Lower-end IoT devices typically have strict cost constraints that rule out usual security mechanisms available in general-purpose computers or higher-end devices. To secure low-end devices, various low-cost security architectures have been proposed for remote verification of their software state via integrity proofs. These proofs vary in terms of expressiveness, with simpler ones confirming correct binary presence, while more expressive ones support verification of arbitrary code execution. This article provides a holistic and systematic treatment of this family of architectures. It also compares (qualitatively and quantitatively) the types of software integrity proofs, respective architectural support, and associated costs. Finally, we outline some research directions and emerging challenges.

翻译：低端物联网设备通常面临严格成本约束，这排除了通用计算机或高端设备中常用的安全机制。为保障低端设备安全，研究者提出了多种低成本安全架构，通过完整性证明对其软件状态进行远程验证。这些证明在表达能力上存在差异：简单形式仅能确认二进制代码正确存在，而更富表达力的形式则支持验证任意代码执行的完整性。本文对该类架构进行了整体性、系统性的论述，同时从定性与定量角度比较了软件完整性证明的类型、对应架构支持及相关开销，最后概述了若干研究方向与新兴挑战。