{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T07:10:26Z","timestamp":1750749026934,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,16]],"date-time":"2023-10-16T00:00:00Z","timestamp":1697414400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-20-1-2632"],"award-info":[{"award-number":["N00014-20-1-2632"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,16]]},"DOI":"10.1145\/3607199.3607217","type":"proceedings-article","created":{"date-parts":[[2023,10,3]],"date-time":"2023-10-03T22:30:51Z","timestamp":1696372251000},"page":"32-45","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-2371-9486","authenticated-orcid":false,"given":"Eric","family":"Gustafson","sequence":"first","affiliation":[{"name":"UC Santa Barbara, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-9065-3407","authenticated-orcid":false,"given":"Paul","family":"Grosen","sequence":"additional","affiliation":[{"name":"UC Berkeley, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6768-7380","authenticated-orcid":false,"given":"Nilo","family":"Redini","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-0502-4038","authenticated-orcid":false,"given":"Saagar","family":"Jha","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0329-1830","authenticated-orcid":false,"given":"Andrea","family":"Continella","sequence":"additional","affiliation":[{"name":"University of Twente, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1524-2566","authenticated-orcid":false,"given":"Ruoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Arizona State University, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5770-6421","authenticated-orcid":false,"given":"Kevin","family":"Fu","sequence":"additional","affiliation":[{"name":"Northeastern University, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3630-6269","authenticated-orcid":false,"given":"Sara","family":"Rampazzi","sequence":"additional","affiliation":[{"name":"University of Florida, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5140-3414","authenticated-orcid":false,"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3422-5369","authenticated-orcid":false,"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2023,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2019. D-Link Adds More Buggy Router Models to \u2018Won\u2019t Fix\u2019 List. https:\/\/threatpost.com\/d-link-wont-fix-router-bugs\/150438\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2020. Arduino. http:\/\/arduino.cc\/."},{"key":"e_1_3_2_1_3_1","unstructured":"2020. CA S.B. 327. https:\/\/leginfo.legislature.ca.gov\/faces\/billTextClient.xhtml?bill_id=201720180SB327."},{"key":"e_1_3_2_1_4_1","unstructured":"2020. OpenDPS. https:\/\/github.com\/kanflo\/opendps."},{"key":"e_1_3_2_1_5_1","unstructured":"2020. S.734 - Internet of Things Cybersecurity Improvement Act of 2019. https:\/\/www.congress.gov\/bill\/116th-congress\/senate-bill\/734."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359823"},{"key":"e_1_3_2_1_7_1","unstructured":"AliExpress. 2020. RD DPS5015. https:\/\/www.aliexpress.com\/item\/32702714880.html."},{"key":"e_1_3_2_1_8_1","unstructured":"Amazon. 2020. Creating a code-signing certificate for the Texas Instruments CC3220SF-LAUNCHXL. https:\/\/docs.aws.amazon.com\/freertos\/latest\/userguide\/ota-code-sign-cert-ti.html."},{"key":"e_1_3_2_1_9_1","unstructured":"Frank Armstrong. 2013. A Discussion on Atmel Lock Byte and Firmware Protection. https:\/\/www.avrfreaks.net\/sites\/default\/files\/A%20discussion%20on%20Atmel%20Lock%20Bits.pdf."},{"key":"e_1_3_2_1_10_1","volume-title":"Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics.. In NDSS.","author":"Bauman Erick","year":"2018","unstructured":"Erick Bauman, Zhiqiang Lin, and Kevin\u00a0W Hamlen. 2018. Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics.. In NDSS."},{"key":"e_1_3_2_1_11_1","unstructured":"Catalin Cimparu. 2019. DHS and FDA warn about much broader impact of Urgent\/11 vulnerabilities. https:\/\/www.zdnet.com\/article\/dhs-and-fda-warn-about-much-broader-impact-of-urgent11-vulnerabilities\/."},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Security Symposium.","author":"Gustafson Abraham","year":"2020","unstructured":"Clements, Abraham and Gustafson, Eric and Scharnowski, Tobias and Grosen, Paul and Fritz, David and Kruegel, Christopher and Vigna, Giovanni and Bagchi, Saurabh and Payer, Mathias. 2020. HALucinator: Firmware Re-hosting through Abstraction Layer Emulation. In USENIX Security Symposium."},{"key":"e_1_3_2_1_13_1","unstructured":"European Commission. 2022. Cyber Resilience Act. https:\/\/digital-strategy.ec.europa.eu\/en\/library\/cyber-resilience-act."},{"key":"e_1_3_2_1_14_1","unstructured":"DARPA. 2020. Assured Micro-Patching (AMP). https:\/\/www.darpa.mil\/program\/assured-micropatching."},{"volume-title":"RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization","author":"Dinesh Sushant","key":"e_1_3_2_1_15_1","unstructured":"Sushant Dinesh, Nathan Burow, Dongyan Xu, and Mathias Payer. 2020. RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization. In IEEE Security and Privacy."},{"volume-title":"Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization","author":"Ding H.H.","key":"e_1_3_2_1_16_1","unstructured":"Steven\u00a0H.H. Ding, Benjamin\u00a0C.M. Fung, and Philippe Charland. 2019. Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization. In IEEE Security and Privacy."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Ruian Duan Ashish Bijlani Yang Ji Omar Alrawi Yiyuan Xiong Moses Ike Brendan Saltaformaggio and Wenke Lee. 2019. Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries.. In NDSS.","DOI":"10.14722\/ndss.2019.23126"},{"key":"e_1_3_2_1_18_1","unstructured":"EEVBlog. 2017. Flaming Power Supply!https:\/\/www.youtube.com\/watch?v=Q2rvAoO-MIA."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Sebastian Eschweiler Khaled Yakdan and Elmar Gerhards-Padilla. 2016. discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code. In NDSS.","DOI":"10.14722\/ndss.2016.23185"},{"key":"e_1_3_2_1_20_1","volume-title":"USENIX Security Symposium.","author":"Feng Bo","year":"2020","unstructured":"Bo Feng, Alejandro Mera, and Long Lu. 2020. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling. In USENIX Security Symposium."},{"key":"e_1_3_2_1_21_1","volume-title":"Automatic identification of cryptographic primitives in software","author":"Gr\u00f6bert Felix","year":"2010","unstructured":"Felix Gr\u00f6bert. 2010. Automatic identification of cryptographic primitives in software. Ruhr-University Bochum (2010), 115."},{"key":"e_1_3_2_1_22_1","unstructured":"Eric Gustafson Marius Muench Chad Spensky Nilo Redini Aravind Machiry Aurelien Francillon Davide Balzarotti Yung\u00a0Ryn Choe Christopher Kruegel and Giovanni Vigna. 2019. Toward the Analysis of Embedded Firmware through Automated Re-hosting. In Research in Attacks Intrusions and Defenses (USENIX RAID)."},{"key":"e_1_3_2_1_23_1","volume-title":"RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In Usenix Security Symposium.","author":"He Yi","year":"2022","unstructured":"Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. 2022. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In Usenix Security Symposium."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2901951"},{"key":"e_1_3_2_1_25_1","volume-title":"Detours: Binary Interception of Win32 Functions. In USENIX Windows NT Symposium.","author":"Hunt Galen","year":"1999","unstructured":"Galen Hunt and Doug Brubacher. 1999. Detours: Binary Interception of Win32 Functions. In USENIX Windows NT Symposium."},{"key":"e_1_3_2_1_26_1","volume-title":"International Conference on Mobile Systems, Applications and Services (MobiSys).","author":"Kim Taegyu","year":"2021","unstructured":"Taegyu Kim, Aolin Ding, Sriharsha Etigowni, Pengfei Sun, Jizhou Chen, Luis Garcia, Saman Zonouz, Dongyan Xu, and Dave Tian. 2021. Reverse Engineering and Retrofitting Robotic Aerial Vehicle Control Firmware using DisPatch. In International Conference on Mobile Systems, Applications and Services (MobiSys)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134627"},{"key":"e_1_3_2_1_28_1","volume-title":"TIE: Principled Reverse Engineering of Types in Binary Programs. In NDSS.","author":"Lee JongHyup","year":"2011","unstructured":"JongHyup Lee, Thanassis Avgerinos, and David Brumley. 2011. TIE: Principled Reverse Engineering of Types in Binary Programs. In NDSS."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714639"},{"volume-title":"OS 2020. mbed OS. https:\/\/www.mbed.com\/en\/development\/mbed-os\/.","key":"e_1_3_2_1_30_1","unstructured":"mbed OS 2020. mbed OS. https:\/\/www.mbed.com\/en\/development\/mbed-os\/."},{"key":"e_1_3_2_1_31_1","unstructured":"Microchip. 2020. AT16743: SAM V7\/E7\/S7 Safe and Secure Bootloader. http:\/\/ww1.microchip.com\/downloads\/en\/AppNotes\/Atmel-42725-Safe-and-Secure-Bootloader-for-SAM-V7-E7-S7-MCUs_AT16743_ApplicationNote.pdf."},{"key":"e_1_3_2_1_32_1","unstructured":"Jose Nazario. 2017. The problem with patching in addressing IoT vulnerabilities. https:\/\/www.fastly.com\/blog\/problem-patching-addressing-iot-vulnerabilities."},{"key":"e_1_3_2_1_33_1","unstructured":"Lily\u00a0Hay Newman. 2019. Decades-Old Code Is Putting Millions of Critical Devices at Risk. https:\/\/www.wired.com\/story\/urgent-11-ipnet-vulnerable-devices\/."},{"key":"e_1_3_2_1_34_1","volume-title":"HERA: Hotpatching of Embedded Real-time Applications. In Symposium on Network and Distrbuted Systems Security (NDSS).","author":"Niesler Christian","year":"2021","unstructured":"Christian Niesler, Sebastian Surminski, and Lucas Davi. 2021. HERA: Hotpatching of Embedded Real-time Applications. In Symposium on Network and Distrbuted Systems Security (NDSS)."},{"key":"e_1_3_2_1_35_1","unstructured":"Office of Naval Research (ONR). 2020. Total Platform Cyber Protection (TPCP). https:\/\/www.onr.navy.mil\/-\/media\/Files\/Funding-Announcements\/BAA\/2017\/N00014-17-S-B010.ashx."},{"key":"e_1_3_2_1_36_1","unstructured":"Osbourne Paul. [n. d.]. CMSIS-SVD Repository and Parsers. https:\/\/github.com\/posborne\/cmsis-svd."},{"key":"e_1_3_2_1_37_1","volume-title":"RAZOR: A Framework for Post-deployment Software Debloating. In USENIX Security Symposium.","author":"Qian Chenxiong","year":"2019","unstructured":"Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak\u00a0Ho Chung, Taesoo Kim, and Wenke Lee. 2019. RAZOR: A Framework for Post-deployment Software Debloating. In USENIX Security Symposium."},{"key":"e_1_3_2_1_38_1","volume-title":"Bloat Factors and Binary Specialization. In ACM Workshop on Forming an Ecosystem Around Software Transformation.","author":"Quach Anh","year":"2019","unstructured":"Anh Quach and Aravind Prakash. 2019. Bloat Factors and Binary Specialization. In ACM Workshop on Forming an Ecosystem Around Software Transformation."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106271"},{"key":"e_1_3_2_1_40_1","volume-title":"BootStomp: On the Security of Bootloaders in Mobile Devices. In USENIX Security Symposium","author":"Redini Nilo","year":"2017","unstructured":"Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2017. BootStomp: On the Security of Bootloaders in Mobile Devices. In USENIX Security Symposium. Vancouver, BC."},{"key":"e_1_3_2_1_41_1","volume-title":"KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware","author":"Redini Nilo","year":"2020","unstructured":"Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2020. KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware. In IEEE Security & Privacy."},{"key":"e_1_3_2_1_42_1","volume-title":"BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 482\u2013501","author":"Redini Nilo","year":"2019","unstructured":"Nilo Redini, Ruoyu Wang, Aravind Machiry, Yan Shoshitaishvili, Giovanni Vigna, and Christopher Kruegel. 2019. BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 482\u2013501."},{"key":"e_1_3_2_1_43_1","unstructured":"Jessica Rich. 2016. What happens when the sun sets on a smart product?https:\/\/www.ftc.gov\/news-events\/blogs\/business-blog\/2016\/07\/what-happens-when-sun-sets-smart-product."},{"key":"e_1_3_2_1_44_1","unstructured":"Rockwell Automation. 2020. ControlLogix and GuardLogix Controllers. https:\/\/literature.rockwellautomation.com\/idc\/groups\/literature\/documents\/td\/1756-td001_-en-p.pdf."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_1_46_1","unstructured":"STMicroelectronics. 2020. AN4701: Proprietary code read-out protection on microcontrollers of the STM32F4 Series. https:\/\/www.st.com\/resource\/en\/application_note\/dm00186528-proprietary-code-readout-protection-on-microcontrollers-of-the-stm32f4-series-stmicroelectronics.pdf."},{"volume-title":"Autoblob: Automatic Blob-loading for CLE. https:\/\/github.com\/subwire\/autoblob.","year":"2020","key":"e_1_3_2_1_47_1","unstructured":"subwire. 2020. Autoblob: Automatic Blob-loading for CLE. https:\/\/github.com\/subwire\/autoblob."},{"key":"e_1_3_2_1_48_1","unstructured":"TI. 2020. Understanding security features for MSP430\u2122 Microcontrollers. http:\/\/www.ti.com\/lit\/ml\/swpb018\/swpb018.pdf?ts=1587844615741."},{"key":"e_1_3_2_1_49_1","volume-title":"Ramblr: Making Reassembly Great Again.. In NDSS.","author":"Wang Ruoyu","year":"2017","unstructured":"Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, and Giovanni Vigna. 2017. Ramblr: Making Reassembly Great Again.. In NDSS."},{"key":"e_1_3_2_1_50_1","volume-title":"USENIX Security Symposium. 627\u2013642","author":"Wang Shuai","year":"2015","unstructured":"Shuai Wang, Pei Wang, and Dinghao Wu. 2015. Reassembleable Disassembling.. In USENIX Security Symposium. 627\u2013642."},{"volume-title":"UROBOROS: Instrumenting Stripped Binaries with Static Reassembling. In Conference on Software Analysis, Evolution, and Reengineering (SANER).","author":"Wang S.","key":"e_1_3_2_1_51_1","unstructured":"S. Wang, P. Wang, and D. Wu. 2016. UROBOROS: Instrumenting Stripped Binaries with Static Reassembling. In Conference on Software Analysis, Evolution, and Reengineering (SANER)."},{"key":"e_1_3_2_1_52_1","volume-title":"Binary Code Retrofitting and Hardening Using SGX. In Workshop on Forming an Ecosystem Around Software Transformation (FEAST).","author":"Wang Shuai","year":"2017","unstructured":"Shuai Wang, Wenhao Wang, Qinkun Bao, Pei Wang, XiaoFeng Wang, and Dinghao Wu. 2017. Binary Code Retrofitting and Hardening Using SGX. In Workshop on Forming an Ecosystem Around Software Transformation (FEAST)."},{"key":"e_1_3_2_1_53_1","volume-title":"FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware. In ACM Conference on Computer and Communications Security (CCS).","author":"Wen Haohuang","year":"2020","unstructured":"Haohuang Wen, Zhiqiang Lin, and Yinqian Zhang. 2020. FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"crossref","unstructured":"Matthias Wenzl Georg Merzdovnik Johanna Ullrich and Edgar Weippl. 2019. From Hack to Elaborate Technique - A Survey on Binary Rewriting. In ACM Computing Surveys (CSUR).","DOI":"10.1145\/3316415"}],"event":{"name":"RAID 2023: The 26th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID 2023","location":"Hong Kong China"},"container-title":["Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607199.3607217","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3607199.3607217","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3607199.3607217","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:35Z","timestamp":1750178255000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607199.3607217"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,16]]},"references-count":54,"alternative-id":["10.1145\/3607199.3607217","10.1145\/3607199"],"URL":"https:\/\/doi.org\/10.1145\/3607199.3607217","relation":{},"subject":[],"published":{"date-parts":[[2023,10,16]]},"assertion":[{"value":"2023-10-16","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}