Publications
2025
[S&P’25] PEARTS: Provable Execution in Real-Time Embedded Systems
- Authors: Antonio Joia Neto, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes
- In: IEEE Symposium on Security and Privacy (Oakland) 2025
- Download: paper (PDF, 579 KB)
[S&P’25] SoK: Integrity, Attestation, and Auditing of Program Execution
- Authors: Mahmoud Ammar, Adam Caulfield, and Ivan De Oliveira Nunes
- In: IEEE Symposium on Security and Privacy (Oakland) 2025
- Download: paper (PDF, 854 KB)
[TIFS’25] SLAPP: Poisoning Prevention in Federated Learning and Differential Privacy via Stateful Proofs of Execution
- Authors: Norrathep Rattanavipanon and Ivan De Oliveira Nunes
- In: IEEE Transactions on Information Forensics and Security (TIFS) 2025 (to appear)
- Download: paper (PDF, 1 MB)
[DAC’25] RAP-Track: Efficient Control Flow Attestation via Parallel Tracking in Commodity MCUs
- Authors: Antonio Joia Neto, Adam Caulfield, and Ivan De Oliveira Nunes
- In: IEEE/ACM Design Automation Conference (DAC) 2025 (to appear)
- Download: available soon
[WISEC’25] Run-time Attestation and Auditing: the Verifier’s Perspective
- Authors: Adam Caulfield, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes
- In: 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks (to appear)
- Download: available soon
2024
[ACSAC’24] TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems
- Authors: Adam Caulfield, Antonio Joia Neto, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes
- In: 40th Annual Computer Security Applications Conference
- Download: paper
[ACSAC’24] SpecCFA: Enhancing Control Flow Attestation and Auditing via Application-Aware Sub-Path Speculation
- Authors: Adam Caulfield, Liam Tyler, and Ivan De Oliveira Nunes
- In: 40th Annual Computer Security Applications Conference
- Download: paper
[ACM EMSoft’24 and IEEE TCAD] Untrusted Code Compartmentalization for Bare Metal Embedded Devices
- Authors: Liam Tyler and Ivan De Oliveira Nunes
- In: ACM SIGBED International Conference on Embedded Software (EMSOFT) and IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD)
- Download: paper
[IEEE ComMag’24] Towards Remotely Verifiable Software Integrity in Resource-Constrained IoT Devices
- Authors: Ivan De Oliveira Nunes, Norrathep Rattanavipanon, Sashidhar Jakkamsetti, and Gene Tsudik
- In: IEEE Communications Magazine 2024
- Download: paper
2023
[USENIX SEC’23] ACFA: Secure Runtime Auditing & Guaranteed Device Healing via Active Control Flow Attestation
- Authors: Adam Caulfield, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes
- In: USENIX Security Symposium 2023
- Download: paper
[RTAS’23] ISC-FLAT: On the Conflict Between Control Flow Attestation and Real-Time Operations
- Authors: Antonio Joia Neto and Ivan De Oliveira Nunes
- In: IEEE Real-Time and Embedded Technology and Applications Symposium 2023
- Download: paper
[ICCAD’23] DiCA: A Hardware-Software Co-Design for Differential Check-Pointing in Intermittently Powered Devices
- Authors: Antonio Joia Neto, Adam Caulfield, Christabelle Alvares and Ivan De Oliveira Nunes
- In: IEEE/ACM International Conference on Computer-Aided Design
- Download: paper
[ICCAD’23] PARseL: Towards a Verified Root-of-Trust over seL4
- Authors: Ivan De Oliveira Nunes, Seoyeon Hwang, Sashidhar Jakkamsetti, Norrathep Rattanavipanon and Gene Tsudik
- In: IEEE/ACM International Conference on Computer-Aided Design
- Download: paper
[ESORICS’23] Oblivious Extractors and Improved Security in Biometric-based Authentication Systems
- Authors: Ivan De Oliveira Nunes, Peter Rindal and Maliheh Shirvanian
- In: 28th European Symposium on Research in Computer Security
- Download: paper
2022
[ICCAD’22] CASU: Compromise Avoidance via Secure Updates for Low-end Embedded Systems
- Authors: Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Youngil Kim, and Gene Tsudik
- In: IEEE/ACM International Conference on Computer-Aided Design 2022
- Download: paper
[S&P’22] Privacy-from-Birth: Protecting Sensed Data from Malicious Sensors with VERSA
- Authors: Ivan De Oliveira Nunes, Seoyeon Hwang, Sashidhar Jakkamsetti, and Gene Tsudik
- In: IEEE Symposium on Security and Privacy 2022
- Download: paper
[DAC’22] ASAP: Reconciling Asynchronous Real-Time Operations and Proofs of Execution in Simple Embedded Systems
- Authors: Adam Caulfield, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes
- In: DAC 2022
- Download: paper
[USENIX SEC’22] GAROTA: Generalized Active Root-Of-Trust Architecture (for Tiny Embedded Devices)
- Authors: Esmerald Aliaj, Ivan De Oliveira Nunes, and Gene Tsudik
- In: USENIX Security Symposium 2022
- Download: paper
2021
[CCS’21] On the TOCTOU Problem in Remote Attestation
- Authors: Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Norrathep Rattanavipanon, and Gene Tsudik
- In: ACM CCS 2021
- Download: paper
[DAC’21] DIALED: Data Integrity Attestation for Low-end Embedded Devices
- Authors: Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, and Gene Tsudik
- In: DAC 2021
- Download: paper
[WiSec’21] Delegated Attestation: Scalable Remote Attestation of Commodity CPS by Blending Proofs of Execution with Software Attestation
- Authors: Mahmoud Ammar, Bruno Crispo, Ivan De Oliveira Nunes, and Gene Tsudik
- In: ACM WiSec 2021
- Download: paper
[IPSN’21] On the Root of Trust Identification Problem
- Authors: Ivan De Oliveira Nunes, Xuhua Ding, and Gene Tsudik
- In: ACM IPSN 2021
- Download: paper
[DATE’21] Tiny-CFA: Minimalistic Control-Flow Attestation Using Verified Proofs of Execution
- Authors: Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, and Gene Tsudik
- In: DATE 2021
- Download: paper