{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,2]],"date-time":"2026-03-02T12:50:57Z","timestamp":1772455857080,"version":"3.50.1"},"reference-count":48,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"funder":[{"DOI":"10.13039\/100006190","name":"Research and Development","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006190","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/sp46215.2023.10179421","type":"proceedings-article","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T17:18:15Z","timestamp":1689959895000},"page":"2155-2169","source":"Crossref","is-referenced-by-count":7,"title":["RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing"],"prefix":"10.1109","author":[{"given":"Jiawei","family":"Yin","sequence":"first","affiliation":[{"name":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"}]},{"given":"Menghao","family":"Li","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"}]},{"given":"Yuekang","family":"Li","sequence":"additional","affiliation":[{"name":"Nanyang Technological University"}]},{"given":"Yong","family":"Yu","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences,Key Laboratory of Network Assessment Technology"}]},{"given":"Boru","family":"Lin","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"}]},{"given":"Yanyan","family":"Zou","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"}]},{"given":"Yang","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University"}]},{"given":"Wei","family":"Huo","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"}]},{"given":"Jingling","family":"Xue","sequence":"additional","affiliation":[{"name":"UNSW,Sydney"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Total unit shipments of personal computers (PCs) worldwide from 2006 to 2020","year":"2021"},{"key":"ref2","article-title":"Through the smm-class and a vulnerability found there","year":"2020"},{"key":"ref3","article-title":"A Security Issue in Intel\u2019s Active Management Technology (AMT)","year":"2018"},{"key":"ref4","article-title":"A new class of vulnerabilities in smi handlers","author":"Bazhaniuk","year":"2015"},{"key":"ref5","article-title":"Exploiting smm callout vulnerabilities in lenovo firmware","year":"2016"},{"key":"ref6","article-title":"american fuzzy lop (2.52b)","author":"Zalewski","year":"2019"},{"key":"ref7","article-title":"LibFuzzer: A library for coverage-guided fuzz testing","year":"2019"},{"key":"ref8","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2021.24334","article-title":"WINNIE : Fuzzing windows applications with harness synthesis and fast cloning","volume-title":"28th Annual Network and Distributed System Security Symposium, NDSS 2021","author":"Jung"},{"key":"ref9","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2019.23504","article-title":"Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing","volume-title":"Proceedings 2019 Network and Distributed System Security Symposium","author":"Zhao"},{"key":"ref10","article-title":"QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing","volume-title":"Proceedings of the 27th USENIX Security Symposium (Security)","author":"Yun"},{"key":"ref11","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2021.24327","article-title":"TASE: reducing latency of symbolic execution with transactional memory","volume-title":"28th Annual Network and Distributed System Security Symposium, NDSS 2021","author":"Humphries"},{"key":"ref12","first-page":"181","article-title":"Symbolic execution with SymCC: Don\u2019t interpret, compile!","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Poeplau"},{"key":"ref13","first-page":"754","article-title":"Razzer: Finding kernel race bugs through fuzzing","volume-title":"IEEE Symposium on Security and Privacy","author":"Jeong"},{"key":"ref14","doi-asserted-by":"crossref","DOI":"10.1145\/3460120.3484543","article-title":"Snipuzz: Black-box fuzzing of iot firmware via message snippet inference","volume-title":"CoRR","author":"Feng","year":"2021"},{"key":"ref15","first-page":"1099","article-title":"Firm-afl: High-throughput greybox fuzzing of iot firmware via augmented process emulation","volume-title":"Proceedings of the 28th USENIX Conference on Security Symposium","author":"Zheng"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3264593"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106295"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00046"},{"key":"ref19","first-page":"2325","article-title":"MUZZ: thread-aware grey-box fuzzing for effective bug hunting in multithreaded programs","volume-title":"29th USENIX Security Symposium, USENIX Security 2020","author":"Chen"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510197"},{"key":"ref23","article-title":"Chipsec: Platform security assessment framework","year":"2022"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18072.2020.9218694"},{"key":"ref25","article-title":"Excite project: all the truth about symbolic execution for bios security","author":"Safonov","year":"2016"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484564"},{"key":"ref28","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2018.23166","article-title":"What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices","volume-title":"NDSS","author":"Muench","year":"2018"},{"key":"ref29","article-title":"Qiling framework","year":"2021"},{"key":"ref30","first-page":"31","article-title":"Triton: A dynamic symbolic execution framework","volume-title":"Symposium sur la s\u00e9curit\u00e9 des technologies de l\u2019information et des communications, SSTIC","author":"Saudel"},{"key":"ref31","first-page":"1570","article-title":"Finding smm privilege-escalation vulnerabilities in uefi firmware with protocol-centric static analysis","volume-title":"2022 2022 IEEE Symposium on Security and Privacy (SP) (SP)","author":"Yin"},{"key":"ref32","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2016.23368","article-title":"Driller: Augmenting fuzzing through selective symbolic execution","volume-title":"23rd Annual Network and Distributed System Security Symposium, NDSS 2016","author":"Stephens"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/sp40000.2020.00002"},{"key":"ref34","first-page":"77","article-title":"MEUZZ: Smart seed scheduling for hybrid fuzzing","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020)","author":"Chen"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354249"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00063"},{"key":"ref37","first-page":"689","article-title":"Cabfuzz: Practical concolic testing techniques for COTS operating systems","volume-title":"2017 USENIX Annual Technical Conference, USENIX ATC 2017","author":"Kim"},{"key":"ref38","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2020.24018","article-title":"HFL: hybrid fuzzing on the linux kernel","volume-title":"27th Annual Network and Distributed System Security Symposium, NDSS 2020","author":"Kim"},{"key":"ref39","article-title":"Finding bios vulnerabilities with symbolic execution and virtual platforms","author":"Engblom","year":"2017"},{"key":"ref40","volume-title":"Software and system development using virtual platforms: full-system simulation with wind river simics","author":"Aarno","year":"2014"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3340456"},{"key":"ref42","first-page":"2271","article-title":"{FuzzGen}: Automatic fuzzer generation","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Ispoglou"},{"key":"ref43","first-page":"2811","article-title":"{APICraft}: Fuzz driver generation for closed-source {SDK} libraries","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Zhang"},{"key":"ref44","first-page":"351","article-title":"{KSG}: Augmenting kernel fuzzing with system call specification generation","volume-title":"2022 USENIX Annual Technical Conference (USENIX ATC 22)","author":"Sun"},{"key":"ref45","article-title":"HALucinator: Firmware Re-hosting through Abstraction Layer Emulation","author":"Clements","year":"2020"},{"key":"ref46","article-title":"P2im: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling","volume-title":"29th USENIX Security Symposium","author":"Feng"},{"key":"ref47","article-title":"Emulation and exploration of bcm wifi frame parsing using luaqemu","year":"2017"},{"key":"ref48","article-title":"Unicorn: The ultimate cpu emulator","year":"2015"},{"key":"ref49","article-title":"Moving from manual reverse engineering of uefi modules to dynamic emulation of uefi firmware","author":"Carlsbad","year":"2020"}],"event":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2023,5,21]]},"end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10179215\/10179280\/10179421.pdf?arnumber=10179421","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T05:13:46Z","timestamp":1721452426000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10179421\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":48,"URL":"https:\/\/doi.org\/10.1109\/sp46215.2023.10179421","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}