{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T13:40:36Z","timestamp":1765546836842,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":70,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Natural Science Foundation of China","award":["Grant No.61872438"],"award-info":[{"award-number":["Grant No.61872438"]}]},{"name":"Fundamental Research Funds for the Central Universities","award":["(Zhejiang University NGICS Platform ZJUNGICS2021016 K20200019)"],"award-info":[{"award-number":["(Zhejiang University NGICS Platform ZJUNGICS2021016 K20200019)"]}]},{"name":"Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang","award":["No. 2018R01005"],"award-info":[{"award-number":["No. 2018R01005"]}]},{"name":"HK RGC Project","award":["No. PolyU 152239\/18E"],"award-info":[{"award-number":["No. PolyU 152239\/18E"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484753","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"734-748","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels"],"prefix":"10.1145","author":[{"given":"Muhui","family":"Jiang","sequence":"first","affiliation":[{"name":"The Hong Kong Polytechnic University & Zhejiang University, Hong Kong & Hangzhou, UNK, China"}]},{"given":"Lin","family":"Ma","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, UNK, China"}]},{"given":"Yajin","family":"Zhou","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, UNK, China"}]},{"given":"Qiang","family":"Liu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, UNK, China"}]},{"given":"Cen","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, UNK, Singapore"}]},{"given":"Zhi","family":"Wang","sequence":"additional","affiliation":[{"name":"Florida State University, Tallahassee, FL, USA"}]},{"given":"Xiapu","family":"Luo","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, UNK, China"}]},{"given":"Lei","family":"Wu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, UNK, China"}]},{"given":"Kui","family":"Ren","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, UNK, China"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"angr. https:\/\/angr.io\/."},{"key":"e_1_3_2_1_2_1","unstructured":"ARM Dual-Timer Module (SP804). https:\/\/developer.arm.com\/documentation\/ddi0271\/d\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Capstone. https:\/\/www.capstone-engine.org\/."},{"key":"e_1_3_2_1_4_1","unstructured":"CVE-2016--9793. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016--9793."},{"key":"e_1_3_2_1_5_1","unstructured":"CVE-2017--18344. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017--18344."},{"key":"e_1_3_2_1_6_1","unstructured":"ECMO Online Service. https:\/\/blocksecteam.org\/ecmo\/."},{"key":"e_1_3_2_1_7_1","unstructured":"IoT Devices Market. https:\/\/www.zionmarketresearch.com\/requestbrochure\/iot-devices-market."},{"key":"e_1_3_2_1_8_1","unstructured":"Linux Test Project. http:\/\/linux-test-project.github.io\/."},{"key":"e_1_3_2_1_9_1","unstructured":"Linux Test Project test case timer_create03. https:\/\/github.com\/linux-test-project\/ltp\/blob\/master\/testcases\/kernel\/syscalls\/timer_create\/timer_create03.c."},{"key":"e_1_3_2_1_10_1","unstructured":"LuaJIT. http:\/\/luajit.org\/luajit.html."},{"key":"e_1_3_2_1_11_1","unstructured":"LuaQEMU. https:\/\/github.com\/Comsecuris\/luaqemu."},{"key":"e_1_3_2_1_12_1","unstructured":"Netgear. https:\/\/www.netgear.com\/."},{"key":"e_1_3_2_1_13_1","unstructured":"OpenWRT. https:\/\/openwrt.org\/."},{"key":"e_1_3_2_1_14_1","unstructured":"PrimeCell Vectored Interrupt Controller (PL190). https:\/\/developer.arm.com\/documentation\/ddi0181\/e\/introduction\/about-the-vic."},{"key":"e_1_3_2_1_15_1","unstructured":"PrimeCell Vectored Interrupt Controller (PL190) Source Code. https:\/\/elixir.bootlin.com\/linux\/v3.18.20\/source\/drivers\/irqchip\/irq-vic.c#L445."},{"key":"e_1_3_2_1_16_1","unstructured":"QEMU. https:\/\/www.qemu.org\/."},{"key":"e_1_3_2_1_17_1","unstructured":"The Roadshow of ARM. https:\/\/group.softbank\/system\/files\/pdf\/ir\/presentations\/2019\/arm-roadshow-slides_q4fy2019_01_en.pdf."},{"key":"e_1_3_2_1_18_1","unstructured":"SMC91X Source Code. https:\/\/elixir.bootlin.com\/linux\/v3.18.20\/source\/drivers\/irqchip\/irq-vic.c#L445."},{"key":"e_1_3_2_1_19_1","unstructured":"SoC (System on a Chip). https:\/\/openwrt.org\/docs\/techref\/hardware\/soc."},{"key":"e_1_3_2_1_20_1","unstructured":"suterusu. https:\/\/github.com\/mncoppola\/suterusu."},{"key":"e_1_3_2_1_21_1","unstructured":"TriforceAFL. https:\/\/github.com\/nccgroup\/TriforceAFL."},{"key":"e_1_3_2_1_22_1","unstructured":"Vulnerability Statistics of Linux Kernel. https:\/\/www.cvedetails.com\/product\/47\/Linux-Linux-Kernel.html."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.11"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2010.39"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation.","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 29th USENIX Security Symposium.","author":"Clements Abraham A","year":"2020","unstructured":"Abraham A Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer. 2020. HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation. In Proceedings of the 29th USENIX Security Symposium."},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 27th USENIX Security Symposium.","author":"Corteggiani Nassim","year":"2018","unstructured":"Nassim Corteggiani, Giovanni Camurati, and Aur\u00e9lien Francillon. 2018. Inception: System-wide security testing of real-world embedded systems software. In Proceedings of the 27th USENIX Security Symposium."},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium.","author":"Costin Andrei","year":"2014","unstructured":"Andrei Costin, Jonas Zaddach, Aur\u00e9lien Francillon, and Davide Balzarotti. 2014. A Large Scale Analysis of the Security of Embedded Firmwares. In Proceedings of the 23rd USENIX Security Symposium."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation.","author":"Cui Weidong","year":"2018","unstructured":"Weidong Cui, Xinyang Ge, Baris Kasikci, Ben Niu, Upamanyu Sharma, Ruoyu Wang, and Insu Yun. 2018. REPT: Reverse Debugging of Failures in Deployed Software. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3177157"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3122817"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134048"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/1364385.1364403"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 29th USENIX Security Symposium.","author":"Feng Bo","year":"2019","unstructured":"Bo Feng, Alejandro Mera, and Long Lu. 2019. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling. In Proceedings of the 29th USENIX Security Symposium."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978370"},{"key":"e_1_3_2_1_39_1","volume-title":"Bridging the semantic gap in virtual machine introspection via online kernel data redirection. ACM Transactions on Information and System Security","author":"Fu Yangchun","year":"2013","unstructured":"Yangchun Fu and Zhiqiang Lin. 2013. Bridging the semantic gap in virtual machine introspection via online kernel data redirection. ACM Transactions on Information and System Security (2013)."},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the 2003 Annual Network and Distributed System Security Symposium.","author":"Garfinkel Tal","year":"2003","unstructured":"Tal Garfinkel, Mendel Rosenblum, et al. 2003. A virtual machine introspection based architecture for intrusion detection.. In Proceedings of the 2003 Annual Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/3489146.3489165"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02032-2_17"},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses.","author":"Gustafson Eric","year":"2019","unstructured":"Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Davide Balzarotti, Aur\u00e9lien Francillon, Yung Ryn Choe, Christophe Kruegel, and Giovanni Vigna. 2019. Toward the Analysis of Embedded Firmware through Automated Re-hosting. In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses."},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the 29th USENIX Security Symposium.","author":"Harrison Lee","year":"2020","unstructured":"Lee Harrison, Hayawardh Vijayakumar, Rohan Padhye, Koushik Sen, and Michael Grace. 2020. PARTEMU: Enabling dynamic analysis of real-world trustzone software using emulation. In Proceedings of the 29th USENIX Security Symposium."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134050"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397377"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_48_1","volume-title":"Stealthy malware detection and monitoring through VMM-based ?out-of-the-box\" semantic view reconstruction. ACM Transactions on Information and System Security","author":"Jiang Xuxian","year":"2010","unstructured":"Xuxian Jiang, Xinyuan Wang, and Dongyan Xu. 2010. Stealthy malware detection and monitoring through VMM-based ?out-of-the-box\" semantic view reconstruction. ACM Transactions on Information and System Security (2010)."},{"key":"e_1_3_2_1_49_1","volume-title":"Proceedings of the 30th USENIX Security Symposium.","author":"Johnson Evan","year":"2021","unstructured":"Evan Johnson, Maxwell Bland, YiFei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, and Kirill Levchenko. 2021. Jetset: Targeted Firmware Rehosting for Embedded Systems. In Proceedings of the 30th USENIX Security Symposium."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427294"},{"key":"e_1_3_2_1_51_1","volume-title":"Proceedings of the 13rd USENIX Workshop on Offensive Technologies (WOOT 19)","author":"Maier Dominik","year":"2019","unstructured":"Dominik Maier, Benedikt Radtke, and Bastian Harren. 2019. Unicorefuzz: On the viability of emulation for kernelspace fuzzing. In Proceedings of the 13rd USENIX Workshop on Offensive Technologies (WOOT 19)."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00018"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2018.23017"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00036"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_1"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519072"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1400097.1400108"},{"key":"e_1_3_2_1_59_1","volume-title":"Proceedings of the 26th USENIX Security Symposium.","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. 2017. kafl: Hardware-assisted feedback fuzzing for OS kernels. In Proceedings of the 26th USENIX Security Symposium."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_1_62_1","volume-title":"Proceedings of the 27th USENIX Security Symposium.","author":"Seyed Talebi Seyed Mohammadjavad","year":"2018","unstructured":"Seyed Mohammadjavad Seyed Talebi, Hamid Tavakoli, Hang Zhang, Zheng Zhang, Ardalan Amiri Sani, and Zhiyun Qian. 2018. Charm: Facilitating dynamic analysis of device drivers of mobile systems. In Proceedings of the 27th USENIX Security Symposium."},{"key":"e_1_3_2_1_63_1","volume-title":"Proceedings of the 28th USENIX Security Symposium.","author":"Wang Xueqiang","year":"2019","unstructured":"Xueqiang Wang, Yuqiong Sun, Susanta Nanda, and XiaoFeng Wang. 2019. Looking from the mirror: evaluating IoT device security through mobile companion apps. In Proceedings of the 28th USENIX Security Symposium."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_2"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2151024.2151053"},{"key":"e_1_3_2_1_67_1","volume-title":"Proceedings of the 21st USENIX Security Symposium.","author":"Yan Lok Kwong","year":"2012","unstructured":"Lok Kwong Yan and Heng Yin. 2012. Droidscope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In Proceedings of the 21st USENIX Security Symposium."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"e_1_3_2_1_70_1","volume-title":"Proceedings of the 28th USENIX Security Symposium.","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. 2019. FIRMAFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation. In Proceedings of the 28th USENIX Security Symposium."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Republic of Korea","acronym":"CCS '21"},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484753","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484753","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:49:15Z","timestamp":1763498955000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484753"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":70,"alternative-id":["10.1145\/3460120.3484753","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484753","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}