{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:52:47Z","timestamp":1772041967804,"version":"3.50.1"},"reference-count":62,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1936215"],"award-info":[{"award-number":["U1936215"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"State Key Laboratory of Computer Architecture","award":["CARCHA202001"],"award-info":[{"award-number":["CARCHA202001"]}]},{"name":"Central Universities"},{"name":"NSF","award":["2323105"],"award-info":[{"award-number":["2323105"]}]},{"name":"Meta Faculty Award"},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62102363"],"award-info":[{"award-number":["62102363"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072404"],"award-info":[{"award-number":["62072404"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004731","name":"Natural Science Foundation of Zhejiang Province","doi-asserted-by":"publisher","award":["LQ21F020010"],"award-info":[{"award-number":["LQ21F020010"]}],"id":[{"id":"10.13039\/501100004731","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Hangzhou Innovation Team","award":["TD2022011"],"award-info":[{"award-number":["TD2022011"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,5]]},"DOI":"10.1109\/tdsc.2023.3279846","type":"journal-article","created":{"date-parts":[[2023,5,25]],"date-time":"2023-05-25T18:03:46Z","timestamp":1685037826000},"page":"1372-1389","source":"Crossref","is-referenced-by-count":10,"title":["One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2025-1291","authenticated-orcid":false,"given":"Binbin","family":"Zhao","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4268-372X","authenticated-orcid":false,"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5201-1620","authenticated-orcid":false,"given":"Jiacheng","family":"Xu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6435-564X","authenticated-orcid":false,"given":"Yuan","family":"Tian","sequence":"additional","affiliation":[{"name":"Electrical and Computer Engineering, University of California, Los Angeles, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1622-213X","authenticated-orcid":false,"given":"Qiuyang","family":"Wei","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0010-0592","authenticated-orcid":false,"given":"Qinying","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3403-7050","authenticated-orcid":false,"given":"Chenyang","family":"Lyu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8571-9780","authenticated-orcid":false,"given":"Xuhong","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8918-6299","authenticated-orcid":false,"given":"Changting","family":"Lin","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5561-9829","authenticated-orcid":false,"given":"Jingzheng","family":"Wu","sequence":"additional","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9188-3464","authenticated-orcid":false,"given":"Raheem","family":"Beyah","sequence":"additional","affiliation":[{"name":"College of Engineering, Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2013.01.010"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-014-9492-7"},{"key":"ref3","article-title":"Predicts 2022: The distributed enterprise drives computing to the edge","author":"Bittman","year":"2021"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSEE.2012.373"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.3037908"},{"key":"ref6","first-page":"4205","article-title":"MPInspector: A systematic and automatic approach for evaluating the security of IoT messaging protocols","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Wang"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"ref8","first-page":"1","article-title":"A view on current malware behaviors","volume-title":"Proc. 2nd USENIX Workshop Large-Scale Exploits Emergent Threats","author":"Bayer"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.201"},{"key":"ref11","article-title":"BusyBox","year":"2022"},{"key":"ref12","article-title":"OpenSSL","year":"2022"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"ref15","first-page":"95","article-title":"A large-scale analysis of the security of embedded firmwares","volume-title":"Proc. 23rd USENIX Secur. Symp.","author":"Costin"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"ref18","first-page":"309","article-title":"Inception: System-wide security testing of real-world embedded systems software","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Corteggiani"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897900"},{"key":"ref20","first-page":"463","article-title":"FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution","volume-title":"Proc. 22nd USENIX Secur. Symp.","author":"Davidson"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3177157"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978370"},{"key":"ref23","first-page":"1237","article-title":"P2IM: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Feng"},{"key":"ref24","article-title":"The overlooked problem of \u2018n-day\u2019 vulnerabilities","author":"Cui","year":"2018"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ICBDA.2018.8367682"},{"key":"ref26","article-title":"Binwalk","author":"Heffner","year":"2022"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00003"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330563"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00150"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/1985441.1985453"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134048"},{"key":"ref33","article-title":"binar\u00e9 IoT firmware analysis and monitoring","year":"2022"},{"key":"ref34","article-title":"360 firmware total","year":"2022"},{"key":"ref35","article-title":"Alibaba IoT","year":"2022"},{"key":"ref36","article-title":"Scrapy, a fast and powerful scraping and web crawling framework","year":"2022"},{"key":"ref37","article-title":"Binary analysis next generation (BANG)","year":"2022"},{"key":"ref38","article-title":"Sasquatch","year":"2015"},{"key":"ref39","article-title":"JFFS2 filesystem extraction tool","year":"2022"},{"key":"ref40","article-title":"yaffshiv","year":"2016"},{"key":"ref41","article-title":"UBI reader","year":"2022"},{"key":"ref42","article-title":"Ghidra","author":"Agency","year":"2019"},{"key":"ref43","volume-title":"Internet of Things With ESP8266","author":"Schwartz","year":"2016"},{"key":"ref44","article-title":"Maven repository","year":"2022"},{"key":"ref45","article-title":"CVE-search","year":"2022"},{"key":"ref46","article-title":"Common vulnerabilities and exposures (CVE)","year":"2022"},{"key":"ref47","article-title":"National vulnerability database","year":"2022"},{"key":"ref48","article-title":"CVE details","year":"2022"},{"key":"ref49","article-title":"CVSS: Common vulnerability scoring system SIG","year":"2022"},{"key":"ref50","article-title":"Edit distance","year":"2022"},{"key":"ref51","first-page":"2702","article-title":"Discriminative embeddings of latent variable models for structured data","volume-title":"Proc. 33nd Int. Conf. Mach. Learn.","author":"Dai"},{"key":"ref52","article-title":"Cyclomatic complexity","year":"2022"},{"key":"ref53","article-title":"Shodan","year":"2022"},{"key":"ref54","article-title":"Cisco settles FSF GPL lawsuit, appoints compliance officer","author":"Paul","year":"2009"},{"key":"ref55","doi-asserted-by":"crossref","DOI":"10.17487\/RFC9309","article-title":"Robots exclusion protocol","author":"Koster","year":"2022"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23162"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678785"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427658"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.49"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23185"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2018.23017"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/8858\/10530496\/10135135-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10530496\/10135135.pdf?arnumber=10135135","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,15]],"date-time":"2024-05-15T17:47:26Z","timestamp":1715795246000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10135135\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5]]},"references-count":62,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3279846","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,5]]}}}