{"id":"https://openalex.org/W7134810510","doi":"https://doi.org/10.48550/arxiv.2603.08400","title":"Trust Nothing: RTOS Security without Run-Time Software TCB (Extended Version)","display_name":"Trust Nothing: RTOS Security without Run-Time Software TCB (Extended Version)","publication_year":2026,"publication_date":"2026-03-09","ids":{"openalex":"https://openalex.org/W7134810510","doi":"https://doi.org/10.48550/arxiv.2603.08400"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.08400","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.08400","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.08400","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057588264","display_name":"Eric Ackermann","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ackermann, Eric","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5085053271","display_name":"Sven Bugiel","orcid":"https://orcid.org/0000-0002-7151-9614"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bugiel, Sven","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5057588264"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9452000260353088,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9452000260353088,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10933","display_name":"Real-Time Systems Scheduling","score":0.026399999856948853,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.0052999998442828655,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5728999972343445},{"id":"https://openalex.org/keywords/real-time-operating-system","display_name":"Real-time operating system","score":0.4609000086784363},{"id":"https://openalex.org/keywords/field-programmable-gate-array","display_name":"Field-programmable gate array","score":0.4242999851703644},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.39629998803138733},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.36739999055862427},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.3582000136375427},{"id":"https://openalex.org/keywords/embedded-operating-system","display_name":"Embedded operating system","score":0.35199999809265137},{"id":"https://openalex.org/keywords/embedded-software","display_name":"Embedded software","score":0.31189998984336853}],"concepts":[{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.7505000233650208},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7204999923706055},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5728999972343445},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.550599992275238},{"id":"https://openalex.org/C28472234","wikidata":"https://www.wikidata.org/wiki/Q213666","display_name":"Real-time operating system","level":2,"score":0.4609000086784363},{"id":"https://openalex.org/C42935608","wikidata":"https://www.wikidata.org/wiki/Q190411","display_name":"Field-programmable gate array","level":2,"score":0.4242999851703644},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4228000044822693},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.39629998803138733},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.36739999055862427},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.3582000136375427},{"id":"https://openalex.org/C35939892","wikidata":"https://www.wikidata.org/wiki/Q1139923","display_name":"Embedded operating system","level":3,"score":0.35199999809265137},{"id":"https://openalex.org/C154488198","wikidata":"https://www.wikidata.org/wiki/Q1335007","display_name":"Embedded software","level":3,"score":0.31189998984336853},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.30799999833106995},{"id":"https://openalex.org/C18131444","wikidata":"https://www.wikidata.org/wiki/Q163585","display_name":"Memory protection","level":5,"score":0.3037000000476837},{"id":"https://openalex.org/C98025372","wikidata":"https://www.wikidata.org/wiki/Q477538","display_name":"Systems architecture","level":3,"score":0.2937999963760376},{"id":"https://openalex.org/C2776831232","wikidata":"https://www.wikidata.org/wiki/Q966812","display_name":"Trusted Computing","level":2,"score":0.28679999709129333},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.28630000352859497},{"id":"https://openalex.org/C65232700","wikidata":"https://www.wikidata.org/wiki/Q5656403","display_name":"Hardware architecture","level":3,"score":0.2784999907016754},{"id":"https://openalex.org/C2779960034","wikidata":"https://www.wikidata.org/wiki/Q676202","display_name":"System software","level":3,"score":0.2660999894142151},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.2639999985694885},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.26109999418258667},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.26109999418258667},{"id":"https://openalex.org/C2779304628","wikidata":"https://www.wikidata.org/wiki/Q3503480","display_name":"Face (sociological concept)","level":2,"score":0.2556999921798706}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.08400","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.08400","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.08400","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.08400","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Embedded":[0],"devices":[1,69],"face":[2],"an":[3,61],"ever-expanding":[4],"threat":[5,31],"landscape:":[6],"vulnerabilities":[7],"in":[8,33,153],"application":[9],"software,":[10],"operating":[11,63,99],"system":[12,64,100],"kernels,":[13],"and":[14,79,132,135],"peripherals":[15,137],"threaten":[16],"the":[17],"embedded":[18,156],"device":[19],"integrity.":[20],"Existing":[21],"computer-architectural":[22],"defenses":[23],"fully":[24,139],"consider":[25],"at":[26,40,126],"most":[27],"two":[28],"of":[29,85],"these":[30],"vectors":[32],"their":[34],"security":[35],"model.":[36],"This":[37],"paper":[38],"aims":[39],"addressing":[41],"this":[42,50,111],"gap":[43],"using":[44],"a":[45,54,81,96,147],"novel":[46],"capability":[47,56,87],"architecture.":[48],"To":[49,110],"end,":[51,112],"we":[52,77,94,113],"combine":[53],"token":[55],"approach":[57],"suitable":[58],"for":[59,149],"building":[60],"untrusted":[62],"with":[65],"protection":[66],"against":[67],"malicious":[68],"without":[70],"requiring":[71],"hardware":[72,91],"changes":[73],"to":[74],"peripherals.":[75],"First,":[76],"develop":[78],"evaluate":[80],"full":[82],"FPGA":[83],"implementation":[84],"our":[86,144],"architecture":[88],"around":[89],"legacy":[90],"components.":[92,121],"Further,":[93],"present":[95],"soft":[97],"real-time":[98],"based":[101],"on":[102],"Zephyr":[103],"that":[104,124,143],"has":[105],"no":[106],"run-time":[107],"software":[108],"TCB.":[109],"disaggregate":[114],"Zephyr's":[115],"subsystems":[116,123],"into":[117],"small,":[118],"mutually":[119],"isolated":[120],"All":[122],"exist":[125],"run":[127],"time,":[128],"including":[129],"scheduler,":[130],"allocator":[131],"DMA":[133],"drivers,":[134],"all":[136],"are":[138],"untrusted.":[140],"We":[141],"believe":[142],"work":[145],"offers":[146],"foundation":[148],"more":[150],"rigorous":[151],"security-by-design":[152],"tomorrow's":[154],"security-critical":[155],"devices.":[157]},"counts_by_year":[],"updated_date":"2026-03-11T06:17:14.884878","created_date":"2026-03-11T00:00:00"}