{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T13:01:43Z","timestamp":1777899703452,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,7,18]],"date-time":"2022-07-18T00:00:00Z","timestamp":1658102400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,7,18]]},"DOI":"10.1145\/3533767.3534366","type":"proceedings-article","created":{"date-parts":[[2022,7,15]],"date-time":"2022-07-15T14:28:50Z","timestamp":1657895330000},"page":"442-454","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":47,"title":["A large-scale empirical analysis of the vulnerabilities introduced by third-party components in IoT firmware"],"prefix":"10.1145","author":[{"given":"Binbin","family":"Zhao","sequence":"first","affiliation":[{"name":"Zhejiang University, China \/ Georgia Institute of Technology, USA"}]},{"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[{"name":"Zhejiang University, China"}]},{"given":"Jiacheng","family":"Xu","sequence":"additional","affiliation":[{"name":"Zhejiang University, China"}]},{"given":"Yuan","family":"Tian","sequence":"additional","affiliation":[{"name":"University of Virginia, USA"}]},{"given":"Qiuyang","family":"Wei","sequence":"additional","affiliation":[{"name":"Zhejiang University, China"}]},{"given":"Qinying","family":"Wang","sequence":"additional","affiliation":[{"name":"Zhejiang University, China"}]},{"given":"Chenyang","family":"Lyu","sequence":"additional","affiliation":[{"name":"Zhejiang University, China"}]},{"given":"Xuhong","family":"Zhang","sequence":"additional","affiliation":[{"name":"Zhejiang University, China"}]},{"given":"Changting","family":"Lin","sequence":"additional","affiliation":[{"name":"Zhejiang University, China"}]},{"given":"Jingzheng","family":"Wu","sequence":"additional","affiliation":[{"name":"Institute of Software at Chinese Academy of Sciences, China"}]},{"given":"Raheem","family":"Beyah","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,7,18]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2015. Sasquatch. https:\/\/github.com\/devttys0\/sasquatch\/ \t\t\t\t\t  2015. Sasquatch. https:\/\/github.com\/devttys0\/sasquatch\/"},{"key":"e_1_3_2_1_2_1","unstructured":"2016. yaffshiv. https:\/\/github.com\/devttys0\/yaffshiv \t\t\t\t\t  2016. yaffshiv. https:\/\/github.com\/devttys0\/yaffshiv"},{"key":"e_1_3_2_1_3_1","unstructured":"2022. Binary Analysis Next Generation (BANG). https:\/\/github.com\/armijnhemel\/binaryanalysis-ng \t\t\t\t\t  2022. Binary Analysis Next Generation (BANG). https:\/\/github.com\/armijnhemel\/binaryanalysis-ng"},{"key":"e_1_3_2_1_4_1","unstructured":"2022. BusyBox. https:\/\/busybox.net\/ \t\t\t\t\t  2022. BusyBox. https:\/\/busybox.net\/"},{"key":"e_1_3_2_1_5_1","unstructured":"2022. Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/ \t\t\t\t\t  2022. Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/"},{"key":"e_1_3_2_1_6_1","unstructured":"2022. CVE Details. https:\/\/www.cvedetails.com\/ \t\t\t\t\t  2022. CVE Details. https:\/\/www.cvedetails.com\/"},{"key":"e_1_3_2_1_7_1","unstructured":"2022. CVE-search. https:\/\/github.com\/cve-search\/cve-search \t\t\t\t\t  2022. CVE-search. https:\/\/github.com\/cve-search\/cve-search"},{"key":"e_1_3_2_1_8_1","unstructured":"2022. CVSS: Common Vulnerability Scoring System SIG. https:\/\/www.first.org\/cvss\/ \t\t\t\t\t  2022. CVSS: Common Vulnerability Scoring System SIG. https:\/\/www.first.org\/cvss\/"},{"key":"e_1_3_2_1_9_1","unstructured":"2022. Cyclomatic Complexity. https:\/\/en.wikipedia.org\/wiki\/Cyclomatic_complexity \t\t\t\t\t  2022. Cyclomatic Complexity. https:\/\/en.wikipedia.org\/wiki\/Cyclomatic_complexity"},{"key":"e_1_3_2_1_10_1","unstructured":"2022. Edit Distance. https:\/\/en.wikipedia.org\/wiki\/Edit_distance \t\t\t\t\t  2022. Edit Distance. https:\/\/en.wikipedia.org\/wiki\/Edit_distance"},{"key":"e_1_3_2_1_11_1","unstructured":"2022. JFFS2 filesystem extraction tool. https:\/\/github.com\/sviehb\/jefferson \t\t\t\t\t  2022. JFFS2 filesystem extraction tool. https:\/\/github.com\/sviehb\/jefferson"},{"key":"e_1_3_2_1_12_1","unstructured":"2022. Maven Repository. https:\/\/mvnrepository.com\/ \t\t\t\t\t  2022. Maven Repository. https:\/\/mvnrepository.com\/"},{"key":"e_1_3_2_1_13_1","unstructured":"2022. NATIONAL VULNERABILITY DATABASE. https:\/\/nvd.nist.gov\/ \t\t\t\t\t  2022. NATIONAL VULNERABILITY DATABASE. https:\/\/nvd.nist.gov\/"},{"key":"e_1_3_2_1_14_1","unstructured":"2022. OpenSSL. https:\/\/www.openssl.org\/ \t\t\t\t\t  2022. OpenSSL. https:\/\/www.openssl.org\/"},{"key":"e_1_3_2_1_15_1","unstructured":"2022. Shellshock. https:\/\/en.wikipedia.org\/wiki\/Shellshock_(software_bug) \t\t\t\t\t  2022. Shellshock. https:\/\/en.wikipedia.org\/wiki\/Shellshock_(software_bug)"},{"key":"e_1_3_2_1_16_1","unstructured":"2022. Shodan. https:\/\/www.shodan.io\/ \t\t\t\t\t  2022. Shodan. https:\/\/www.shodan.io\/"},{"key":"e_1_3_2_1_17_1","unstructured":"National Security Agency. 2019. GHIDRA. https:\/\/github.com\/NationalSecurityAgency\/ghidra \t\t\t\t\t  National Security Agency. 2019. GHIDRA. https:\/\/github.com\/NationalSecurityAgency\/ghidra"},{"key":"e_1_3_2_1_18_1","volume-title":"Understanding the Mirai Botnet. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis , Tim April , Michael Bailey , Matt Bernhard , Elie Bursztein , Jaime Cochran , Zakir Durumeric , J. Alex Halderman , Luca Invernizzi , Michalis Kallitsis , Deepak Kumar , Chaz Lever , Zane Ma , Joshua Mason , Damian Menscher , Chad Seaman , Nick Sullivan , Kurt Thomas , and Yi Zhou . 2017 . Understanding the Mirai Botnet. In 26th USENIX Security Symposium, USENIX Security 2017 , Vancouver, BC, Canada , August 16-18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 1093\u20131110. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 1093\u20131110. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"e_1_3_2_1_20_1","volume-title":"2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET \u201909","author":"Bayer Ulrich","year":"2009","unstructured":"Ulrich Bayer , Imam Habibi , Davide Balzarotti , and Engin Kirda . 2009 . A View on Current Malware Behaviors . In 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET \u201909 , Boston, MA, USA , April 21, 2009, Wenke Lee (Ed.). USENIX Association. https:\/\/www.usenix.org\/conference\/leet-09\/view-current-malware-behaviors Ulrich Bayer, Imam Habibi, Davide Balzarotti, and Engin Kirda. 2009. A View on Current Malware Behaviors. In 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET \u201909, Boston, MA, USA, April 21, 2009, Wenke Lee (Ed.). USENIX Association. https:\/\/www.usenix.org\/conference\/leet-09\/view-current-malware-behaviors"},{"key":"e_1_3_2_1_21_1","unstructured":"Thomas Bittman Bob Gill Tim Zimmerman Ted Friedman Neil MacDonald and Karen Brown. 2021. Predicts 2022: The Distributed Enterprise Drives Computing to the Edge. https:\/\/www.gartner.com\/en\/documents\/4007176 \t\t\t\t\t  Thomas Bittman Bob Gill Tim Zimmerman Ted Friedman Neil MacDonald and Karen Brown. 2021. Predicts 2022: The Distributed Enterprise Drives Computing to the Edge. https:\/\/www.gartner.com\/en\/documents\/4007176"},{"key":"e_1_3_2_1_22_1","volume-title":"Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016","author":"Chen Daming D.","year":"2016","unstructured":"Daming D. Chen , Maverick Woo , David Brumley , and Manuel Egele . 2016 . Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016 , San Diego, California, USA , February 21-24, 2016. The Internet Society. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2017\/09\/towards-automated-dynamic-analysis-linux-based-embedded-firmware.pdf Daming D. Chen, Maverick Woo, David Brumley, and Manuel Egele. 2016. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016. The Internet Society. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2017\/09\/towards-automated-dynamic-analysis-linux-based-embedded-firmware.pdf"},{"key":"e_1_3_2_1_23_1","volume-title":"Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium, USENIX Security 2018","author":"Corteggiani Nassim","year":"2018","unstructured":"Nassim Corteggiani , Giovanni Camurati , and Aur\u00e9lien Francillon . 2018 . Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium, USENIX Security 2018 , Baltimore, MD, USA , August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 309\u2013326. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/corteggiani Nassim Corteggiani, Giovanni Camurati, and Aur\u00e9lien Francillon. 2018. Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 309\u2013326. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/corteggiani"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Costin Andrei","year":"2014","unstructured":"Andrei Costin , Jonas Zaddach , Aur\u00e9lien Francillon , and Davide Balzarotti . 2014 . A Large-Scale Analysis of the Security of Embedded Firmwares . In Proceedings of the 23rd USENIX Security Symposium , San Diego, CA, USA , August 20-22, 2014, Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 95\u2013110. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/costin Andrei Costin, Jonas Zaddach, Aur\u00e9lien Francillon, and Davide Balzarotti. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 95\u2013110. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/costin"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897900"},{"key":"e_1_3_2_1_26_1","unstructured":"Ang Cui. 2018. The Overlooked Problem of \u2018N-Day\u2019 Vulnerabilities. https:\/\/www.darkreading.com\/vulnerabilities\u2014threats\/the-overlooked-problem-of-n-day-vulnerabilities\/a\/d-id\/1331348 \t\t\t\t\t  Ang Cui. 2018. The Overlooked Problem of \u2018N-Day\u2019 Vulnerabilities. https:\/\/www.darkreading.com\/vulnerabilities\u2014threats\/the-overlooked-problem-of-n-day-vulnerabilities\/a\/d-id\/1331348"},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 33nd International Conference on Machine Learning, ICML","author":"Dai Hanjun","year":"2016","unstructured":"Hanjun Dai , Bo Dai , and Le Song . 2016. Discriminative Embeddings of Latent Variable Models for Structured Data . In Proceedings of the 33nd International Conference on Machine Learning, ICML 2016 , New York City, NY , USA, June 19-24, 2016, Maria-Florina Balcan and Kilian Q. Weinberger (Eds.) (JMLR Workshop and Conference Proceedings , Vol. 48). JMLR.org, 2702\u2013 2711 . http:\/\/proceedings.mlr.press\/v48\/daib16.html Hanjun Dai, Bo Dai, and Le Song. 2016. Discriminative Embeddings of Latent Variable Models for Structured Data. In Proceedings of the 33nd International Conference on Machine Learning, ICML 2016, New York City, NY, USA, June 19-24, 2016, Maria-Florina Balcan and Kilian Q. Weinberger (Eds.) (JMLR Workshop and Conference Proceedings, Vol. 48). JMLR.org, 2702\u20132711. http:\/\/proceedings.mlr.press\/v48\/daib16.html"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3177157"},{"key":"e_1_3_2_1_29_1","volume-title":"FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution. In 22nd USENIX Security Symposium (USENIX Security 13)","author":"Davidson Drew","year":"2013","unstructured":"Drew Davidson , Benjamin Moench , Thomas Ristenpart , and Somesh Jha . 2013 . FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution. In 22nd USENIX Security Symposium (USENIX Security 13) . USENIX Association, Washington, D.C.. 463\u2013478. isbn:978-1-93 1971-03-4 https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/paper\/davidson Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution. In 22nd USENIX Security Symposium (USENIX Security 13). USENIX Association, Washington, D.C.. 463\u2013478. isbn:978-1-931971-03-4 https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/paper\/davidson"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00003"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134048"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23185"},{"key":"e_1_3_2_1_34_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Feng Bo","year":"2020","unstructured":"Bo Feng , Alejandro Mera , and Long Lu . 2020 . P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling . In 29th USENIX Security Symposium (USENIX Security 20) . USENIX Association, 1237\u20131254. isbn:978-1-939133-17-5 https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/feng Bo Feng, Alejandro Mera, and Long Lu. 2020. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1237\u20131254. isbn:978-1-939133-17-5 https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/feng"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978370"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2013.01.010"},{"key":"e_1_3_2_1_37_1","unstructured":"Craig Heffner. 2022. Binwalk. https:\/\/github.com\/ReFirmLabs\/binwalk \t\t\t\t\t  Craig Heffner. 2022. Binwalk. https:\/\/github.com\/ReFirmLabs\/binwalk"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985441.1985453"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.201"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Martijn Koster Gary Illyes Henner Zeller and Lizzi Harvey. 2022. Robots Exclusion Protocol. https:\/\/datatracker.ietf.org\/doc\/html\/draft-koster-rep \t\t\t\t\t  Martijn Koster Gary Illyes Henner Zeller and Lizzi Harvey. 2022. Robots Exclusion Protocol. https:\/\/datatracker.ietf.org\/doc\/html\/draft-koster-rep","DOI":"10.17487\/RFC9309"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-014-9492-7"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678785"},{"key":"e_1_3_2_1_43_1","volume-title":"EMS: History-Driven Mutation for Coverage-based Fuzzing. In 29rd Annual Network and Distributed System Security Symposium, NDSS 2022","author":"Lyu Chenyang","year":"2022","unstructured":"Chenyang Lyu , Shouling Ji , Xuhong Zhang , Hong Liang , Binbin Zhao , Kangjie Lu , and Raheem Beyah . 2022 . EMS: History-Driven Mutation for Coverage-based Fuzzing. In 29rd Annual Network and Distributed System Security Symposium, NDSS 2022 , San Diego, California, USA , April 24-28, 2022. The Internet Society. https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2022-162-paper.pdf Chenyang Lyu, Shouling Ji, Xuhong Zhang, Hong Liang, Binbin Zhao, Kangjie Lu, and Raheem Beyah. 2022. EMS: History-Driven Mutation for Coverage-based Fuzzing. In 29rd Annual Network and Distributed System Security Symposium, NDSS 2022, San Diego, California, USA, April 24-28, 2022. The Internet Society. https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2022-162-paper.pdf"},{"key":"e_1_3_2_1_44_1","volume-title":"Avatar\u00b2: A Multi-target Orchestration Platform. In Workshop on Binary Analysis Research (BAR). http:\/\/s3.eurecom.fr\/docs\/bar18_muench.pdf","author":"Muench Marius","year":"2018","unstructured":"Marius Muench , Dario Nisi , Aurelien Francillon , and Davide Balzarotti . 2018 . Avatar\u00b2: A Multi-target Orchestration Platform. In Workshop on Binary Analysis Research (BAR). http:\/\/s3.eurecom.fr\/docs\/bar18_muench.pdf Marius Muench, Dario Nisi, Aurelien Francillon, and Davide Balzarotti. 2018. Avatar\u00b2: A Multi-target Orchestration Platform. In Workshop on Binary Analysis Research (BAR). http:\/\/s3.eurecom.fr\/docs\/bar18_muench.pdf"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427658"},{"key":"e_1_3_2_1_46_1","unstructured":"Ryan Paul. 2009. Cisco settles FSF GPL lawsuit appoints compliance officer. https:\/\/arstechnica.com\/information-technology\/2009\/05\/cisco-settles-fsf-gpl-lawsuit-appoints-compliance-officer\/ \t\t\t\t\t  Ryan Paul. 2009. Cisco settles FSF GPL lawsuit appoints compliance officer. https:\/\/arstechnica.com\/information-technology\/2009\/05\/cisco-settles-fsf-gpl-lawsuit-appoints-compliance-officer\/"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.49"},{"key":"e_1_3_2_1_48_1","volume-title":"Internet of Things with ESP8266","author":"Schwartz Marco","unstructured":"Marco Schwartz . 2016. Internet of Things with ESP8266 . Packt Publishing Ltd . Marco Schwartz. 2016. Internet of Things with ESP8266. Packt Publishing Ltd."},{"key":"e_1_3_2_1_49_1","volume-title":"Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In 22nd Annual Network and Distributed System Security Symposium, NDSS 2015","author":"Shoshitaishvili Yan","year":"2015","unstructured":"Yan Shoshitaishvili , Ruoyu Wang , Christophe Hauser , Christopher Kruegel , and Giovanni Vigna . 2015 . Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In 22nd Annual Network and Distributed System Security Symposium, NDSS 2015 , San Diego, California, USA , February 8-11, 2015. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2015\/firmalice-automatic-detection-authentication-bypass-vulnerabilities-binary-firmware Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2015. Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, February 8-11, 2015. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2015\/firmalice-automatic-detection-authentication-bypass-vulnerabilities-binary-firmware"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSEE.2012.373"},{"key":"e_1_3_2_1_52_1","unstructured":"Natali Tshuva. 2020. Third-Party IoT Vulnerabilities. https:\/\/www.darkreading.com\/iot\/third-party-iot-vulnerabilities-we-need-a-cybersecurity-paradigm-shift\/a\/d-id\/1338333 \t\t\t\t\t  Natali Tshuva. 2020. Third-Party IoT Vulnerabilities. https:\/\/www.darkreading.com\/iot\/third-party-iot-vulnerabilities-we-need-a-cybersecurity-paradigm-shift\/a\/d-id\/1338333"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICBDA.2018.8367682"},{"key":"e_1_3_2_1_54_1","volume-title":"MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols. In 30th USENIX Security Symposium, USENIX Security 2021","author":"Wang Qinying","year":"2021","unstructured":"Qinying Wang , Shouling Ji , Yuan Tian , Xuhong Zhang , Binbin Zhao , Yuhong Kan , Zhaowei Lin , Changting Lin , Shuiguang Deng , Alex X. Liu , and Raheem Beyah . 2021 . MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols. In 30th USENIX Security Symposium, USENIX Security 2021 , August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 4205\u20134222. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/wang-qinying Qinying Wang, Shouling Ji, Yuan Tian, Xuhong Zhang, Binbin Zhao, Yuhong Kan, Zhaowei Lin, Changting Lin, Shuiguang Deng, Alex X. Liu, and Raheem Beyah. 2021. MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 4205\u20134222. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/wang-qinying"},{"key":"e_1_3_2_1_55_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Xie Qinge","year":"2022","unstructured":"Qinge Xie , Shujun Tang , Xiaofeng Zheng , Qinran Lin , Baojun Liu , Haixin Duan , and Frank Li . 2022 . Building an Open, Robust, and Stable Voting-Based Domain Top List . In 31st USENIX Security Symposium (USENIX Security 22) . USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/xie Qinge Xie, Shujun Tang, Xiaofeng Zheng, Qinran Lin, Baojun Liu, Haixin Duan, and Frank Li. 2022. Building an Open, Robust, and Stable Voting-Based Domain Top List. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/xie"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00150"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330563"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.3037908"}],"event":{"name":"ISSTA '22: 31st ACM SIGSOFT International Symposium on Software Testing and Analysis","location":"Virtual South Korea","acronym":"ISSTA '22","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3533767.3534366","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3533767.3534366","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T18:43:40Z","timestamp":1750272220000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3533767.3534366"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,18]]},"references-count":60,"alternative-id":["10.1145\/3533767.3534366","10.1145\/3533767"],"URL":"https:\/\/doi.org\/10.1145\/3533767.3534366","relation":{},"subject":[],"published":{"date-parts":[[2022,7,18]]},"assertion":[{"value":"2022-07-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}