{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T13:41:31Z","timestamp":1773841291347,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,12]],"date-time":"2023-07-12T00:00:00Z","timestamp":1689120000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,12]]},"DOI":"10.1145\/3597926.3598062","type":"proceedings-article","created":{"date-parts":[[2023,7,13]],"date-time":"2023-07-13T20:12:53Z","timestamp":1689279173000},"page":"360-372","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Detecting Vulnerabilities in Linux-Based Embedded Firmware with SSE-Based On-Demand Alias Analysis"],"prefix":"10.1145","author":[{"given":"Kai","family":"Cheng","sequence":"first","affiliation":[{"name":"Shenzhen Institute of Advanced Technology at Chinese Academy of Sciences, China \/ Sangfor Technologies, China"}]},{"given":"Yaowen","family":"Zheng","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}]},{"given":"Tao","family":"Liu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, USA"}]},{"given":"Le","family":"Guan","sequence":"additional","affiliation":[{"name":"University of Georgia, USA"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, USA"}]},{"given":"Hong","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering at Chinese Academy of Sciences, China"}]},{"given":"Hongsong","family":"Zhu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering at Chinese Academy of Sciences, China \/ University of Chinese Academy of Sciences, China"}]},{"given":"Kejiang","family":"Ye","sequence":"additional","affiliation":[{"name":"Shenzhen Institute of Advanced Technology at Chinese Academy of Sciences, China"}]},{"given":"Limin","family":"Sun","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering at Chinese Academy of Sciences, China \/ University of Chinese Academy of Sciences, China"}]}],"member":"320","published-online":{"date-parts":[[2023,7,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Lars Ole Andersen. 1994. Program analysis and specialization for the C programming language. Ph. D. Dissertation. Citeseer. \t\t\t\t  Lars Ole Andersen. 1994. Program analysis and specialization for the C programming language. Ph. D. Dissertation. Citeseer."},{"key":"e_1_3_2_1_2_1","unstructured":"2023. Next-generation binary analysis framework. https:\/\/github.com\/angr\/angr \t\t\t\t  2023. Next-generation binary analysis framework. https:\/\/github.com\/angr\/angr"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1749608.1749612"},{"key":"e_1_3_2_1_5_1","unstructured":"2019. Soundness and Completeness: Defined With Precision. https:\/\/cacm.acm.org\/blogs\/blog-cacm\/236068-soundness-and-completeness-defined-with-precision\/fulltext \t\t\t\t  2019. Soundness and Completeness: Defined With Precision. https:\/\/cacm.acm.org\/blogs\/blog-cacm\/236068-soundness-and-completeness-defined-with-precision\/fulltext"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_7_1","volume-title":"30th USENIX Security Symposium, USENIX Security 2021","author":"Chen Libo","year":"2021","unstructured":"Libo Chen , Yanhao Wang , Quanpu Cai , Yunfan Zhan , Hong Hu , Jiaqi Linghu , Qinsheng Hou , Chao Zhang , Haixin Duan , and Zhi Xue . 2021 . Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems . In 30th USENIX Security Symposium, USENIX Security 2021 , August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 303\u2013319. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/chen-libo Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, and Zhi Xue. 2021. Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 303\u2013319. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/chen-libo"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/358438.349311"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00052"},{"key":"e_1_3_2_1_10_1","unstructured":"2023. The API documentation provided by Claripy. https:\/\/docs.angr.io\/projects\/claripy\/en\/latest\/api.html \t\t\t\t  2023. The API documentation provided by Claripy. https:\/\/docs.angr.io\/projects\/claripy\/en\/latest\/api.html"},{"key":"e_1_3_2_1_11_1","unstructured":"2023. A python module for loading binaries. https:\/\/github.com\/angr\/cle \t\t\t\t  2023. A python module for loading binaries. https:\/\/github.com\/angr\/cle"},{"key":"e_1_3_2_1_12_1","volume-title":"Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium, USENIX Security 2018","author":"Corteggiani Nassim","year":"2018","unstructured":"Nassim Corteggiani , Giovanni Camurati , and Aur\u00e9lien Francillon . 2018 . Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium, USENIX Security 2018 , Baltimore, MD, USA , August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 309\u2013326. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/corteggiani Nassim Corteggiani, Giovanni Camurati, and Aur\u00e9lien Francillon. 2018. Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 309\u2013326. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/corteggiani"},{"key":"e_1_3_2_1_13_1","unstructured":"2023. Common vulnerabilities and exposures. https:\/\/cve.mitre.org\/ \t\t\t\t  2023. Common vulnerabilities and exposures. https:\/\/cve.mitre.org\/"},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the 22th USENIX Security Symposium","author":"Davidson Drew","year":"2013","unstructured":"Drew Davidson , Benjamin Moench , Thomas Ristenpart , and Somesh Jha . 2013 . FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution . In Proceedings of the 22th USENIX Security Symposium , Washington, DC, USA , August 14-16, 2013, Samuel T. King (Ed.). USENIX Association, 463\u2013478. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/paper\/davidson Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution. In Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, Samuel T. King (Ed.). USENIX Association, 463\u2013478. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/paper\/davidson"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268948"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/178243.178263"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.7976968"},{"key":"e_1_3_2_1_18_1","unstructured":"2023. Exploit database of the website. https:\/\/www.exploit-db.com\/ \t\t\t\t  2023. Exploit database of the website. https:\/\/www.exploit-db.com\/"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3240480"},{"key":"e_1_3_2_1_20_1","unstructured":"2023. A source code and binary code static analysis tool. https:\/\/www.grammatech.com\/our-products\/codesonar\/ \t\t\t\t  2023. A source code and binary code static analysis tool. https:\/\/www.grammatech.com\/our-products\/codesonar\/"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2005.27"},{"key":"e_1_3_2_1_22_1","unstructured":"2023. A powerful disassembler. https:\/\/www.hex-rays.com\/ida-pro\/ \t\t\t\t  2023. A powerful disassembler. https:\/\/www.hex-rays.com\/ida-pro\/"},{"key":"e_1_3_2_1_23_1","unstructured":"2020. The experimental dataset used by tool Karonte. https:\/\/github.com\/ucsb-seclab\/karonte##dataset \t\t\t\t  2020. The experimental dataset used by tool Karonte. https:\/\/github.com\/ucsb-seclab\/karonte##dataset"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3497776.3517776"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238199"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2018.23017"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23166"},{"key":"e_1_3_2_1_28_1","unstructured":"2022. A micro-benchmark suite designed for validating various static analysis algorithms. https:\/\/github.com\/SVF-tools\/Test-Suite \t\t\t\t  2022. A micro-benchmark suite designed for validating various static analysis algorithms. https:\/\/github.com\/SVF-tools\/Test-Suite"},{"key":"e_1_3_2_1_29_1","unstructured":"2023. A python module for VEX intermediate represenation. https:\/\/github.com\/angr\/pyvex \t\t\t\t  2023. A python module for VEX intermediate represenation. https:\/\/github.com\/angr\/pyvex"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00036"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78791-4_2"},{"key":"e_1_3_2_1_32_1","unstructured":"2022. The experimental dataset used by tool SaTC. https:\/\/drive.google.com\/file\/d\/1rOhjBlmv3jYmkKhTBJcqJ-G56HoHBpVX\/view \t\t\t\t  2022. The experimental dataset used by tool SaTC. https:\/\/drive.google.com\/file\/d\/1rOhjBlmv3jYmkKhTBJcqJ-G56HoHBpVX\/view"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290361"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/237721.237727"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2869336"},{"key":"e_1_3_2_1_37_1","unstructured":"2023. A supplementary material for paper \u2018Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis\u2019. https:\/\/drive.google.com\/file\/d\/15K3Nbqm15sTwfXvMuiwhwBqvFTscZ1cy\/view \t\t\t\t  2023. A supplementary material for paper \u2018Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis\u2019. https:\/\/drive.google.com\/file\/d\/15K3Nbqm15sTwfXvMuiwhwBqvFTscZ1cy\/view"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.3837\/tiis.2013.08.014"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23808-6_34"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2001420.2001440"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3360563"},{"key":"e_1_3_2_1_44_1","volume-title":"28th USENIX Security Symposium, USENIX Security 2019","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng , Ali Davanian , Heng Yin , Chengyu Song , Hongsong Zhu , and Limin Sun . 2019 . FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation . In 28th USENIX Security Symposium, USENIX Security 2019 , Santa Clara, CA, USA , August 14-16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 1099\u20131114. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/zheng Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. 2019. FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 1099\u20131114. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/zheng"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534414"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/IPCCC47392.2019.8958740"}],"event":{"name":"ISSTA '23: 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis","location":"Seattle WA USA","acronym":"ISSTA '23","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","AITO"]},"container-title":["Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3597926.3598062","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3597926.3598062","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:42Z","timestamp":1750182522000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3597926.3598062"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,12]]},"references-count":46,"alternative-id":["10.1145\/3597926.3598062","10.1145\/3597926"],"URL":"https:\/\/doi.org\/10.1145\/3597926.3598062","relation":{},"subject":[],"published":{"date-parts":[[2023,7,12]]},"assertion":[{"value":"2023-07-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}