{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T18:43:32Z","timestamp":1780512212266,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":87,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,3,30]],"date-time":"2020-03-30T00:00:00Z","timestamp":1585526400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,3,30]]},"DOI":"10.1145\/3341105.3373930","type":"proceedings-article","created":{"date-parts":[[2020,3,29]],"date-time":"2020-03-29T12:13:52Z","timestamp":1585484032000},"page":"729-738","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["OVER"],"prefix":"10.1145","author":[{"given":"Vinay","family":"Sachidananda","sequence":"first","affiliation":[{"name":"Trustwave, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Suhas","family":"Bhairav","sequence":"additional","affiliation":[{"name":"iTrust - Singapore University of Technology and Design, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yuval","family":"Elovici","sequence":"additional","affiliation":[{"name":"Ben-Gurion University of the Negev, Beer-Sheva, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2020,3,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Static analysis. [n. d.]. IoT Analyzer. https:\/\/www.iotcube.net.  Static analysis. [n. d.]. IoT Analyzer. https:\/\/www.iotcube.net."},{"key":"e_1_3_2_1_2_1","unstructured":"Binwalk. [n. d.]. https:\/\/github.com\/ReFirmLabs\/binwalk.  Binwalk. [n. d.]. https:\/\/github.com\/ReFirmLabs\/binwalk."},{"key":"e_1_3_2_1_3_1","unstructured":"BitThunder. [n. d.]. https:\/\/github.com\/jameswalmsley\/bitthunder.  BitThunder. [n. d.]. https:\/\/github.com\/jameswalmsley\/bitthunder."},{"key":"e_1_3_2_1_4_1","unstructured":"CPPCheck. [n. d.]. http:\/\/cppcheck.sourceforge.net\/.  CPPCheck. [n. d.]. http:\/\/cppcheck.sourceforge.net\/."},{"key":"e_1_3_2_1_5_1","volume-title":"HICSS","author":"Desnos Anthony","year":"2012","unstructured":"Anthony Desnos . 2012 . Android: Static analysis using similarity distance . In HICSS , 2012 45th. IEEE, 5394--5403. Anthony Desnos. 2012. Android: Static analysis using similarity distance. In HICSS, 2012 45th. IEEE, 5394--5403."},{"key":"e_1_3_2_1_6_1","unstructured":"Andrei Costin et al. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares.. In USENIX Security. 95--110.  Andrei Costin et al. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares.. In USENIX Security. 95--110."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of Asia CCS. ACM, 437--448","author":"Andrei","unstructured":"Andrei Costin et al. 2016. Automated dynamic firmware analysis at scale: a case study on embedded web interfaces . In Proceedings of Asia CCS. ACM, 437--448 . Andrei Costin et al. 2016. Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In Proceedings of Asia CCS. ACM, 437--448."},{"key":"e_1_3_2_1_8_1","volume-title":"WF-IoT","author":"Amin","year":"2015","unstructured":"Amin Hassanzadeh et al. 2015. Towards effective security control assignment in the Industrial IoT . In WF-IoT , 2015 IEEE 2nd World Forum on. IEEE, 795--800. Amin Hassanzadeh et al. 2015. Towards effective security control assignment in the Industrial IoT. In WF-IoT, 2015 IEEE 2nd World Forum on. IEEE, 795--800."},{"key":"e_1_3_2_1_9_1","volume-title":"25th Annual Chaos Communication Congress.","author":"Alexander","unstructured":"Alexander Sotirov et al. 2008. MD5 considered harmful today, creating a rogue CA certificate . In 25th Annual Chaos Communication Congress. Alexander Sotirov et al. 2008. MD5 considered harmful today, creating a rogue CA certificate. In 25th Annual Chaos Communication Congress."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Anam Sajid et al. 2016. Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future challenges. IEEE Access (2016) 1375--1384.  Anam Sajid et al. 2016. Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future challenges. IEEE Access (2016) 1375--1384.","DOI":"10.1109\/ACCESS.2016.2549047"},{"key":"e_1_3_2_1_11_1","volume-title":"NCETACS, 2011 2nd National Conference on. IEEE, 1--6.","author":"Arijit","unstructured":"Arijit Ukil et al. 2011. Embedded security for Internet of Things . In NCETACS, 2011 2nd National Conference on. IEEE, 1--6. Arijit Ukil et al. 2011. Embedded security for Internet of Things. In NCETACS, 2011 2nd National Conference on. IEEE, 1--6."},{"key":"e_1_3_2_1_12_1","first-page":"76","article-title":"Static analysis for security","volume":"2","author":"Brian Chess","year":"2004","unstructured":"Brian Chess et al. 2004 . Static analysis for security . IEEE S&P 2 , 6 (2004), 76 -- 79 . Brian Chess et al. 2004. Static analysis for security. IEEE S&P 2, 6 (2004), 76--79.","journal-title":"IEEE S&P"},{"key":"e_1_3_2_1_13_1","volume-title":"DISCEX'00","volume":"2","author":"Crispin","unstructured":"Crispin Cowan et al. 2000. Buffer overflows: Attacks and defenses for the vulnerability of the decade . In DISCEX'00 . Proceedings , Vol. 2 . IEEE, 119--129. Crispin Cowan et al. 2000. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In DISCEX'00. Proceedings, Vol. 2. IEEE, 119--129."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Charalampos Doukas et al. 2012. Bringing IoT and cloud computing towards pervasive healthcare. In Proceeding of IMIS. IEEE 922--926.  Charalampos Doukas et al. 2012. Bringing IoT and cloud computing towards pervasive healthcare. In Proceeding of IMIS. IEEE 922--926.","DOI":"10.1109\/IMIS.2012.26"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Christian Scully et al. 2018. Router Security Penetration Testing in a Virtual Environment. In Information Technology-New Generations. Springer 119--124.  Christian Scully et al. 2018. Router Security Penetration Testing in a Virtual Environment. In Information Technology-New Generations. Springer 119--124.","DOI":"10.1007\/978-3-319-54978-1_16"},{"key":"e_1_3_2_1_16_1","unstructured":"Cedric Van Bockhaven etal 2014. Weak key cracking of Android applications. (2014).  Cedric Van Bockhaven et al. 2014. Weak key cracking of Android applications. (2014)."},{"key":"e_1_3_2_1_17_1","volume-title":"IEEE Symposium S&P. IEEE, 387--401","author":"Davide","unstructured":"Davide Balzarotti et al. 2008. Saner: Composing static and dynamic analysis to validate sanitization in web applications . In IEEE Symposium S&P. IEEE, 387--401 . Davide Balzarotti et al. 2008. Saner: Composing static and dynamic analysis to validate sanitization in web applications. In IEEE Symposium S&P. IEEE, 387--401."},{"key":"e_1_3_2_1_18_1","volume-title":"Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution.. In USENIX Security. 463--478.","author":"Drew Davidson","year":"2013","unstructured":"Drew Davidson et al. 2013 . FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution.. In USENIX Security. 463--478. Drew Davidson et al. 2013. FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution.. In USENIX Security. 463--478."},{"key":"e_1_3_2_1_19_1","unstructured":"Denise E Zheng etal 2015. Leveraging the internet of things for a more efficient and effective military. Rowman & Littlefield.  Denise E Zheng et al. 2015. Leveraging the internet of things for a more efficient and effective military. Rowman & Littlefield."},{"key":"e_1_3_2_1_20_1","volume-title":"MIPRO, 2017 40th International Convention on. IEEE, 1292--1297","author":"Dimitris","unstructured":"Dimitris Geneiatakis et al. 2017. Security and privacy issues for an IoT based smart home . In MIPRO, 2017 40th International Convention on. IEEE, 1292--1297 . Dimitris Geneiatakis et al. 2017. Security and privacy issues for an IoT based smart home. In MIPRO, 2017 40th International Convention on. IEEE, 1292--1297."},{"key":"e_1_3_2_1_21_1","volume-title":"ACM SIGSOFT Software Engineering Notes","volume":"31","author":"David","unstructured":"David Hovemeyer et al. 2005. Evaluating and tuning a static analysis to find null pointer bugs . In ACM SIGSOFT Software Engineering Notes , Vol. 31 . ACM, 13--19. David Hovemeyer et al. 2005. Evaluating and tuning a static analysis to find null pointer bugs. In ACM SIGSOFT Software Engineering Notes, Vol. 31. ACM, 13--19."},{"key":"e_1_3_2_1_22_1","first-page":"357","article-title":"MD5 To Be Considered Harmful Someday","volume":"2004","author":"Dan Kaminsky","year":"2004","unstructured":"Dan Kaminsky et al. 2004 . MD5 To Be Considered Harmful Someday . IACR Cryptology ePrint Archive 2004 (2004), 357 . Dan Kaminsky et al. 2004. MD5 To Be Considered Harmful Someday. IACR Cryptology ePrint Archive 2004 (2004), 357.","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Dimitrios Serpanos et al. 2018. Security Testing IoT Systems. In IoT Systems. Springer 77--89.  Dimitrios Serpanos et al. 2018. Security Testing IoT Systems. In IoT Systems. Springer 77--89.","DOI":"10.1007\/978-3-319-69715-4_7"},{"key":"e_1_3_2_1_24_1","volume-title":"IEEE Symposium S&P. IEEE, 156--168","author":"David","unstructured":"David Wagner et al. 2001. Intrusion detection via static analysis . In IEEE Symposium S&P. IEEE, 156--168 . David Wagner et al. 2001. Intrusion detection via static analysis. In IEEE Symposium S&P. IEEE, 156--168."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Earlence Fernandes et al. 2016. Security analysis of emerging smart home applications. In IEEE S&P. IEEE 636--654.  Earlence Fernandes et al. 2016. Security analysis of emerging smart home applications. In IEEE S&P. IEEE 636--654.","DOI":"10.1109\/SP.2016.44"},{"key":"e_1_3_2_1_26_1","volume-title":"Mobihealth, 2014 EAI 4th International Conference on. IEEE, 263--266","author":"Felipe","unstructured":"Felipe Fernandez et al. 2014. Opportunities and challenges of the Internet of Things for healthcare: Systems engineering perspective . In Mobihealth, 2014 EAI 4th International Conference on. IEEE, 263--266 . Felipe Fernandez et al. 2014. Opportunities and challenges of the Internet of Things for healthcare: Systems engineering perspective. In Mobihealth, 2014 EAI 4th International Conference on. IEEE, 263--266."},{"key":"e_1_3_2_1_27_1","volume-title":"COMPSACW","author":"George","year":"2011","unstructured":"George Chatzieleftheriou et al. 2011. Test-driving static analysis tools in search of C code vulnerabilities . In COMPSACW , 2011 IEEE 35th Annual. IEEE, 96--103. George Chatzieleftheriou et al. 2011. Test-driving static analysis tools in search of C code vulnerabilities. In COMPSACW, 2011 IEEE 35th Annual. IEEE, 96--103."},{"key":"e_1_3_2_1_28_1","volume-title":"SNPD","author":"Hongliang","year":"2016","unstructured":"Hongliang Liang et al. 2016. Understanding and detecting performance and security bugs in IOT OSes . In SNPD , 2016 ACIS. IEEE, 413--418. Hongliang Liang et al. 2016. Understanding and detecting performance and security bugs in IOT OSes. In SNPD, 2016 ACIS. IEEE, 413--418."},{"key":"e_1_3_2_1_29_1","volume-title":"ICITST 2009. International Conference for. IEEE, 1--8.","author":"Kasra","unstructured":"Kasra Amirtahmasebi et al. 2009. A survey of SQL injection defense mechanisms . In ICITST 2009. International Conference for. IEEE, 1--8. Kasra Amirtahmasebi et al. 2009. A survey of SQL injection defense mechanisms. In ICITST 2009. International Conference for. IEEE, 1--8."},{"key":"e_1_3_2_1_30_1","volume-title":"MALWARE, 2011 6th International Conference on. IEEE, 66--72","author":"Leonid","unstructured":"Leonid Batyuk et al. 2011. Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications . In MALWARE, 2011 6th International Conference on. IEEE, 66--72 . Leonid Batyuk et al. 2011. Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In MALWARE, 2011 6th International Conference on. IEEE, 66--72."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Mihai Christodorescu et al. 2006. Static analysis of executables to detect malicious patterns. Technical Report. DTIC Document.  Mihai Christodorescu et al. 2006. Static analysis of executables to detect malicious patterns. Technical Report. DTIC Document.","DOI":"10.21236\/ADA449067"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of ACM CCS. ACM, 73--84","author":"Manuel","unstructured":"Manuel Egele et al. 2013. An empirical study of cryptographic misuse in android applications . In Proceedings of ACM CCS. ACM, 73--84 . Manuel Egele et al. 2013. An empirical study of cryptographic misuse in android applications. In Proceedings of ACM CCS. ACM, 73--84."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.01.033"},{"key":"e_1_3_2_1_34_1","volume-title":"2017 International Conference on AE. 1--4.","author":"Matthias","unstructured":"Matthias Niedermaier et al. 2017. PropFuzz-An IT-security fuzzing framework for proprietary ICS protocols . In 2017 International Conference on AE. 1--4. Matthias Niedermaier et al. 2017. PropFuzz-An IT-security fuzzing framework for proprietary ICS protocols. In 2017 International Conference on AE. 1--4."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Nathaniel Ayewah et al. 2007. Using findbugs on production software. In Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion. ACM 805--806.  Nathaniel Ayewah et al. 2007. Using findbugs on production software. In Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion. ACM 805--806.","DOI":"10.1145\/1297846.1297897"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","unstructured":"Nathaniel Ayewah et al. 2008. Using static analysis to find bugs. IEEE software 25 5 (2008).  Nathaniel Ayewah et al. 2008. Using static analysis to find bugs. IEEE software 25 5 (2008).","DOI":"10.1109\/MS.2008.130"},{"key":"e_1_3_2_1_37_1","volume-title":"IEEE Symposium S&P. IEEE, 6-pp.","author":"Nenad","unstructured":"Nenad Jovanovic et al. 2006. Pixy: A static analysis tool for detecting web application vulnerabilities . In IEEE Symposium S&P. IEEE, 6-pp. Nenad Jovanovic et al. 2006. Pixy: A static analysis tool for detecting web application vulnerabilities. In IEEE Symposium S&P. IEEE, 6-pp."},{"key":"e_1_3_2_1_38_1","volume-title":"ISSRE 2004. 15th International Symposium on. IEEE, 245--256","author":"Nick","unstructured":"Nick Rutar et al. 2004. A comparison of bug finding tools for Java . In ISSRE 2004. 15th International Symposium on. IEEE, 245--256 . Nick Rutar et al. 2004. A comparison of bug finding tools for Java. In ISSRE 2004. 15th International Symposium on. IEEE, 245--256."},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the Sixth Australasian Conference on Computing Education-Volume 30","author":"Nghi","unstructured":"Nghi Truong et al. 2004. Static analysis of students' Java programs . In Proceedings of the Sixth Australasian Conference on Computing Education-Volume 30 . Australian Computer Society, Inc., 317--325. Nghi Truong et al. 2004. Static analysis of students' Java programs. In Proceedings of the Sixth Australasian Conference on Computing Education-Volume 30. Australian Computer Society, Inc., 317--325."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"P\u00e4r Emanuelsson et al. 2008. A comparative study of industrial static analysis tools. Electronic notes in theoretical computer science 217 (2008) 5--21.  P\u00e4r Emanuelsson et al. 2008. A comparative study of industrial static analysis tools. Electronic notes in theoretical computer science 217 (2008) 5--21.","DOI":"10.1016\/j.entcs.2008.06.039"},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of ICCCNT","author":"Puspendra","year":"2012","unstructured":"Puspendra Kumar et al. 2012. A survey on SQL injection attacks, detection and prevention techniques . In Proceedings of ICCCNT 2012 . IEEE, 1--5. Puspendra Kumar et al. 2012. A survey on SQL injection attacks, detection and prevention techniques. In Proceedings of ICCCNT 2012. IEEE, 1--5."},{"key":"e_1_3_2_1_42_1","first-page":"12","article-title":"Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis","volume":"2007","author":"Philipp Vogt","year":"2007","unstructured":"Philipp Vogt et al. 2007 . Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis .. In NDSS , Vol. 2007. 12 . Philipp Vogt et al. 2007. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis.. In NDSS, Vol. 2007. 12.","journal-title":"NDSS"},{"key":"e_1_3_2_1_43_1","volume-title":"SERE-C, 2012 IEEE Sixth International Conference on. IEEE, 45--46","author":"Ryan","unstructured":"Ryan Johnson et al. 2012. Analysis of android applications' permissions . In SERE-C, 2012 IEEE Sixth International Conference on. IEEE, 45--46 . Ryan Johnson et al. 2012. Analysis of android applications' permissions. In SERE-C, 2012 IEEE Sixth International Conference on. IEEE, 45--46."},{"key":"e_1_3_2_1_44_1","volume-title":"CIC, 2017 IEEE 3rd International Conference on. IEEE, 77--86","author":"Sriramulu","unstructured":"Sriramulu Bojjagani et al. 2017. VAPTAi: A Threat Model for Vulnerability Assessment and Penetration Testing of Android and iOS Mobile Banking Apps . In CIC, 2017 IEEE 3rd International Conference on. IEEE, 77--86 . Sriramulu Bojjagani et al. 2017. VAPTAi: A Threat Model for Vulnerability Assessment and Penetration Testing of Android and iOS Mobile Banking Apps. In CIC, 2017 IEEE 3rd International Conference on. IEEE, 77--86."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Sean Dieter Tebje Kelly etal 2013. Towards the implementation of IoT for environmental condition monitoring in homes. IEEE Sensors (2013) 3846--3853.  Sean Dieter Tebje Kelly et al. 2013. Towards the implementation of IoT for environmental condition monitoring in homes. IEEE Sensors (2013) 3846--3853.","DOI":"10.1109\/JSEN.2013.2263379"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Seokjun Hong et al. 2017. Developing Usable Interface for IoT Security Analysis Software. In HCI HAS. Springer 322--328.  Seokjun Hong et al. 2017. Developing Usable Interface for IoT Security Analysis Software. In HCI HAS. Springer 322--328.","DOI":"10.1007\/978-3-319-58460-7_22"},{"key":"e_1_3_2_1_47_1","volume-title":"WF-IoT","author":"Saleh","year":"2016","unstructured":"Saleh M Alnaeli et al. 2016. Vulnerable C\/C++ code usage in IoT software systems . In WF-IoT , 2016 IEEE 3rd World Forum on. IEEE, 348--352. Saleh M Alnaeli et al. 2016. Vulnerable C\/C++ code usage in IoT software systems. In WF-IoT, 2016 IEEE 3rd World Forum on. IEEE, 348--352."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1218063.1217943"},{"key":"e_1_3_2_1_49_1","volume-title":"International Symposium on Formal Methods. Springer, 589--592","author":"Tao","unstructured":"Tao Liu et al. 2015. Case study: static security analysis of the android goldfish kernel . In International Symposium on Formal Methods. Springer, 589--592 . Tao Liu et al. 2015. Case study: static security analysis of the android goldfish kernel. In International Symposium on Formal Methods. Springer, 589--592."},{"key":"e_1_3_2_1_50_1","volume-title":"Proceedings of the 14th ACM Workshop on Hot Topics in Networks. ACM, 5.","author":"Tianlong","unstructured":"Tianlong Yu et al. 2015. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the IoT . In Proceedings of the 14th ACM Workshop on Hot Topics in Networks. ACM, 5. Tianlong Yu et al. 2015. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the IoT. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks. ACM, 5."},{"key":"e_1_3_2_1_51_1","volume-title":"Usenix Security","volume":"2013","author":"Benjamin V","unstructured":"V Benjamin Livshits et al. 2005. Finding Security Vulnerabilities in Java Applications with Static Analysis .. In Usenix Security , Vol. 2013 . V Benjamin Livshits et al. 2005. Finding Security Vulnerabilities in Java Applications with Static Analysis.. In Usenix Security, Vol. 2013."},{"key":"e_1_3_2_1_52_1","volume-title":"Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy.. In NDSS.","author":"Afonso Vitor Monte","year":"2016","unstructured":"Vitor Monte Afonso 2016 . Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy.. In NDSS. Vitor Monte Afonso et al. 2016. Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy.. In NDSS."},{"key":"e_1_3_2_1_53_1","volume-title":"Proceedings of workshop on QoP. ACM, 1--5.","author":"Vadim","unstructured":"Vadim Okun et al. 2007. Effect of static analysis tools on software security: preliminary investigation . In Proceedings of workshop on QoP. ACM, 1--5. Vadim Okun et al. 2007. Effect of static analysis tools on software security: preliminary investigation. In Proceedings of workshop on QoP. ACM, 1--5."},{"key":"e_1_3_2_1_54_1","volume-title":"Proceedings of TrustCom. IEEE, 522--529","author":"Vinay","unstructured":"Vinay Sachidananda et al. 2019. PIT: A Probe Into Internet of Things by Comprehensive Security Analysis . In Proceedings of TrustCom. IEEE, 522--529 . Vinay Sachidananda et al. 2019. PIT: A Probe Into Internet of Things by Comprehensive Security Analysis. In Proceedings of TrustCom. IEEE, 522--529."},{"key":"e_1_3_2_1_55_1","volume-title":"Proceedings of the IEEE International Symposium on Secure Software Engineering","volume":"1","author":"William","unstructured":"William G Halfond et al. 2006. A classification of SQL-injection attacks and countermeasures . In Proceedings of the IEEE International Symposium on Secure Software Engineering , Vol. 1 . IEEE, 13--15. William G Halfond et al. 2006. A classification of SQL-injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering, Vol. 1. IEEE, 13--15."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"crossref","unstructured":"Xiaoyun Wang et al. 2005. Collision search attacks on SHA1.  Xiaoyun Wang et al. 2005. Collision search attacks on SHA1.","DOI":"10.1007\/11535218_1"},{"key":"e_1_3_2_1_57_1","volume-title":"Proceedings of SIGSOFT ESEC\/FSE. ACM, 576--587","author":"Yu","unstructured":"Yu Feng et al. 2014. Apposcopy: Semantics-based detection of android malware through static analysis . In Proceedings of SIGSOFT ESEC\/FSE. ACM, 576--587 . Yu Feng et al. 2014. Apposcopy: Semantics-based detection of android malware through static analysis. In Proceedings of SIGSOFT ESEC\/FSE. ACM, 576--587."},{"key":"e_1_3_2_1_58_1","volume-title":"Proceedings of WWW. ACM, 40--52","author":"Yao-Wen","unstructured":"Yao-Wen Huang et al. 2004. Securing web application code by static analysis and runtime protection . In Proceedings of WWW. ACM, 40--52 . Yao-Wen Huang et al. 2004. Securing web application code by static analysis and runtime protection. In Proceedings of WWW. ACM, 40--52."},{"key":"e_1_3_2_1_59_1","unstructured":"Zhen Ling et al. 2017. Security Vulnerabilities of IoT: A Case Study of the Smart Plug System. IEEE IoT Journal (2017).  Zhen Ling et al. 2017. Security Vulnerabilities of IoT: A Case Study of the Smart Plug System. IEEE IoT Journal (2017)."},{"key":"e_1_3_2_1_60_1","unstructured":"findsecbugs. [n. d.]. http:\/\/find-sec-bugs.github.io\/.  findsecbugs. [n. d.]. http:\/\/find-sec-bugs.github.io\/."},{"key":"e_1_3_2_1_61_1","unstructured":"Google. [n. d.]. Fuchsia Magenta. https:\/\/github.com\/fuchsia-mirror\/magenta-rs.  Google. [n. d.]. Fuchsia Magenta. https:\/\/github.com\/fuchsia-mirror\/magenta-rs."},{"key":"e_1_3_2_1_62_1","unstructured":"Visual Code Grepper. [n. d.]. https:\/\/github.com\/nccgroup\/VCG.  Visual Code Grepper. [n. d.]. https:\/\/github.com\/nccgroup\/VCG."},{"key":"e_1_3_2_1_63_1","first-page":"74","article-title":"A process for performing security code reviews","volume":"4","author":"Howard Michael A","year":"2006","unstructured":"Michael A Howard . 2006 . A process for performing security code reviews . IEEE S&P 4 , 4 (2006), 74 -- 79 . Michael A Howard. 2006. A process for performing security code reviews. IEEE S&P 4, 4 (2006), 74--79.","journal-title":"IEEE S&P"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"crossref","unstructured":"Dae il Jang etal 2017. A Design of IoT Protocol Fuzzer. In Advanced Multimedia and Ubiquitous Engineering. Springer 242--246.  Dae il Jang et al. 2017. A Design of IoT Protocol Fuzzer. In Advanced Multimedia and Ubiquitous Engineering. Springer 242--246.","DOI":"10.1007\/978-981-10-5041-1_41"},{"key":"e_1_3_2_1_65_1","unstructured":"Jefferson. [n. d.]. https:\/\/github.com\/sviehb\/jefferson.  Jefferson. [n. d.]. https:\/\/github.com\/sviehb\/jefferson."},{"key":"e_1_3_2_1_66_1","unstructured":"Chris Johnson. 2016. Securing the Participation of Safety-Critical SCADA Systems in the Industrial IoT. (2016).  Chris Johnson. 2016. Securing the Participation of Safety-Critical SCADA Systems in the Industrial IoT. (2016)."},{"key":"e_1_3_2_1_67_1","unstructured":"Lepton. [n. d.]. https:\/\/github.com\/lepton-distribution\/lepton.  Lepton. [n. d.]. https:\/\/github.com\/lepton-distribution\/lepton."},{"key":"e_1_3_2_1_68_1","unstructured":"MobSF. [n. d.]. https:\/\/github.com\/MobSF\/Mobile-Security-Framework-MobSF.  MobSF. [n. d.]. https:\/\/github.com\/MobSF\/Mobile-Security-Framework-MobSF."},{"key":"e_1_3_2_1_69_1","unstructured":"MySQL. [n. d.]. https:\/\/www.mysql.com\/.  MySQL. [n. d.]. https:\/\/www.mysql.com\/."},{"key":"e_1_3_2_1_70_1","unstructured":"Nano-RK. [n.d.]. http:\/\/nanork.org\/projects\/nanork\/wiki.  Nano-RK. [n.d.]. http:\/\/nanork.org\/projects\/nanork\/wiki."},{"key":"e_1_3_2_1_71_1","unstructured":"NVD. [n. d.]. https:\/\/nvd.nist.gov\/.  NVD. [n. d.]. https:\/\/nvd.nist.gov\/."},{"key":"e_1_3_2_1_72_1","unstructured":"Arm Mbed OS. [n. d.]. https:\/\/www.mbed.com\/en\/platform\/mbed-os\/.  Arm Mbed OS. [n. d.]. https:\/\/www.mbed.com\/en\/platform\/mbed-os\/."},{"key":"e_1_3_2_1_73_1","unstructured":"OWASP. [n. d.]. https:\/\/www.owasp.org.  OWASP. [n. d.]. https:\/\/www.owasp.org."},{"key":"e_1_3_2_1_74_1","unstructured":"PMD. [n. d.]. https:\/\/pmd.github.io\/.  PMD. [n. d.]. https:\/\/pmd.github.io\/."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.23919\/MIPRO.2017.7973614"},{"key":"e_1_3_2_1_76_1","volume-title":"IoT for Sports (IoTSport): an architectural framework for sports and recreational activity","author":"Ray Partha Pratim","year":"2015","unstructured":"Partha Pratim Ray . 2015. IoT for Sports (IoTSport): an architectural framework for sports and recreational activity . Proceeding of IEEE EESCO ( 2015 ), 79--83. Partha Pratim Ray. 2015. IoT for Sports (IoTSport): an architectural framework for sports and recreational activity. Proceeding of IEEE EESCO (2015), 79--83."},{"key":"e_1_3_2_1_77_1","unstructured":"UBI Reader. [n. d.]. https:\/\/github.com\/jrspruitt.  UBI Reader. [n. d.]. https:\/\/github.com\/jrspruitt."},{"key":"e_1_3_2_1_78_1","unstructured":"Free RTOS. [n. d.]. https:\/\/www.freertos.org\/.  Free RTOS. [n. d.]. https:\/\/www.freertos.org\/."},{"key":"e_1_3_2_1_79_1","unstructured":"SHA1. [n. d.]. https:\/\/jokester.io\/post\/2017-02\/sha1-collision-and-apk-signing\/.  SHA1. [n. d.]. https:\/\/jokester.io\/post\/2017-02\/sha1-collision-and-apk-signing\/."},{"key":"e_1_3_2_1_80_1","unstructured":"MKS Software. [n. d.]. CPIO Archive. https:\/\/www.mkssoftware.com.  MKS Software. [n. d.]. CPIO Archive. https:\/\/www.mkssoftware.com."},{"key":"e_1_3_2_1_81_1","unstructured":"Cert Coding Standards. [n. d.]. https:\/\/www.sei.cmu.edu\/downloads\/sei-cert-c-coding-standard-2016-v01.pdf.  Cert Coding Standards. [n. d.]. https:\/\/www.sei.cmu.edu\/downloads\/sei-cert-c-coding-standard-2016-v01.pdf."},{"key":"e_1_3_2_1_82_1","unstructured":"TinyOS. [n. d.]. https:\/\/www.github.com\/tinyos\/tinyos-release.  TinyOS. [n. d.]. https:\/\/www.github.com\/tinyos\/tinyos-release."},{"key":"e_1_3_2_1_83_1","unstructured":"Binary Analysis Tool. [n. d.]. http:\/\/www.binaryanalysis.org\/.  Binary Analysis Tool. [n. d.]. http:\/\/www.binaryanalysis.org\/."},{"key":"e_1_3_2_1_84_1","unstructured":"uClinux. [n. d.]. http:\/\/www.uclinux.org\/.  uClinux. [n. d.]. http:\/\/www.uclinux.org\/."},{"key":"e_1_3_2_1_85_1","unstructured":"uKOS. [n. d.]. https:\/\/www.osrtos.com\/rtos\/ukos\/.  uKOS. [n. d.]. https:\/\/www.osrtos.com\/rtos\/ukos\/."},{"key":"e_1_3_2_1_86_1","unstructured":"uOS. [n. d.]. https:\/\/fallout.fandom.com\/wiki\/UnifiedOperatingSystem.  uOS. [n. d.]. https:\/\/fallout.fandom.com\/wiki\/UnifiedOperatingSystem."},{"key":"e_1_3_2_1_87_1","unstructured":"Yasca. [n. d.]. http:\/\/www.scovetta.com\/yasca.html.  Yasca. [n. d.]. http:\/\/www.scovetta.com\/yasca.html."}],"event":{"name":"SAC '20: The 35th ACM\/SIGAPP Symposium on Applied Computing","location":"Brno Czech Republic","acronym":"SAC '20","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"]},"container-title":["Proceedings of the 35th Annual ACM Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3341105.3373930","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3341105.3373930","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:38:29Z","timestamp":1750199909000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3341105.3373930"}},"subtitle":["overhauling vulnerability detection for iot through an adaptable and automated static analysis framework"],"short-title":[],"issued":{"date-parts":[[2020,3,30]]},"references-count":87,"alternative-id":["10.1145\/3341105.3373930","10.1145\/3341105"],"URL":"https:\/\/doi.org\/10.1145\/3341105.3373930","relation":{},"subject":[],"published":{"date-parts":[[2020,3,30]]},"assertion":[{"value":"2020-03-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}