{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T16:22:39Z","timestamp":1759335759619,"version":"3.37.3"},"reference-count":70,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["1815883"],"award-info":[{"award-number":["1815883"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000028","name":"Semiconductor Research Corporation","doi-asserted-by":"publisher","award":["2018-TS-2846"],"award-info":[{"award-number":["2018-TS-2846"]}],"id":[{"id":"10.13039\/100000028","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2019]]},"DOI":"10.1109\/tse.2019.2939526","type":"journal-article","created":{"date-parts":[[2019,9,4]],"date-time":"2019-09-04T20:17:57Z","timestamp":1567628277000},"page":"1-1","source":"Crossref","is-referenced-by-count":9,"title":["ProXray: Protocol Model Learning and Guided Firmware Analysis"],"prefix":"10.1109","author":[{"given":"Farhaan","family":"Fowze","sequence":"first","affiliation":[]},{"given":"Dave Jing","family":"Tian","sequence":"additional","affiliation":[]},{"given":"Grant","family":"Hernandez","sequence":"additional","affiliation":[]},{"given":"Kevin","family":"Butler","sequence":"additional","affiliation":[]},{"given":"Tuba","family":"Yavuz","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106303"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3092282.3092289"},{"key":"ref38","article-title":"Automated reverse engineering using lego&#x00AE;","author":"chalupar","year":"2014","journal-title":"Proc 8th USENIX Workshop Offensive Technol"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2013.60"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-16573-3_14"},{"year":"2015","key":"ref31","article-title":"The EzHID Firmware Project"},{"year":"0","key":"ref30","article-title":"The reference manual for the kquery language"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866355"},{"key":"ref36","first-page":"193","article-title":"Protocol state fuzzing of TLS implementations","author":"de ruiter","year":"2015","journal-title":"Proc 24th USENIX Secur Symp"},{"key":"ref35","first-page":"454","author":"fiter?u-bro?tean","year":"2016","journal-title":"Combining Model Learning and Model Checking to Analyze TCP Implementations"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/s00165-016-0355-5"},{"key":"ref60","article-title":"Automated whitebox fuzz testing","author":"godefroid","year":"2008","journal-title":"Proc Symp Netw Distrib Syst Security"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635872"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2509136.2509553"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2584063"},{"year":"2017","key":"ref28","article-title":"Bluetooth mesh networking specifications"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/1831708.1831733"},{"year":"2014","key":"ref27","article-title":"Bluetooth core specification version 4.2"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/2522920.2522925"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491438"},{"year":"2016","key":"ref29","article-title":"Bluetooth core specification version 5.0"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491425"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786841"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49122-5_16"},{"year":"0","key":"ref2","article-title":"Mirai (malware)."},{"year":"2018","key":"ref1","article-title":"State of the IoT 2018: Number of IoT devices now at 7B Market accelerating"},{"article-title":"Msp430 usb developers package","year":"2017","author":"instruments","key":"ref20"},{"article-title":"BTStack.","year":"2019","author":"ringwald","key":"ref22"},{"journal-title":"Decision Procedures - An Algorithmic Point of View Second Edition","year":"2016","author":"kroening","key":"ref21"},{"year":"2000","key":"ref24","article-title":"Universal serial bus specification, revision 2.0"},{"key":"ref23","article-title":"Phison 2251&#x2013;03 (2303) custom firmware & existing firmware patches (BadUSB)","volume":"26","author":"caudill","year":"2014","journal-title":"Github"},{"year":"2015","key":"ref26","article-title":"USB Class Codes"},{"year":"2008","key":"ref25","article-title":"Universal serial bus 3.0 specification"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2001.919092"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/378795.378846"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_27"},{"key":"ref58","first-page":"8","article-title":"Symbolic execution for bios security","author":"bazhaniuk","year":"2015","journal-title":"Proc 9th USENIX Conf Offensive Technol"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.72"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884856"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491458"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393664"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2003.1201203"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/193173.195281"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/IPSN.2008.62"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053038"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134050"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2003.1183929"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2967606"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/1081706.1081750"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/11537328_2"},{"key":"ref18","first-page":"209","article-title":"Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs","author":"cadar","year":"2008","journal-title":"Proc 8th USENIX Conf Operating Syst Des Implementation"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"year":"2018","key":"ref4","article-title":"Unusual Devices"},{"article-title":"Bluetooth core specification version 5.0","year":"2016","author":"bluetooth","key":"ref3"},{"year":"2017","key":"ref6","article-title":"BlueBorne"},{"year":"2018","key":"ref5","article-title":"Found Linux kernel USB bugs"},{"article-title":"BadUSB&#x2013;On accessories that turn evil","year":"2014","author":"nohl","key":"ref8"},{"year":"2018","key":"ref7","article-title":"BleedingBit"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/337180.337234"},{"key":"ref9","first-page":"463","article-title":"FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution","author":"davidson","year":"2013","journal-title":"Proc 22nd USENIX Secur Symp"},{"article-title":"ProVerif: Cryptographic protocol verifier in the formal model","year":"2010","author":"blanchet","key":"ref46"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00037"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/1134285.1134313"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/302405.302465"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/ISSS.1998.730610"},{"key":"ref41","article-title":"MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery","author":"cho","year":"2011","journal-title":"20th USENIX Security Symp"},{"year":"2016","key":"ref44","article-title":"Universal serial bus Type-C authentication specification, revision 1.0"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134630"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/4359463\/08823941.pdf?arnumber=8823941","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T14:50:11Z","timestamp":1652194211000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8823941\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"references-count":70,"URL":"https:\/\/doi.org\/10.1109\/tse.2019.2939526","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"type":"print","value":"0098-5589"},{"type":"electronic","value":"1939-3520"},{"type":"electronic","value":"2326-3881"}],"subject":[],"published":{"date-parts":[[2019]]}}}