{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T15:44:26Z","timestamp":1759333466561,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":51,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031944543"},{"type":"electronic","value":"9783031944550"}],"license":[{"start":{"date-parts":[[2025,9,5]],"date-time":"2025-09-05T00:00:00Z","timestamp":1757030400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,9,5]],"date-time":"2025-09-05T00:00:00Z","timestamp":1757030400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-031-94455-0_1","type":"book-chapter","created":{"date-parts":[[2025,9,4]],"date-time":"2025-09-04T09:22:35Z","timestamp":1756977755000},"page":"3-27","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Fast Firmware Fuzz with\u00a0Input\/Output Reposition"],"prefix":"10.1007","author":[{"given":"Mingfeng","family":"Xin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liting","family":"Deng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hui","family":"Wen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dongliang","family":"Fang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shichao","family":"Lv","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Limin","family":"Sun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,9,5]]},"reference":[{"key":"1_CR1","unstructured":"Grbl. https:\/\/github.com\/gnea\/grbl. Accessed Apr 2024"},{"key":"1_CR2","unstructured":"Antonakakis, M., et al.: Understanding the Mirai Botnet. In: Proceedings of the 26th USENIX Security Symposium (Usenix Security), Vancouver, BC, August 2017 (2017)"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Cao, C.,\u00a0Guan, L., Ming, J., Liu, P.: Device-agnostic firmware execution is possible: a concolic execution approach for peripheral emulation. In: Annual Computer Security Applications Conference, Virtual, December 2020 (2020)","DOI":"10.1145\/3427228.3427280"},{"key":"1_CR4","unstructured":"Chalupa, M.: DG. https:\/\/github.com\/mchalupa\/dg. Accessed Apr 2024"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for linux-based embedded firmware. In: Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2016 (2016)","DOI":"10.14722\/ndss.2016.23415"},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"Chen, J., et al.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2018 (2018)","DOI":"10.14722\/ndss.2018.23159"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Chesser, M., Nepal, S., Ranasinghe, D.C.: Icicle: a re-designed emulator for grey-box firmware fuzzing. In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 76\u201388 (2023)","DOI":"10.1145\/3597926.3598039"},{"key":"1_CR8","unstructured":"Clements, A.A., et al.: HALucinator: firmware re-hosting through abstraction layer emulation. In: Proceedings of the 29th USENIX Security Symposium (USENIX Security), Virtual, August 2020 (2020)"},{"key":"1_CR9","unstructured":"Constantin, L.: Hackers found 47 new vulnerabilities in 23 IoT devices at DEFCON. CSO Website (2016)"},{"key":"1_CR10","unstructured":"Corteggiani, N., Camurati, G., Francillon, A.: Inception: system-Wide security testing of real-world embedded systems software. In: Proceedings of the 27th USENIX Security Symposium (Usenix Security), Baltimore, MD, August 2018 (2018)"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 437\u2013448 (2016)","DOI":"10.1145\/2897845.2897900"},{"key":"1_CR12","unstructured":"Davidson, D., Moench, B., Ristenpart, T., Jha, S.: FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: Proceedings of the 22nd USENIX Security Symposium (Usenix Security), Washington, D.C., August 2013 (2013)"},{"key":"1_CR13","doi-asserted-by":"crossref","unstructured":"Farrelly, G., Chesser, M., Ranasinghe, D.C.: Ember-IO: effective firmware fuzzing with model-free memory mapped IO. In: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, pp. 401\u2013414 (2023)","DOI":"10.1145\/3579856.3582840"},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Fasano, A., et\u00a0al.: SoK: enabling security analyses of embedded systems via rehosting. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 687\u2013701 (2021)","DOI":"10.1145\/3433210.3453093"},{"key":"1_CR15","unstructured":"Feng, B., Mera, A., Lu, L.: P2IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In: Proceedings of the 29th USENIX Security Symposium (Usenix Security), Virtual, August 2020 (2020)"},{"key":"1_CR16","unstructured":"Gartner: Internet of things (IoT) market (2017). https:\/\/www.gartner.com\/ newsroom\/id\/3598917"},{"key":"1_CR17","unstructured":"G\u00fcler, E., Aschermann, C., Abbasi, A., Holz, T.: AntiFuzz: Impeding fuzzing audits of binary executables. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1931\u20131947 (2019)"},{"key":"1_CR18","unstructured":"Gustafson, E., et\u00a0al.: Toward the analysis of embedded firmware through automated re-hosting. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), Beijing, China, February 2019 (2019)"},{"key":"1_CR19","unstructured":"Harrison, L., Vijayakumar, H., Padhye, R., Sen, K., Grace, M.: PARTEMU: enabling dynamic analysis of Real-World TrustZone software using emulation. In: Proceedings of the 29th USENIX Security Symposium (Usenix Security), Virtual, August 2020 (2020)"},{"issue":"3","key":"1_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3428334","volume":"4","author":"A Hazimeh","year":"2020","unstructured":"Hazimeh, A., Herrera, A., Payer, M.: Magma: a ground-truth fuzzing benchmark. Proc. ACM Meas. Anal. Comput. Syst. 4(3), 1\u201329 (2020)","journal-title":"Proc. ACM Meas. Anal. Comput. Syst."},{"key":"1_CR21","doi-asserted-by":"crossref","unstructured":"Hu, Z., Dolan-Gavitt, B., IRQDebloat: reducing driver attack surface in embedded devices. In: Proceedings of 2022 IEEE Symposium on Security and Privacy (SP), pp. 1608\u20131622. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833695"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Jazdi, N.: Cyber physical systems in the context of industry 4.0. In: 2014 IEEE International Conference on Automation, Quality And Testing, Robotics, pp. 1\u20134. IEEE (2014)","DOI":"10.1109\/AQTR.2014.6857843"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Jiang, M., et al.: ECMO: peripheral transplantation to rehost embedded linux kernels. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual (2020)","DOI":"10.1145\/3460120.3484753"},{"key":"1_CR24","unstructured":"Jung, J., Hu, H., Solodukhin, D., Pagan, D., Lee, K.H., Kim, T.: Fuzzification: Anti-Fuzzing techniques. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1913\u20131930 (2019)"},{"key":"1_CR25","doi-asserted-by":"crossref","unstructured":"Kammerstetter, M., Platzer, C., Kastner, W.: Prospect: peripheral proxying supported embedded code testing. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, Kyoto, Japan, June 2014 (2014)","DOI":"10.1145\/2590296.2590301"},{"key":"1_CR26","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2024.103835","volume":"224","author":"J Kim","year":"2024","unstructured":"Kim, J., Yu, J., Lee, Y., Kim, D.D., Yun, J.: HD-FUZZ: hardware dependency-aware firmware fuzzing via hybrid MMIO modeling. J. Netw. Comput. Appl. 224, 103835 (2024)","journal-title":"J. Netw. Comput. Appl."},{"issue":"7","key":"1_CR27","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MC.2017.201","volume":"50","author":"C Kolias","year":"2017","unstructured":"Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80\u201384 (2017)","journal-title":"Computer"},{"key":"1_CR28","unstructured":"Koscher, K., Kohno, T., Molnar, D.: SURROGATES: enabling near-real-time dynamic analyses of embedded systems. In: 9th USENIX Workshop on Offensive Technologies (WOOT 2015), Washington, D.C., August 2015 (2015)"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Liu, Z., Yuan, Y., Wang, S., Bao, Y.: SoK: demystifying binary lifters through the lens of downstream applications. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1100\u20131119. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833799"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Lu, K., Hu, H.: Where does it go? Refining indirect-call targets with multi-layer type analysis. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1867\u20131881 (2019)","DOI":"10.1145\/3319535.3354244"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Marton, A.: SAM: More than 1 billion IoT attacks in 2021 (2022). https:\/\/iotac.eu\/sam-more-than-1-billion-iot-attacks-in-2021\/","DOI":"10.1016\/S1353-4858(21)00033-7"},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"Metzman, J., Szekeres, L., Simon, L., Sprabery, R., Arya, A.: FuzzBench: an open fuzzer benchmarking platform and service. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2021 (2021)","DOI":"10.1145\/3468264.3473932"},{"key":"1_CR33","doi-asserted-by":"crossref","unstructured":"Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Commun. ACM 33(12) (1990)","DOI":"10.1145\/96267.96279"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"Muench, M., Nisi, D., Francillon, A., Balzarotti., D.: Avatar 2: a multi-target orchestration platform. In: Workshop on Binary Analysis Research (co-located with NDSS 2018)), San Diego, CA, February 2018 (2018)","DOI":"10.14722\/bar.2018.23017"},{"key":"1_CR35","doi-asserted-by":"crossref","unstructured":"Muench, M., Stijohann, J., Kargl, F., Francillon, A., Balzarotti, D.: What you corrupt is not what you crash: challenges in fuzzing embedded devices. In: Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2018 (2018)","DOI":"10.14722\/ndss.2018.23166"},{"key":"1_CR36","unstructured":"Scharnowski, T., et al.:. Fuzzware: using precise MMIO modeling for effective firmware fuzzing. In: Proceedings of the 31st USENIX Security Symposium (Usenix Security), Boston, MA, August 2022 (2022)"},{"key":"1_CR37","doi-asserted-by":"crossref","unstructured":"Scharnowski, T., Buchmann, F., W\u00f6rner, S., Holz, T.: A case study on fuzzing satellite firmware (2023)","DOI":"10.14722\/spacesec.2023.230707"},{"key":"1_CR38","unstructured":"Scharnowski, T., W\u00f6rner, S., Buchmann, F., Bars, N., Schloegel, M., Holz, T.: Embedded firmware fuzzing using multi-stream inputs. Hoedur (2023)"},{"issue":"4","key":"1_CR39","doi-asserted-by":"publisher","first-page":"3453","DOI":"10.1109\/COMST.2018.2855563","volume":"20","author":"I Stellios","year":"2018","unstructured":"Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., Lopez, J.: A survey of IoT-enabled cyberattacks: assessing attack paths to critical infrastructures and services. IEEE Commun. Surv. Tutor. 20(4), 3453\u20133495 (2018)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"1_CR40","doi-asserted-by":"crossref","unstructured":"Sui, Y., J., Xue, J.: SVF: interprocedural static value-flow analysis in LLVM. In: Proceedings of the 25th International Conference on Compiler Construction, pp. 265\u2013266 (2016)","DOI":"10.1145\/2892208.2892235"},{"key":"1_CR41","unstructured":"Talebi, S.M.S., Tavakoli, H., Zhang, H., Zhang, Z., Sani, A.A., Qian, Z.: Charm: facilitating dynamic analysis of device drivers of mobile systems. In: Proceedings of the 27th USENIX Security Symposium (Usenix Security), Baltimore, MD, August 2018 (2018)"},{"key":"1_CR42","unstructured":"Tice, C., et al.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: USENIX Security Symposium, pp. 941\u2013955 (2014)"},{"key":"1_CR43","doi-asserted-by":"crossref","unstructured":"Wang, C., Liang, H.: Value peripheral register values for fuzzing MCU firmware. In: 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE), pp. 718\u2013729. IEEE (2023)","DOI":"10.1109\/ISSRE59848.2023.00061"},{"issue":"1","key":"1_CR44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3423167","volume":"54","author":"C Wright","year":"2021","unstructured":"Wright, C., Moeglein, W.A., Bagchi, S., Kulkarni, M., Clements, A.A.: Challenges in firmware re-hosting, emulation, and analysis. ACM Comput. Surv. (CSUR) 54(1), 1\u201336 (2021)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"1_CR45","unstructured":"Yang, J., Minturn, D.B., Hady, F.: When poll is better than interrupt. In: FAST, vol.\u00a012, p. 3 (2012)"},{"key":"1_CR46","unstructured":"Sui, Y., Xue, J.: SVF. https:\/\/github.com\/SVF-tools\/SVF\/. Accessed Apr 2024"},{"key":"1_CR47","doi-asserted-by":"crossref","unstructured":"Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D.: AVATAR: a framework to support dynamic security analysis of embedded systems\u2019 firmwares. In: Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014 (2014)","DOI":"10.14722\/ndss.2014.23229"},{"key":"1_CR48","unstructured":"Zalewski, M.: American Fuzzy Lop (2.52b). http:\/\/lcamtuf.coredump.cx\/afl. Accessed Apr 2024"},{"key":"1_CR49","unstructured":"Zhang, N., et al.: Understanding IoT security through the data crystal ball: where we are now and where we are going to be. CoRR, vol. abs\/1703.09809 (2017)"},{"key":"1_CR50","unstructured":"Zheng, Y., Davanian, A., Yin, H., Song, C., Zhu, H., Sun, L.: FIRM-AFL: high-throughput greybox fuzzing of IoT firmware via augmented process emulation. In: Proceedings of the 28th USENIX Security Symposium (Usenix Security), Santa Clara, CA, August 2019 (2019)"},{"key":"1_CR51","unstructured":"Zhou, W.,\u00a0Guan, L., Liu, P., Zhang, Y.: Automatic firmware emulation through invalidity-guided knowledge inference. In: Proceedings of the 30th USENIX Security Symposium (USENIX Security), Virtual, August 2021 (2021)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-94455-0_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,30]],"date-time":"2025-09-30T22:18:36Z","timestamp":1759270716000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-94455-0_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,5]]},"ISBN":["9783031944543","9783031944550"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-94455-0_1","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2025,9,5]]},"assertion":[{"value":"5 September 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Dubai","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/securecomm.eai-conferences.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}