2517996894","https://openalex.org/W2943086984","https://openalex.org/W4315631944","https://openalex.org/W4376130811","https://openalex.org/W4376862083","https://openalex.org/W4387647230","https://openalex.org/W4387781801","https://openalex.org/W4387781802","https://openalex.org/W4389491878","https://openalex.org/W4389679529","https://openalex.org/W4393965186","https://openalex.org/W4399584967","https://openalex.org/W4399881573","https://openalex.org/W4401753021","https://openalex.org/W6929165531","https://openalex.org/W6947981164"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2046765700","https://openalex.org/W2780629932","https://openalex.org/W4384345686","https://openalex.org/W2357937784","https://openalex.org/W2547618384","https://openalex.org/W4394391052","https://openalex.org/W2145834781"],"abstract_inverted_index":{"The":[0,147],"lean":[1],"MicroPython":[2,19,90,111,158,170],"runtime":[3,30,73,103,184],"is":[4,33,203],"a":[5,27,34,65,98,130,137,143,181,192,213,225],"widely":[6],"adopted":[7],"high":[8],"level":[9],"programming":[10],"framework":[11],"for":[12,72,188],"embedded":[13,56],"microcontroller":[14],"systems.":[15],"However,":[16],"the":[17,38,78,85,110,125,151,164],"existing":[18],"codebase":[20],"has":[21],"limited":[22],"security":[23,74,166],"features,":[24],"rendering":[25],"it":[26],"fundamentally":[28],"insecure":[29],"environment.":[31],"This":[32,221],"critical":[35],"problem,":[36],"given":[37],"growing":[39],"deployment":[40,215],"of":[41,68,101,124,133,154,186,194,205],"highly":[42],"interconnected":[43],"IoT":[44,230],"systems":[45],"on":[46,208],"which":[47],"society":[48],"depends.":[49],"Malicious":[50],"actors":[51],"seek":[52],"to":[53,113,229],"compromise":[54],"such":[55],"infrastructure,":[57],"using":[58],"sophisticated":[59],"attack":[60],"vectors.":[61],"We":[62,106,128,161],"have":[63,107],"implemented":[64],"novel":[66],"variant":[67],"MicroPython,":[69],"adding":[70],"support":[71],"features":[75],"provided":[76,167],"in":[77],"CHERI":[79],"RISC-V":[80],"architecture":[81],"as":[82],"instantiated":[83],"by":[84,168],"CHERIoT-RTOS":[86],"system.":[87,127],"Our":[88,177],"new":[89],"port":[91],"supports":[92],"hardware-enabled":[93],"spatial":[94],"memory":[95,104],"safety,":[96],"mitigating":[97],"large":[99],"set":[100,153,193],"common":[102],"attacks.":[105],"also":[108],"compartmentalized":[109],"runtime,":[112],"prevent":[114],"untrusted":[115],"code":[116],"from":[117],"elevating":[118],"its":[119],"permissions":[120],"and":[121,142,212],"taking":[122],"control":[123],"entire":[126],"perform":[129],"multi-faceted":[131],"evaluation":[132],"our":[134,209],"work,":[135],"involving":[136],"qualitative":[138],"security-focused":[139],"case":[140,148],"study":[141,149],"quantitative":[144],"performance":[145,178],"analysis.":[146],"explores":[150],"full":[152],"five":[155],"publicly":[156],"reported":[157],"vulnerabilities":[159],"(CVEs).":[160],"demonstrate":[162],"that":[163],"enhanced":[165],"CHERIoT":[169],"mitigate":[171],"two":[172],"heap":[173],"buffer":[174],"overflow":[175],"CVEs.":[176],"analysis":[179],"shows":[180],"geometric":[182],"mean":[183],"overhead":[185,207,216],"48%":[187],"secure":[189],"execution":[190],"across":[191],"ten":[195],"standard":[196],"Python":[197],"benchmarks,":[198],"although":[199],"we":[200],"argue":[201],"this":[202],"indicative":[204],"worst-case":[206],"prototype":[210],"platform":[211],"realistic":[214],"would":[217],"be":[218],"significantly":[219],"lower.":[220],"work":[222],"opens":[223],"up":[224],"new,":[226],"secure-by-design":[227],"approach":[228],"application":[231],"development.":[232]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2025-12-28T23:10:05.387466","created_date":"2025-10-10T00:00:00"}