{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T01:38:44Z","timestamp":1772242724455,"version":"3.50.1"},"reference-count":51,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001321","name":"National Research Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001321","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001321","name":"National Research Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001321","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,11]]},"DOI":"10.1109\/ase51524.2021.9678653","type":"proceedings-article","created":{"date-parts":[[2022,1,20]],"date-time":"2022-01-20T20:33:49Z","timestamp":1642710829000},"page":"792-804","source":"Crossref","is-referenced-by-count":10,"title":["FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution"],"prefix":"10.1109","author":[{"given":"Qiang","family":"Liu","sequence":"first","affiliation":[]},{"given":"Cen","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Lin","family":"Ma","sequence":"additional","affiliation":[]},{"given":"Muhui","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Yajin","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Lei","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Wenbo","family":"Shen","sequence":"additional","affiliation":[]},{"given":"Xiapu","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Yang","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Kui","family":"Ren","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3338507.3358616"},{"key":"ref38","first-page":"135","article-title":"Toward the analysis of embedded firmware through automated re-hosting","author":"gustafson","year":"2019","journal-title":"Proceedings of the 22nd International Symposium on Research in Attacks Intrusions and Defenses (RAID)"},{"key":"ref33","article-title":"Cve-2017-1000112: Exploitable memory corruption due to ufo to non-ufo path switching","author":"konovalov","year":"2017"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"ref31","first-page":"8","article-title":"Scalable, behavior-based malware clustering","volume":"9","author":"bayer","year":"2009","journal-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS)"},{"key":"ref30","first-page":"233","article-title":"Dynamic spyware analysis","author":"egele","year":"2007","journal-title":"2007 USENIX Annual Technical Conference (USENIX ATC)"},{"key":"ref37","article-title":"Embedded security testing with peripheral device caching and runtime program state approximation","author":"kammerstetter","year":"2016","journal-title":"10th International Conference on Emerging Security Information Systems and Technologies (SECUWARE)"},{"key":"ref36","article-title":"Surrogates: Enabling near-real-time dynamic analyses of embedded systems","author":"koscher","year":"2015","journal-title":"Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT)"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590301"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00094"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"ref27","article-title":"mtd: nand: orion: fix clk handling","author":"kroah-hartman","year":"2017"},{"key":"ref29","first-page":"569","article-title":"Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis","author":"yan","year":"2012","journal-title":"Proceedings of the 21th USENIX Security Symposium (USENIX Security)"},{"key":"ref2","article-title":"Attack landscape h2 2019: An unprecedented year for cyber attacks","author":"sattler","year":"2020"},{"key":"ref1","article-title":"Attack landscape h1 2019: Iot, smb traffic abound","author":"michael","year":"2019"},{"key":"ref20","article-title":"Unicorefuzz: On the viability of emulation for kernelspace fuzzing","author":"maier","year":"2019","journal-title":"Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT)"},{"key":"ref22","article-title":"cyruscyliu\/firmguide-demo: Demo of firmguide for ase2021","author":"liu","year":"2021"},{"key":"ref21","article-title":"Afl\/qemu fuzzing with full-system emulation","author":"hertz","year":"2016"},{"key":"ref24","first-page":"46","article-title":"Qemu, a fast and portable dynamic translator","author":"bellard","year":"2005","journal-title":"2005 USENIX Annual Technical Conference (USENIX ATC 05)"},{"key":"ref23","article-title":"cyruscyliu\/firmguide: Source code of firmguide","author":"liu","year":"2021"},{"key":"ref26","first-page":"209","article-title":"Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs","author":"cadar","year":"2008","journal-title":"Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI)"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254088"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23145"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"ref10","first-page":"291","article-title":"Charm: Facilitating dynamic analysis of device drivers of mobile systems","author":"talebi","year":"2018","journal-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security)"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897900"},{"key":"ref40","article-title":"Arm-x firmware emulation framework","year":"2019"},{"key":"ref12","first-page":"1099","article-title":"Firmafl: high-throughput greybox fuzzing of iot firmware via augmented process emulation","author":"zheng","year":"2019","journal-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security)"},{"key":"ref13","article-title":"P2im: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling","author":"feng","year":"2019","journal-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security)"},{"key":"ref14","article-title":"Halucinator: Firmware re-hosting through abstraction layer emulation","author":"clements","year":"2020","journal-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security)"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24308"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"ref17","article-title":"Openwrt downloads","year":"2020"},{"key":"ref18","article-title":"Openwrt archive","year":"2020"},{"key":"ref19","year":"0","journal-title":"Testing linux one syscall at a time"},{"key":"ref4","first-page":"95","article-title":"A large-scale analysis of the security of embedded firmwares","author":"costin","year":"2014","journal-title":"Proceedings of the 23rd USENIX Security Symposium (USENIX Security)"},{"key":"ref3","article-title":"Assessing enterprise firmware security risk in 2020","year":"2020"},{"key":"ref6","article-title":"Vulnerability statistics of linux kernel","year":"0"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417240"},{"key":"ref7","article-title":"An investigation of the android kernel patch ecosystem","author":"zhang","year":"2021","journal-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security)"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"ref9","first-page":"15","article-title":"Fast and precise retrieval of forward and back porting information for linux device drivers","author":"lawall","year":"2017","journal-title":"2017 USENIX Annual Technical Conference (USENIX ATC 17)"},{"key":"ref46","first-page":"1151","article-title":"Looking from the mirror: evaluating iot device security through mobile companion apps","author":"wang","year":"2019","journal-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security)"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00036"},{"key":"ref47","article-title":"Qiling framework - advanced binary emulation framework","author":"lau","year":"2020"},{"key":"ref42","article-title":"Partemu: Enabling dynamic analysis of real-world trustzone software using emulation","author":"harrison","year":"2020","journal-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security)"},{"key":"ref41","article-title":"Emulation and exploration of bcm wifi frame parsing using luaqemu","author":"nico","year":"2017"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978370"},{"key":"ref43","article-title":"Wind river simics","author":"systems","year":"2021"}],"event":{"name":"2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE)","location":"Melbourne, Australia","start":{"date-parts":[[2021,11,15]]},"end":{"date-parts":[[2021,11,19]]}},"container-title":["2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9678507\/9678392\/09678653.pdf?arnumber=9678653","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T16:57:44Z","timestamp":1652201864000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9678653\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11]]},"references-count":51,"URL":"https:\/\/doi.org\/10.1109\/ase51524.2021.9678653","relation":{},"subject":[],"published":{"date-parts":[[2021,11]]}}}