{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,2]],"date-time":"2026-03-02T12:50:56Z","timestamp":1772455856575,"version":"3.50.1"},"reference-count":65,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1109\/sp46214.2022.9833593","type":"proceedings-article","created":{"date-parts":[[2022,7,27]],"date-time":"2022-07-27T15:28:05Z","timestamp":1658935685000},"page":"2212-2229","source":"Crossref","is-referenced-by-count":22,"title":["FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks"],"prefix":"10.1109","author":[{"given":"Kyungtae","family":"Kim","sequence":"first","affiliation":[{"name":"Purdue University"}]},{"given":"Taegyu","family":"Kim","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University"}]},{"given":"Ertza","family":"Warraich","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Byoungyoung","family":"Lee","sequence":"additional","affiliation":[{"name":"Seoul National University"}]},{"given":"Kevin R. B.","family":"Butler","sequence":"additional","affiliation":[{"name":"University of Florida"}]},{"given":"Antonio","family":"Bianchi","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Dave","family":"Jing Tian","sequence":"additional","affiliation":[{"name":"Purdue University"}]}],"member":"263","reference":[{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00017"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23176"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134050"},{"key":"ref15","article-title":"Potus: Probing off-the-shelf usb drivers with symbolic fault injection","author":"patrick-evans","year":"2017","journal-title":"11th USENIX Workshop on Offensive Technologies (WOOT 17)"},{"key":"ref59","article-title":"Vulcan: Lessons in reliability of wear os ecosystem through state-aware fuzzing","author":"yi","year":"2020","journal-title":"Proceedings of the International Conference on Mobile Systems Applications and Services (MobiSys)"},{"key":"ref14","first-page":"397","article-title":"Usbfuzz: A framework for fuzzing usb drivers by device emulation","author":"peng","year":"2020","journal-title":"29th USENIX Security Symposium (USENIX Security 20)"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3341301.3359662"},{"key":"ref53","article-title":"Pex: A permission check analysis framework for linux kernel","author":"zhang","year":"2019","journal-title":"Proceedings of 28th USENIX Security Symposium (USENIX Security)"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354244"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23404"},{"key":"ref55","first-page":"2541","article-title":"Agamotto: Accelerating kernel driver fuzzing with lightweight virtual machine checkpoints","author":"song","year":"2020","journal-title":"29th USENIX Security Symposium USENIX Security 20"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134103"},{"key":"ref54","article-title":"Dr.checker: A soundy analysis for linux kernel drivers","author":"machiry","year":"2017","journal-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security)"},{"key":"ref17","article-title":"Don&#x2019;t trust your usb! how to find bugs in usb device drivers","author":"schumilo","year":"2014","journal-title":"BlackHat Europe"},{"key":"ref16","article-title":"Syzkaller","author":"vyukov","year":"2015"},{"key":"ref19","article-title":"Facedancer usb: Exploiting the magic school bus","author":"goodspeed","year":"2012","journal-title":"Proceedings of the REcon 2012 Conference"},{"key":"ref18","article-title":"Umap2","year":"0"},{"key":"ref51","first-page":"249","article-title":"Pasan: Detecting peripheral access concurrency bugs within bare-metal embedded applications","author":"kim","year":"2021","journal-title":"30th USENIX Security Symposium (USENIX Security 21)"},{"key":"ref50","article-title":"Mbed os","year":"0"},{"key":"ref46","article-title":"Open source software used in playstation 3","year":"0"},{"key":"ref45","article-title":"Security holes put 100 million iot devices at risk","year":"0"},{"key":"ref48","article-title":"Syzkaller for android device","year":"0"},{"key":"ref47","year":"2020","journal-title":"F bug report"},{"key":"ref42","article-title":"CVE-2018-20961","year":"2018"},{"key":"ref41","article-title":"CVE-2019-14763","year":"2019"},{"key":"ref44","article-title":"Freebsd","author":"project","year":"0"},{"key":"ref43","year":"2020"},{"key":"ref49","article-title":"Zephyr rtos","year":"0"},{"key":"ref8","article-title":"Moonshine: Optimizing os fuzzer seed selection with trace distillation","author":"pailoor","year":"2018","journal-title":"Proceedings of the 27th USENIX Security Symposium (Security)"},{"key":"ref7","article-title":"kafl: Hardware-assisted feedback fuzzing for os kernels","author":"schumilo","year":"2017","journal-title":"Proceedings of the 26th USENIX Security Symposium (Security)"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24018"},{"key":"ref4","article-title":"Badusb 2.0: Usb man in the middle attacks","author":"kierznowski","year":"2016","journal-title":"Retrieved from RoyalHolloway"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"ref6","article-title":"Mactans: Injecting malware into ios devices via malicious chargers","year":"0"},{"key":"ref5","first-page":"273","article-title":"Attention spanned: Comprehensive vulnerability analysis of {AT}commands within the android ecosystem","author":"tian","year":"2018","journal-title":"27th USENIX Security Symposium ( USENIX Security 18)"},{"key":"ref40","article-title":"Kernel memory leak detector","year":"2018"},{"key":"ref35","first-page":"337","article-title":"Z3: An efficient smt solver","author":"de moura","year":"2008","journal-title":"International Conference on Tools and Algorithms for the Construction and Analysis of Systems"},{"key":"ref34","article-title":"Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs","author":"cadar","year":"2008","journal-title":"Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'02)"},{"key":"ref37","article-title":"Kcov","year":"2018"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2004.1281665"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1984.5010248"},{"key":"ref30","article-title":"Usb gadget api for linux","year":"0"},{"key":"ref33","article-title":"dg","author":"chalupa","year":"2016"},{"key":"ref32","article-title":"Qsym: a practical concolic execution engine tailored for hybrid fuzzing","author":"yun","year":"2018","journal-title":"Proceedings of the 27th USENIX Security Symposium (Security)"},{"key":"ref2","article-title":"Usb type-c&#x00AE; cable and connector specification","year":"2019"},{"key":"ref1","article-title":"Usb 3.2 specifications","year":"2017"},{"key":"ref39","article-title":"Undefined behavior sanitizer","year":"2018"},{"key":"ref38","article-title":"Kernel address sanitizer","year":"2018"},{"key":"ref24","article-title":"Class definitions for communication devices (1.2)","year":"0"},{"key":"ref23","article-title":"Usb multi-role device design by example","author":"hyde","year":"2003","journal-title":"Comissioned by Cypress Semiconductors"},{"key":"ref26","article-title":"Mass storage class specification overview (1.4)","year":"0"},{"key":"ref25","article-title":"Usb human interface device (hid) information","year":"0"},{"key":"ref20","article-title":"Linux kernel usb bugs found by syzkaller","year":"0"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363212"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00117"},{"key":"ref22","article-title":"Usb on the go and embedded host","year":"0"},{"key":"ref21","year":"0"},{"key":"ref65","first-page":"781","article-title":"{FUZE}: Towards facilitating exploit generation for kernel use-after-free vulnerabilities","author":"wu","year":"2018","journal-title":"27th USENIX Security Symposium (USENIX Security 18)"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134069"},{"key":"ref27","article-title":"Configfs","author":"becker","year":"0"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00078"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-28865-9_18"},{"key":"ref62","first-page":"193","article-title":"Protocol state fuzzing of tls implementations","author":"de ruiter","year":"2015","journal-title":"24th USENIX Security Symposium (USENIX Security 15)"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-64701-2_26"}],"event":{"name":"2022 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2022,5,22]]},"end":{"date-parts":[[2022,5,26]]}},"container-title":["2022 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9833550\/9833558\/09833593.pdf?arnumber=9833593","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,8]],"date-time":"2023-11-08T18:05:44Z","timestamp":1699466744000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9833593\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":65,"URL":"https:\/\/doi.org\/10.1109\/sp46214.2022.9833593","relation":{},"subject":[],"published":{"date-parts":[[2022,5]]}}}