{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:17:20Z","timestamp":1750220240832,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,26]],"date-time":"2022-10-26T00:00:00Z","timestamp":1666742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"DARPA","award":["N6600120C4020"],"award-info":[{"award-number":["N6600120C4020"]}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["2118491, 2112471"],"award-info":[{"award-number":["2118491, 2112471"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"ONR","award":["N00014-17-1-299"],"award-info":[{"award-number":["N00014-17-1-299"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,26]]},"DOI":"10.1145\/3545948.3545957","type":"proceedings-article","created":{"date-parts":[[2022,10,17]],"date-time":"2022-10-17T11:21:49Z","timestamp":1666005709000},"page":"200-213","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["What You See is Not What You Get: Revealing Hidden Memory Mapping for Peripheral Modeling"],"prefix":"10.1145","author":[{"given":"Jun Yeon","family":"Won","sequence":"first","affiliation":[{"name":"The Ohio State University, United States of America"}]},{"given":"Haohuang","family":"Wen","sequence":"additional","affiliation":[{"name":"The Ohio State University, United States of America"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"The Ohio State University, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2022,10,26]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. Cortex-M3 Technical Reference Manual. https:\/\/developer.arm.com\/documentation\/ddi0337\/h\/.  [n.d.]. Cortex-M3 Technical Reference Manual. https:\/\/developer.arm.com\/documentation\/ddi0337\/h\/."},{"key":"e_1_3_2_1_2_1","unstructured":"[n.d.]. Cortex-M4 Technical Reference Manual. https:\/\/developer.arm.com\/documentation\/ddi0439\/b\/.  [n.d.]. Cortex-M4 Technical Reference Manual. https:\/\/developer.arm.com\/documentation\/ddi0439\/b\/."},{"key":"e_1_3_2_1_3_1","unstructured":"[n.d.]. DPPI - Distributed programmable peripheral interconnect. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Fps_nrf9160%2Fdppi.html.  [n.d.]. DPPI - Distributed programmable peripheral interconnect. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Fps_nrf9160%2Fdppi.html."},{"key":"e_1_3_2_1_4_1","unstructured":"[n.d.]. Kinetis K64F Sub-Family Data Sheet. https:\/\/www.nxp.com\/docs\/en\/data-sheet\/K64P144M120SF5.pdf.  [n.d.]. Kinetis K64F Sub-Family Data Sheet. https:\/\/www.nxp.com\/docs\/en\/data-sheet\/K64P144M120SF5.pdf."},{"key":"e_1_3_2_1_5_1","unstructured":"[n.d.]. MAX32600 Data Sheet. https:\/\/datasheets.maximintegrated.com\/en\/ds\/MAX32600.pdf.  [n.d.]. MAX32600 Data Sheet. https:\/\/datasheets.maximintegrated.com\/en\/ds\/MAX32600.pdf."},{"key":"e_1_3_2_1_6_1","unstructured":"[n.d.]. Nordic Clock Peripheral. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Fcom.nordic.infocenter.nrf52832.ps.v1.1%2Fclock.html&cp=4_2_0_18&anchor=frontpage_clock.  [n.d.]. Nordic Clock Peripheral. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Fcom.nordic.infocenter.nrf52832.ps.v1.1%2Fclock.html&cp=4_2_0_18&anchor=frontpage_clock."},{"key":"e_1_3_2_1_7_1","unstructured":"[n.d.]. Nordic NRF52811 Engineering A Errata 173. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Ferrata_nRF52811_EngA%2FERR%2FnRF52811%2FEngineeringA%2Flatest%2Fanomaly_811_173.html&resultof=%22%43%50%55%22%20%22%63%70%75%22%20%22%63%79%63%6c%65%22%20%22%63%79%63%6c%22%20.  [n.d.]. Nordic NRF52811 Engineering A Errata 173. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Ferrata_nRF52811_EngA%2FERR%2FnRF52811%2FEngineeringA%2Flatest%2Fanomaly_811_173.html&resultof=%22%43%50%55%22%20%22%63%70%75%22%20%22%63%79%63%6c%65%22%20%22%63%79%63%6c%22%20."},{"key":"e_1_3_2_1_8_1","unstructured":"[n.d.]. Nordic NRF52832. https:\/\/www.nordicsemi.com\/Products\/Low-power-short-range-wireless\/nRF52832.  [n.d.]. Nordic NRF52832. https:\/\/www.nordicsemi.com\/Products\/Low-power-short-range-wireless\/nRF52832."},{"key":"e_1_3_2_1_9_1","unstructured":"[n.d.]. Nordic NRF52832 GPIO peripheral documentation. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Fcom.nordic.infocenter.nrf52832.ps.v1.1%2Fgpio.html&cp=4_2_0_19&anchor=concept_zyt_tcb_lr.  [n.d.]. Nordic NRF52832 GPIO peripheral documentation. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Fcom.nordic.infocenter.nrf52832.ps.v1.1%2Fgpio.html&cp=4_2_0_19&anchor=concept_zyt_tcb_lr."},{"key":"e_1_3_2_1_10_1","unstructured":"[n.d.]. Nordic NRF52832 Memory Layout. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Fcom.nordic.infocenter.nrf52832.ps.v1.1%2Fmemory.html.  [n.d.]. Nordic NRF52832 Memory Layout. https:\/\/infocenter.nordicsemi.com\/index.jsp?topic=%2Fcom.nordic.infocenter.nrf52832.ps.v1.1%2Fmemory.html."},{"key":"e_1_3_2_1_11_1","unstructured":"[n.d.]. Nordic NRF52832 Product Specification v1.1. https:\/\/infocenter.nordicsemi.com\/pdf\/nRF52832_PS_v1.1.pdf.  [n.d.]. Nordic NRF52832 Product Specification v1.1. https:\/\/infocenter.nordicsemi.com\/pdf\/nRF52832_PS_v1.1.pdf."},{"key":"e_1_3_2_1_12_1","unstructured":"[n.d.]. Nordic semiconductor. https:\/\/www.nordicsemi.com.  [n.d.]. Nordic semiconductor. https:\/\/www.nordicsemi.com."},{"key":"e_1_3_2_1_13_1","unstructured":"[n.d.]. SAM R21E Data Sheet. http:\/\/ww1.microchip.com\/downloads\/en\/devicedoc\/sam-r21_datasheet.pdf.  [n.d.]. SAM R21E Data Sheet. http:\/\/ww1.microchip.com\/downloads\/en\/devicedoc\/sam-r21_datasheet.pdf."},{"key":"e_1_3_2_1_14_1","unstructured":"[n.d.]. SAM3X Series Data Sheet. https:\/\/ww1.microchip.com\/downloads\/en\/devicedoc\/atmel-11057-32-bit-cortex-m3-microcontroller-sam3x-sam3a_datasheet.pdf.  [n.d.]. SAM3X Series Data Sheet. https:\/\/ww1.microchip.com\/downloads\/en\/devicedoc\/atmel-11057-32-bit-cortex-m3-microcontroller-sam3x-sam3a_datasheet.pdf."},{"key":"e_1_3_2_1_15_1","unstructured":"[n.d.]. Segger J-Link. https:\/\/www.segger.com\/products\/debug-probes\/j-link\/.  [n.d.]. Segger J-Link. https:\/\/www.segger.com\/products\/debug-probes\/j-link\/."},{"key":"e_1_3_2_1_16_1","unstructured":"[n.d.]. Smart Autonomous 32-bit Microcontroller Peripherals Push the Boundaries of Ultra-Low-Power Embedded System Design. https:\/\/www.silabs.com\/documents\/public\/white-papers\/low-power-32-bit-microcontroller-dtm.pdf.  [n.d.]. Smart Autonomous 32-bit Microcontroller Peripherals Push the Boundaries of Ultra-Low-Power Embedded System Design. https:\/\/www.silabs.com\/documents\/public\/white-papers\/low-power-32-bit-microcontroller-dtm.pdf."},{"key":"e_1_3_2_1_17_1","unstructured":"[n.d.]. STMicroelectronics. https:\/\/www.st.com\/content\/st_com\/en.html.  [n.d.]. STMicroelectronics. https:\/\/www.st.com\/content\/st_com\/en.html."},{"key":"e_1_3_2_1_18_1","unstructured":"[n.d.]. STMicroelectronics st-link. https:\/\/www.st.com\/en\/development-tools\/st-link-v2.html.  [n.d.]. STMicroelectronics st-link. https:\/\/www.st.com\/en\/development-tools\/st-link-v2.html."},{"key":"e_1_3_2_1_19_1","unstructured":"[n.d.]. STMicroelectronics STM32F103. https:\/\/www.st.com\/en\/microcontrollers-microprocessors\/stm32f103rb.html.  [n.d.]. STMicroelectronics STM32F103. https:\/\/www.st.com\/en\/microcontrollers-microprocessors\/stm32f103rb.html."},{"key":"e_1_3_2_1_20_1","unstructured":"[n.d.]. STMicroelectronics STM32F103 reference manual. https:\/\/www.st.com\/resource\/en\/reference_manual\/cd00171190-stm32f101xx-stm32f102xx-stm32f103xx-stm32f105xx-and-stm32f107xx-advanced-arm-based-32-bit-mcus-stmicroelectronics.pdf.  [n.d.]. STMicroelectronics STM32F103 reference manual. https:\/\/www.st.com\/resource\/en\/reference_manual\/cd00171190-stm32f101xx-stm32f102xx-stm32f103xx-stm32f105xx-and-stm32f107xx-advanced-arm-based-32-bit-mcus-stmicroelectronics.pdf."},{"key":"e_1_3_2_1_21_1","unstructured":"[n.d.]. STMicroelectronics STM32F429. https:\/\/www.st.com\/en\/microcontrollers-microprocessors\/stm32f429-439.html.  [n.d.]. STMicroelectronics STM32F429. https:\/\/www.st.com\/en\/microcontrollers-microprocessors\/stm32f429-439.html."},{"key":"e_1_3_2_1_22_1","unstructured":"Lucas Apa and Carlos\u00a0Mario Penagos. 2013. Compromising industrial facilities from 40 miles away. IOActive Technical White Paper(2013).  Lucas Apa and Carlos\u00a0Mario Penagos. 2013. Compromising industrial facilities from 40 miles away. IOActive Technical White Paper(2013)."},{"key":"e_1_3_2_1_23_1","volume-title":"Hall Spoofing: A Non-Invasive DoS Attack on Grid-Tied Solar Inverter. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Barua Anomadarshi","year":"2020","unstructured":"Anomadarshi Barua and Mohammad\u00a0Abdullah Al\u00a0Faruque . 2020 . Hall Spoofing: A Non-Invasive DoS Attack on Grid-Tied Solar Inverter. In 29th USENIX Security Symposium (USENIX Security 20) . 1273\u20131290. Anomadarshi Barua and Mohammad\u00a0Abdullah Al\u00a0Faruque. 2020. Hall Spoofing: A Non-Invasive DoS Attack on Grid-Tied Solar Inverter. In 29th USENIX Security Symposium (USENIX Security 20). 1273\u20131290."},{"key":"e_1_3_2_1_24_1","unstructured":"Cristian Cadar Daniel Dunbar Dawson\u00a0R Engler 2008. Klee: unassisted and automatic generation of high-coverage tests for complex systems programs.. In OSDI Vol.\u00a08. 209\u2013224.  Cristian Cadar Daniel Dunbar Dawson\u00a0R Engler 2008. Klee: unassisted and automatic generation of high-coverage tests for complex systems programs.. In OSDI Vol.\u00a08. 209\u2013224."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427280"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Jiongyi Chen Wenrui Diao Qingchuan Zhao Chaoshun Zuo Zhiqiang Lin XiaoFeng Wang Wing\u00a0Cheong Lau Menghan Sun Ronghai Yang and Kehuan Zhang. 2018. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing.. In NDSS.  Jiongyi Chen Wenrui Diao Qingchuan Zhao Chaoshun Zuo Zhiqiang Lin XiaoFeng Wang Wing\u00a0Cheong Lau Menghan Sun Ronghai Yang and Kehuan Zhang. 2018. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing.. In NDSS.","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_27_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Chen Libo","year":"2021","unstructured":"Libo Chen , Yanhao Wang , Quanpu Cai , Yunfan Zhan , Hong Hu , Jiaqi Linghu , Qinsheng Hou , Chao Zhang , Haixin Duan , and Zhi Xue . 2021 . Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems . In 30th USENIX Security Symposium (USENIX Security 21) . Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, and Zhi Xue. 2021. Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems. In 30th USENIX Security Symposium (USENIX Security 21)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00052"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1961296.1950396"},{"key":"e_1_3_2_1_30_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Clements A","year":"2020","unstructured":"Abraham\u00a0 A Clements , Eric Gustafson , Tobias Scharnowski , Paul Grosen , David Fritz , Christopher Kruegel , Giovanni Vigna , Saurabh Bagchi , and Mathias Payer . 2020 . HALucinator: Firmware re-hosting through abstraction layer emulation . In 29th USENIX Security Symposium (USENIX Security 20) . 1201\u20131218. Abraham\u00a0A Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer. 2020. HALucinator: Firmware re-hosting through abstraction layer emulation. In 29th USENIX Security Symposium (USENIX Security 20). 1201\u20131218."},{"key":"e_1_3_2_1_31_1","volume-title":"22nd USENIX Security Symposium (USENIX Security 13)","author":"Davidson Drew","year":"2013","unstructured":"Drew Davidson , Benjamin Moench , Thomas Ristenpart , and Somesh Jha . 2013 . FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution . In 22nd USENIX Security Symposium (USENIX Security 13) . 463\u2013478. Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution. In 22nd USENIX Security Symposium (USENIX Security 13). 463\u2013478."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453093"},{"key":"e_1_3_2_1_33_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Feng Bo","year":"2020","unstructured":"Bo Feng , Alejandro Mera , and Long Lu . 2020 . P2IM: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling . In 29th USENIX Security Symposium (USENIX Security 20) . 1237\u20131254. Bo Feng, Alejandro Mera, and Long Lu. 2020. P2IM: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In 29th USENIX Security Symposium (USENIX Security 20). 1237\u20131254."},{"key":"e_1_3_2_1_34_1","volume-title":"Heuristics for integer programming using surrogate constraints. Decision sciences 8, 1","author":"Glover Fred","year":"1977","unstructured":"Fred Glover . 1977. Heuristics for integer programming using surrogate constraints. Decision sciences 8, 1 ( 1977 ), 156\u2013166. Fred Glover. 1977. Heuristics for integer programming using surrogate constraints. Decision sciences 8, 1 (1977), 156\u2013166."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134050"},{"key":"e_1_3_2_1_36_1","unstructured":"Hubert H\u00f6gl and Dominic Rath. 2006. Open on-chip debugger\u2013openocd\u2013. Fakultat fur Informatik Tech. Rep(2006).  Hubert H\u00f6gl and Dominic Rath. 2006. Open on-chip debugger\u2013openocd\u2013. Fakultat fur Informatik Tech. Rep(2006)."},{"key":"e_1_3_2_1_37_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Johnson Evan","year":"2021","unstructured":"Evan Johnson , Maxwell Bland , YiFei Zhu , Joshua Mason , Stephen Checkoway , Stefan Savage , and Kirill Levchenko . 2021 . Jetset: Targeted firmware rehosting for embedded systems . In 30th USENIX Security Symposium (USENIX Security 21) . Evan Johnson, Maxwell Bland, YiFei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, and Kirill Levchenko. 2021. Jetset: Targeted firmware rehosting for embedded systems. In 30th USENIX Security Symposium (USENIX Security 21)."},{"key":"e_1_3_2_1_38_1","unstructured":"S. Khandelwal. 2016-10-27. Friday\u2019s massive DDoS attack came from just 100 000 hacked IoT devices.http:\/\/thehackernews.com\/2016\/10\/ddos-attack-mirai-iot.html.  S. Khandelwal. 2016-10-27. Friday\u2019s massive DDoS attack came from just 100 000 hacked IoT devices.http:\/\/thehackernews.com\/2016\/10\/ddos-attack-mirai-iot.html."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427294"},{"key":"e_1_3_2_1_40_1","volume-title":"PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Kim Taegyu","year":"2021","unstructured":"Taegyu Kim , Vireshwar Kumar , Junghwan Rhee , Jizhou Chen , Kyungtae Kim , Chung\u00a0Hwan Kim , Dongyan Xu , and Dave\u00a0Jing Tian . 2021 . PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications. In 30th USENIX Security Symposium (USENIX Security 21) . Taegyu Kim, Vireshwar Kumar, Junghwan Rhee, Jizhou Chen, Kyungtae Kim, Chung\u00a0Hwan Kim, Dongyan Xu, and Dave\u00a0Jing Tian. 2021. PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications. In 30th USENIX Security Symposium (USENIX Security 21)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/996566.996771"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2004.52"},{"key":"e_1_3_2_1_43_1","unstructured":"D. Lee. 2018-05-24. Amazon Alexa heard and sent private chat.https:\/\/www.bbc.com\/news\/technology-44248122.  D. Lee. 2018-05-24. Amazon Alexa heard and sent private chat.https:\/\/www.bbc.com\/news\/technology-44248122."},{"key":"e_1_3_2_1_44_1","unstructured":"Wenqiang Li Le Guan Jingqiang Lin Jiameng Shi and Fengjun Li. 2021. From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware. arXiv preprint arXiv:2107.12867(2021).  Wenqiang Li Le Guan Jingqiang Lin Jiameng Shi and Fengjun Li. 2021. From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware. arXiv preprint arXiv:2107.12867(2021)."},{"key":"e_1_3_2_1_45_1","unstructured":"Knud\u00a0Lasse Lueth. 2020-11-19. State of the IoT 2020: 12 billion IoT connections surpassing non-IoT for the first time. https:\/\/iot-analytics.com\/state-of-the-iot-2020-12-billion-iot-connections-surpassing-non-iot-for-the-first-time\/.  Knud\u00a0Lasse Lueth. 2020-11-19. State of the IoT 2020: 12 billion IoT connections surpassing non-IoT for the first time. https:\/\/iot-analytics.com\/state-of-the-iot-2020-12-billion-iot-connections-surpassing-non-iot-for-the-first-time\/."},{"key":"e_1_3_2_1_46_1","volume-title":"DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis. In 2021 2021 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society","author":"Mera A.","year":"1938","unstructured":"A. Mera , B. Feng , L. Lu , E. Kirda , and W. Robertson . 2021 . DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis. In 2021 2021 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society , Los Alamitos, CA, USA , 1938 \u20131954. https:\/\/doi.org\/10.1109\/SP40001.2021.00018 10.1109\/SP40001.2021.00018 A. Mera, B. Feng, L. Lu, E. Kirda, and W. Robertson. 2021. DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis. In 2021 2021 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, Los Alamitos, CA, USA, 1938\u20131954. https:\/\/doi.org\/10.1109\/SP40001.2021.00018"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997469"},{"key":"e_1_3_2_1_48_1","volume-title":"Unicorn: Next generation cpu emulator framework. BlackHat USA 476(2015).","author":"Quynh N\u00a0Anh","year":"2015","unstructured":"NGUYE N\u00a0Anh Quynh and DAN G\u00a0Hoang Vu . 2015 . Unicorn: Next generation cpu emulator framework. BlackHat USA 476(2015). NGUYEN\u00a0Anh Quynh and DANG\u00a0Hoang Vu. 2015. Unicorn: Next generation cpu emulator framework. BlackHat USA 476(2015)."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015047.1015049"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00036"},{"key":"e_1_3_2_1_51_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Ruge Jan","year":"2020","unstructured":"Jan Ruge , Jiska Classen , Francesco Gringoli , and Matthias Hollick . 2020 . Frankenstein: Advanced wireless fuzzing to exploit new bluetooth escalation targets . In 29th USENIX Security Symposium (USENIX Security 20) . 19\u201336. Jan Ruge, Jiska Classen, Francesco Gringoli, and Matthias Hollick. 2020. Frankenstein: Advanced wireless fuzzing to exploit new bluetooth escalation targets. In 29th USENIX Security Symposium (USENIX Security 20). 19\u201336."},{"key":"e_1_3_2_1_52_1","volume-title":"Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Scharnowski Tobias","year":"2022","unstructured":"Tobias Scharnowski , Nils Bars , Moritz Schloegel , Eric Gustafson , Marius Muench , Giovanni Vigna , Christopher Kruegel , Thorsten Holz , and Ali Abbasi . 2022 . Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22) . USENIX Association, Boston, MA. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/scharnowski Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi. 2022. Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/scharnowski"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"crossref","unstructured":"Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware.. In NDSS Vol.\u00a01. 1\u20131.  Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware.. In NDSS Vol.\u00a01. 1\u20131.","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/WiMOB.2015.7347956"},{"key":"e_1_3_2_1_55_1","volume-title":"Periscope: An effective probing and fuzzing framework for the hardware-os boundary. In NDSS.","author":"Song Dokyung","year":"2019","unstructured":"Dokyung Song , Felicitas Hetzelt , Dipanjan Das , Chad Spensky , Yeoul Na , Stijn Volckaert , Giovanni Vigna , Christopher Kruegel , Jean-Pierre Seifert , and Michael Franz . 2019 . Periscope: An effective probing and fuzzing framework for the hardware-os boundary. In NDSS. Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, and Michael Franz. 2019. Periscope: An effective probing and fuzzing framework for the hardware-os boundary. In NDSS."},{"key":"e_1_3_2_1_56_1","unstructured":"Michael Sutton Adam Greene and Pedram Amini. 2007. Fuzzing: brute force vulnerability discovery. Pearson Education.  Michael Sutton Adam Greene and Pedram Amini. 2007. Fuzzing: brute force vulnerability discovery. Pearson Education."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423344"},{"key":"e_1_3_2_1_58_1","volume-title":"AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems","author":"Zaddach Jonas","year":"2014","unstructured":"Jonas Zaddach , Luca Bruno , Aurelien Francillon , Davide Balzarotti , 2014 . AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems \u2019 Firmwares.. In NDSS , Vol .\u00a023. 1\u201316. Jonas Zaddach, Luca Bruno, Aurelien Francillon, Davide Balzarotti, 2014. AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems\u2019 Firmwares.. In NDSS, Vol.\u00a023. 1\u201316."},{"key":"e_1_3_2_1_59_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng , Ali Davanian , Heng Yin , Chengyu Song , Hongsong Zhu , and Limin Sun . 2019 . FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation . In 28th USENIX Security Symposium (USENIX Security 19) . 1099\u20131114. Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. 2019. FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation. In 28th USENIX Security Symposium (USENIX Security 19). 1099\u20131114."},{"key":"e_1_3_2_1_60_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Zhou Wei","year":"2021","unstructured":"Wei Zhou , Le Guan , Peng Liu , and Yuqing Zhang . 2021 . Automatic Firmware Emulation through Invalidity-guided Knowledge Inference . In 30th USENIX Security Symposium (USENIX Security 21) . USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/zhou Wei Zhou, Le Guan, Peng Liu, and Yuqing Zhang. 2021. Automatic Firmware Emulation through Invalidity-guided Knowledge Inference. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/zhou"}],"event":{"name":"RAID 2022: 25th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID 2022","location":"Limassol Cyprus"},"container-title":["Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545957","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3545948.3545957","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3545948.3545957","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:27Z","timestamp":1750188627000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545957"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,26]]},"references-count":60,"alternative-id":["10.1145\/3545948.3545957","10.1145\/3545948"],"URL":"https:\/\/doi.org\/10.1145\/3545948.3545957","relation":{},"subject":[],"published":{"date-parts":[[2022,10,26]]},"assertion":[{"value":"2022-10-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}