{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:39:35Z","timestamp":1772041175856,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T00:00:00Z","timestamp":1512345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,12,4]]},"DOI":"10.1145\/3134600.3134630","type":"proceedings-article","created":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T19:18:32Z","timestamp":1512415112000},"page":"528-541","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["Protecting Against Malicious Bits On the Wire"],"prefix":"10.1145","author":[{"given":"Peter C.","family":"Johnson","sequence":"first","affiliation":[{"name":"Middlebury College, Middlebury, Vermont"}]},{"given":"Sergey","family":"Bratus","sequence":"additional","affiliation":[{"name":"Dartmouth College, Hanover, New Hampshire"}]},{"given":"Sean W.","family":"Smith","sequence":"additional","affiliation":[{"name":"Dartmouth College, Hanover, New Hampshire"}]}],"member":"320","published-online":{"date-parts":[[2017,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Beagle usb 12 protocol analyzer.  Beagle usb 12 protocol analyzer."},{"key":"e_1_3_2_1_2_1","unstructured":"Teensy usb development board.  Teensy usb development board."},{"key":"e_1_3_2_1_3_1","unstructured":"CVE-2011-2295 2011.  CVE-2011-2295 2011."},{"key":"e_1_3_2_1_4_1","unstructured":"CVE-2012-3723 2012.  CVE-2012-3723 2012."},{"key":"e_1_3_2_1_5_1","unstructured":"CVE-2013-3200 2013.  CVE-2013-3200 2013."},{"key":"e_1_3_2_1_6_1","volume-title":"Tls heartbeat read overrun (cve-2014-0160)","author":"Openssl","year":"2014","unstructured":"Openssl security advisory : Tls heartbeat read overrun (cve-2014-0160) , 2014 . Openssl security advisory: Tls heartbeat read overrun (cve-2014-0160), 2014."},{"key":"e_1_3_2_1_7_1","volume-title":"Lessons learned from 50 bugs: Common USB driver vulnerabilities","author":"Andy Davis","year":"2013","unstructured":"Andy Davis . Lessons learned from 50 bugs: Common USB driver vulnerabilities . NCC Group publication, January 2013 . https:\/\/www.nccgroup.trust\/globalassets\/our-research\/uk\/whitepapers\/usb_driver_vulnerabilities_whitepaper_v2.pdf. Andy Davis. Lessons learned from 50 bugs: Common USB driver vulnerabilities. NCC Group publication, January 2013. https:\/\/www.nccgroup.trust\/globalassets\/our-research\/uk\/whitepapers\/usb_driver_vulnerabilities_whitepaper_v2.pdf."},{"key":"e_1_3_2_1_8_1","first-page":"397","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Angel S.","year":"2016","unstructured":"Angel , S. , Wahby , R. S. , Howald , M. , Leners , J. B. , Spilo , M. , Sun , Z. , Blumberg , A. J. , and Walfish , M . Defending against Malicious Peripherals with Cinch . In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX, Aug. 2016 ), pp. 397 -- 414 . Angel, S., Wahby, R. S., Howald, M., Leners, J. B., Spilo, M., Sun, Z., Blumberg, A. J., and Walfish, M. Defending against Malicious Peripherals with Cinch. In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX, Aug. 2016), pp. 397--414."},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 31st Chaos Communications Conference (31c3)","author":"Barisani A.","year":"2014","unstructured":"Barisani , A. Forging the USB armory . In Proceedings of the 31st Chaos Communications Conference (31c3) ( 2014 ). Barisani, A. Forging the USB armory. In Proceedings of the 31st Chaos Communications Conference (31c3) (2014)."},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the 14th Annual Network & Distributed System Security Symposium","author":"Borisov N.","year":"2007","unstructured":"Borisov , N. , Brumley , D. J. , Wang , H. J. , Dunagan , J. , Joshi , P. , and Guo , C . A Generic Application-Level Protocol Analyzer and its Language . In Proceedings of the 14th Annual Network & Distributed System Security Symposium ( 2007 ). Borisov, N., Brumley, D. J., Wang, H. J., Dunagan, J., Joshi, P., and Guo, C. A Generic Application-Level Protocol Analyzer and its Language. In Proceedings of the 14th Annual Network & Distributed System Security Symposium (2007)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1929529.1929536"},{"key":"e_1_3_2_1_12_1","volume-title":"Workshop on Embedded Systems Security (WESS 2012)","author":"Bratus S.","year":"2012","unstructured":"Bratus , S. , Goodspeed , T. , Johnson , P. C. , Smith , S. W. , and Speers , R . Perimeter-Crossing Buses: a New Attack Surface for Embedded Systems . In Workshop on Embedded Systems Security (WESS 2012) ( October 2012 ). Bratus, S., Goodspeed, T., Johnson, P. C., Smith, S. W., and Speers, R. Perimeter-Crossing Buses: a New Attack Surface for Embedded Systems. In Workshop on Embedded Systems Security (WESS 2012) (October 2012)."},{"key":"e_1_3_2_1_13_1","volume-title":"Usb avr fun","author":"Cook K.","year":"2012","unstructured":"Cook , K. Usb avr fun , 2012 . Cook, K. Usb avr fun, 2012."},{"key":"e_1_3_2_1_14_1","unstructured":"Corporation M. User mode driver framework.  Corporation M. User mode driver framework."},{"key":"e_1_3_2_1_15_1","volume-title":"Infiltrate","author":"David A.","year":"2012","unstructured":"David , A. Undermining Security Barriers -- further adventures with USB . Infiltrate , 2012 . David, A. Undermining Security Barriers -- further adventures with USB. Infiltrate, 2012."},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the BlackHat Technical Security Conference","author":"Davis A.","year":"2011","unstructured":"Davis , A. Usb : Undermining security barriers . In Proceedings of the BlackHat Technical Security Conference ( 2011 ). Davis, A. Usb: Undermining security barriers. In Proceedings of the BlackHat Technical Security Conference (2011)."},{"key":"e_1_3_2_1_17_1","volume-title":"The USB host security assessment tool. https:\/\/github.com\/nccgroup\/umap","author":"Davis A.","year":"2013","unstructured":"Davis , A. Umap , The USB host security assessment tool. https:\/\/github.com\/nccgroup\/umap , 2013 . Davis, A. Umap, The USB host security assessment tool. https:\/\/github.com\/nccgroup\/umap, 2013."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065046"},{"key":"e_1_3_2_1_19_1","volume-title":"June","author":"Goodspeed T.","year":"2012","unstructured":"Goodspeed , T. , and Bratus , S . Facedancer USB: Exploiting the Magic School Bus. RECON.cx Computer Security Conference , June 2012 . https:\/\/recon.cx\/2012\/schedule\/events\/237.en.html. Goodspeed, T., and Bratus, S. Facedancer USB: Exploiting the Magic School Bus. RECON.cx Computer Security Conference, June 2012. https:\/\/recon.cx\/2012\/schedule\/events\/237.en.html."},{"key":"e_1_3_2_1_20_1","volume-title":"April","author":"Ivanov A.","year":"2015","unstructured":"Ivanov , A. , Khudyakov , A. , Zhuravlev , M. , and Rubin , A . Darwin Nuke. https:\/\/securelist.com\/blog\/research\/69462\/darwin-nuke\/ , April 2015 . Ivanov, A., Khudyakov, A., Zhuravlev, M., and Rubin, A. Darwin Nuke. https:\/\/securelist.com\/blog\/research\/69462\/darwin-nuke\/, April 2015."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/512927.512938"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 8th Annual Workshop on Offensive Technologies (WOOT 2014)","author":"Maskiewicz J.","year":"2014","unstructured":"Maskiewicz , J. , Ellis , B. , Mouradian , J. , and Shacham , H . Mouse Trap: Exploiting Firmware Updates in USB Peripherals . In Proceedings of the 8th Annual Workshop on Offensive Technologies (WOOT 2014) ( 2014 ). Maskiewicz, J., Ellis, B., Mouradian, J., and Shacham, H. Mouse Trap: Exploiting Firmware Updates in USB Peripherals. In Proceedings of the 8th Annual Workshop on Offensive Technologies (WOOT 2014) (2014)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/347059.347563"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the USENIX","author":"McCanne S.","year":"1993","unstructured":"McCanne , S. , and Jacobson , V . The BSD Packet Filter: A New Architecture for User-level Packet Capture . In Proceedings of the USENIX Winter 1993 Conference (1993). McCanne, S., and Jacobson, V. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In Proceedings of the USENIX Winter 1993 Conference (1993)."},{"key":"e_1_3_2_1_26_1","first-page":"17","author":"Milner","year":"1978","unstructured":"Milner , R. A Theory of Type Polymorphism in Programming. Journal of Computer and System Science 17 ( 1978 ). Milner, R. A Theory of Type Polymorphism in Programming. Journal of Computer and System Science 17 (1978).","journal-title":"Journal of Computer and System Science"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254111"},{"key":"e_1_3_2_1_28_1","volume-title":"Second revision of NCC Group's python based USB host security assessment tool. https:\/\/github.com\/nccgroup\/umap2","author":"NCC Group and Cisco SAS team. Umap2","year":"2016","unstructured":"NCC Group and Cisco SAS team. Umap2 , Second revision of NCC Group's python based USB host security assessment tool. https:\/\/github.com\/nccgroup\/umap2 , 2016 . NCC Group and Cisco SAS team. Umap2, Second revision of NCC Group's python based USB host security assessment tool. https:\/\/github.com\/nccgroup\/umap2, 2016."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/560709"},{"key":"e_1_3_2_1_30_1","first-page":"49","volume":"7","author":"One","year":"1996","unstructured":"One , A. Smashing the Stack For Fun and Profit. Phrack 7 , 49 ( November 1996 ). One, A. Smashing the Stack For Fun and Profit. Phrack 7, 49 (November 1996).","journal-title":"Smashing the Stack For Fun and Profit. Phrack"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177119"},{"key":"e_1_3_2_1_32_1","volume-title":"V. Bro: A System for Detecting Network Intruders in Real-Time. In Proceedings of the 7th USENIX Security Symposium","author":"Paxson","year":"1998","unstructured":"Paxson , V. Bro: A System for Detecting Network Intruders in Real-Time. In Proceedings of the 7th USENIX Security Symposium ( 1998 ). Paxson, V. Bro: A System for Detecting Network Intruders in Real-Time. In Proceedings of the 7th USENIX Security Symposium (1998)."},{"key":"e_1_3_2_1_33_1","volume-title":"L. Hints for High-Assurance Cyber-Physical System Design. In Proceedings of IEEE Cybersecurity Development (SecDev) (November","author":"Pike","year":"2016","unstructured":"Pike , L. Hints for High-Assurance Cyber-Physical System Design. In Proceedings of IEEE Cybersecurity Development (SecDev) (November 2016 ), IEEE. Preprint available at http:\/\/www.cs.indiana.edu\/~lepike\/pub_pages\/sedev16.html. Pike, L. Hints for High-Assurance Cyber-Physical System Design. In Proceedings of IEEE Cybersecurity Development (SecDev) (November 2016), IEEE. Preprint available at http:\/\/www.cs.indiana.edu\/~lepike\/pub_pages\/sedev16.html."},{"key":"e_1_3_2_1_34_1","first-page":"68","volume":"12","author":"Redpantz","year":"2012","unstructured":"Redpantz . The Art of Exploitation: MS IIS 7.5 Remote Heap Overflow. Phrack 12 , 68 ( April 2012 ). Redpantz. The Art of Exploitation: MS IIS 7.5 Remote Heap Overflow. Phrack 12, 68 (April 2012).","journal-title":"Remote Heap Overflow. Phrack"},{"key":"e_1_3_2_1_35_1","first-page":"3","volume":"7","author":"Sassaman L.","year":"2013","unstructured":"Sassaman , L. , Patterson , M. L. , Bratus , S. , and Locasto , M. E. Security Applications of Formal Language Theory. IEEE Systems Journal 7 , 3 ( September 2013 ), 489--500. Sassaman, L., Patterson, M. L., Bratus, S., and Locasto, M. E. Security Applications of Formal Language Theory. IEEE Systems Journal 7, 3 (September 2013), 489--500.","journal-title":"Security Applications of Formal Language Theory. IEEE Systems Journal"},{"key":"e_1_3_2_1_36_1","volume-title":"Filebench: A flexible framework for file system benchmarking. USENIX","author":"Tarasov V.","year":"2016","unstructured":"Tarasov , V. , Zadok , E. , and Shepler , S . Filebench: A flexible framework for file system benchmarking. USENIX ; login: 41, 1 (Spring 2016 ). Tarasov, V., Zadok, E., and Shepler, S. Filebench: A flexible framework for file system benchmarking. USENIX; login: 41, 1 (Spring 2016)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818040"},{"key":"e_1_3_2_1_38_1","first-page":"415","volume-title":"Making USB Great Again with USBFILTER. In 25th USENIX Security Symposium (USENIX Security 16)","author":"Tian D. J.","year":"2016","unstructured":"Tian , D. J. , Scaife , N. , Bates , A. , Butler , K. , and Traynor , P . Making USB Great Again with USBFILTER. In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX, Aug. 2016 ), pp. 415 -- 430 . Tian, D. J., Scaife, N., Bates, A., Butler, K., and Traynor, P. Making USB Great Again with USBFILTER. In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX, Aug. 2016), pp. 415--430."},{"key":"e_1_3_2_1_39_1","volume-title":"8th USENIX Workshop on Offensive Technologies (WOOT) (August","author":"van Tonder R.","year":"2014","unstructured":"van Tonder , R. , and Engelbrecht , H . Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation . In 8th USENIX Workshop on Offensive Technologies (WOOT) (August 2014 ). van Tonder, R., and Engelbrecht, H. Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation. In 8th USENIX Workshop on Offensive Technologies (WOOT) (August 2014)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015489"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1929501.1929511"}],"event":{"name":"ACSAC 2017: 2017 Annual Computer Security Applications Conference","location":"Orlando FL USA","acronym":"ACSAC 2017"},"container-title":["Proceedings of the 33rd Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134630","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134600.3134630","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:11Z","timestamp":1750217411000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134630"}},"subtitle":["Automatically Generating a USB Protocol Parser for a Production Kernel"],"short-title":[],"issued":{"date-parts":[[2017,12,4]]},"references-count":41,"alternative-id":["10.1145\/3134600.3134630","10.1145\/3134600"],"URL":"https:\/\/doi.org\/10.1145\/3134600.3134630","relation":{},"subject":[],"published":{"date-parts":[[2017,12,4]]},"assertion":[{"value":"2017-12-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}