Lower-end IoT devices typically have strict cost constraints that rule out usual security mechanisms available in general-purpose computers or higher-end devices. To secure low-end devices, various low-cost security architectures have been proposed for remote verification of their software state via integrity proofs. These proofs vary in terms of expressiveness, with simpler ones confirming correct binary presence, while more expressive ones support verification of arbitrary code execution. This article provides a holistic and systematic treatment of this family of architectures. It also compares (qualitatively and quantitatively) the types of software integrity proofs, respective architectural support, and associated costs. Finally, we outline some research directions and emerging challenges.

翻译：低端物联网设备通常受到严格成本约束，无法采用通用计算机或高端设备中常见的安全机制。为保障低端设备的安全性，学术界已提出多种低成本安全架构，通过完整性证明实现对其软件状态的远程验证。这些证明在表达能力上存在差异：简单的验证仅确认二进制程序的正确存在，而更具表达能力的验证则支持对任意代码执行的可靠性验证。本文对该类架构进行了全面系统的论述，同时（从定性和定量角度）比较了不同类型的软件完整性证明、相应架构支持及关联成本。最后，我们指出了若干研究方向与新兴挑战。