{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T16:53:03Z","timestamp":1771951983520,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,3,25]],"date-time":"2023-03-25T00:00:00Z","timestamp":1679702400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National key research and development program of china","award":["2022YFC3301103"],"award-info":[{"award-number":["2022YFC3301103"]}]},{"name":"The national natural science foundation of china","award":["61931019"],"award-info":[{"award-number":["61931019"]}]},{"name":"The national natural science foundation of china","award":["62002342"],"award-info":[{"award-number":["62002342"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,3,25]]},"DOI":"10.1145\/3623278.3624759","type":"proceedings-article","created":{"date-parts":[[2024,2,7]],"date-time":"2024-02-07T19:28:26Z","timestamp":1707334106000},"page":"138-152","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8995-5924","authenticated-orcid":false,"given":"Puzhuo","family":"Liu","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"},{"name":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8953-0782","authenticated-orcid":false,"given":"Yaowen","family":"Zheng","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0862-2491","authenticated-orcid":false,"given":"Chengnian","family":"Sun","sequence":"additional","affiliation":[{"name":"University of Waterloo, Waterloo, Ontario, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7867-957X","authenticated-orcid":false,"given":"Chuan","family":"Qin","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"},{"name":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-7484-1333","authenticated-orcid":false,"given":"Dongliang","family":"Fang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"},{"name":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-6983-7728","authenticated-orcid":false,"given":"Mingdong","family":"Liu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"},{"name":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2745-7521","authenticated-orcid":false,"given":"Limin","family":"Sun","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"},{"name":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2024,2,7]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2013.20"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"e_1_3_2_1_3_1","volume-title":"Threat spotlight: Wastedlocker, customized ransomware. https:\/\/blog.malwarebytes.com\/threat-spotlight\/2020\/07\/threat-spotlight-wastedlocker-customized-ransomware","author":"Arntz Pieter","year":"2020","unstructured":"Pieter Arntz. Threat spotlight: Wastedlocker, customized ransomware. https:\/\/blog.malwarebytes.com\/threat-spotlight\/2020\/07\/threat-spotlight-wastedlocker-customized-ransomware, 2020. Accessed 2022-9-10."},{"key":"e_1_3_2_1_4_1","volume-title":"Luca Massarelli, and Leonardo Querzoni. In nomine function: Naming functions in stripped binaries with neural networks. arXiv preprint arXiv:1912.07946","author":"Artuso Fiorella","year":"2019","unstructured":"Fiorella Artuso, Giuseppe Antonio Di Luna, Luca Massarelli, and Leonardo Querzoni. In nomine function: Naming functions in stripped binaries with neural networks. arXiv preprint arXiv:1912.07946, 2019."},{"key":"e_1_3_2_1_5_1","first-page":"202","volume-title":"Working Conference on Verified Software: Theories, Tools, and Experiments","author":"Balakrishnan Gogul","year":"2005","unstructured":"Gogul Balakrishnan, Thomas Reps, David Melski, and Tim Teitelbaum. Wysin-wyx: What you see is not what you execute. In Working Conference on Verified Software: Theories, Tools, and Experiments, pages 202--213. Springer, 2005."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.3390\/app12136702"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_9_1","first-page":"303","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Chen Libo","year":"2021","unstructured":"Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, and Zhi Xue. Sharing more and checking less: Leveraging common input keywords to detect bugs in embedded systems. In 30th USENIX Security Symposium (USENIX Security 21), pages 303--319, 2021."},{"issue":"3","key":"e_1_3_2_1_10_1","first-page":"547","article-title":"Interrupt data race detection based on shared variable access order pattern","volume":"27","author":"Rui GUO","year":"2016","unstructured":"GUO Xiang-Ying MF CHEN Rui, YANG Meng-Fei. Interrupt data race detection based on shared variable access order pattern. Journal of Software, 27(3):547--561, 2016.","journal-title":"Journal of Software"},{"key":"e_1_3_2_1_11_1","first-page":"83","volume-title":"Automatic inference of taint sources to discover vulnerabilities in soho router firmware","author":"Cheng Kai","year":"2021","unstructured":"Kai Cheng, Dongliang Fang, Chuan Qin, Huizhao Wang, Yaowen Zheng, Nan Yu, and Limin Sun. Automatic inference of taint sources to discover vulnerabilities in soho router firmware. In Audun J\u00f8sang, Lynn Futcher, and Janne Hagen, editors, ICT Systems Security and Privacy Protection, pages 83--99, Cham, 2021. Springer International Publishing."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00052"},{"key":"e_1_3_2_1_13_1","first-page":"1201","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Clements Abraham A","year":"2020","unstructured":"Abraham A Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer. HALucinator: Firmware re-hosting through abstraction layer emulation. In 29th USENIX Security Symposium (USENIX Security 20), pages 1201--1218. USENIX Association, August 2020."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818035"},{"key":"e_1_3_2_1_15_1","volume-title":"https:\/\/scikit-learn.org\/stable\/modules\/preprocessing.html","author":"Preprocessing","year":"2022","unstructured":"Preprocessing data. https:\/\/scikit-learn.org\/stable\/modules\/preprocessing.html, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_16_1","volume-title":"https:\/\/nvd.nist.gov\/","author":"NATIONAL VULNERABILITY","year":"2022","unstructured":"NATIONAL VULNERABILITY DATABASE. https:\/\/nvd.nist.gov\/, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3428293"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00003"},{"key":"e_1_3_2_1_19_1","volume-title":"https:\/\/github.com\/e-m-b-a\/embak","author":"Emba E-M-B-A.","year":"2022","unstructured":"E-M-B-A. Emba. https:\/\/github.com\/e-m-b-a\/embak, 2022. Accessed 2022-9-10."},{"key":"e_1_3_2_1_20_1","first-page":"1237","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Feng Bo","year":"2020","unstructured":"Bo Feng, Alejandro Mera, and Long Lu. P2im: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In 29th USENIX Security Symposium (USENIX Security 20), pages 1237--1254, 2020."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978370"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484543"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833610"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243866"},{"key":"e_1_3_2_1_25_1","first-page":"2225","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"He Yi","year":"2022","unstructured":"Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. Rapidpatch: Firmware hotpatching for real-time embedded devices. In 31st USENIX Security Symposium (USENIX Security 22), pages 2225--2242, 2022."},{"key":"e_1_3_2_1_26_1","unstructured":"Hex-rays. Ida pro. https:\/\/www.hex-rays.com\/ida-pro. Accessed 2022-9-10."},{"key":"e_1_3_2_1_27_1","volume-title":"https:\/\/www.itnews.com.au\/XXXXX","year":"2022","unstructured":"Itnews. https:\/\/www.itnews.com.au\/XXXXX, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560612"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427294"},{"key":"e_1_3_2_1_30_1","volume-title":"70 percent of iot devices vulnerable to cyberattacks. https:\/\/www.securityweek.com\/70-iot-devices-vulnerable-cyberattacks-hp","author":"Kovacs Eduard","year":"2014","unstructured":"Eduard Kovacs. 70 percent of iot devices vulnerable to cyberattacks. https:\/\/www.securityweek.com\/70-iot-devices-vulnerable-cyberattacks-hp, 2014. Accessed 2022-9-8."},{"key":"e_1_3_2_1_31_1","volume-title":"https:\/\/blog.malwarebytes.com\/iot\/2021\/03\/150000-verkada-security-cameras-hacked-to-make-a-point","author":"Labsi Malwarebytes","year":"2021","unstructured":"Malwarebytes Labsi. 150,000 verkada security cameras hacked---to make a point. https:\/\/blog.malwarebytes.com\/iot\/2021\/03\/150000-verkada-security-cameras-hacked-to-make-a-point, 2021. Accessed 2022-9-10."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_2_1_33_1","volume-title":"Annual Network and Distributed System Security Symposium, NDSS","author":"Lee JongHyup","year":"2011","unstructured":"JongHyup Lee, Thanassis Avgerinos, and David Brumley. Tie: Principled reverse engineering of types in binary programs. In Annual Network and Distributed System Security Symposium, NDSS, 2011."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238199"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2022.102483"},{"key":"e_1_3_2_1_36_1","volume-title":"https:\/\/zenodo.org\/record\/8376901","author":"Liu Puzhuo","year":"2023","unstructured":"Puzhuo Liu, Yaowen Zheng, Chengnian Sun, Chuan Qin, Dongliang Fang, Mingdong Liu, and Limin Sun. Fits. https:\/\/zenodo.org\/record\/8376901, 2023."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446765"},{"key":"e_1_3_2_1_38_1","volume-title":"2020 unit 42 iot threat report. https:\/\/iotbusinessnews.com\/download\/white-papers\/UNIT42-IoT-Threat-Report.pdf","author":"Networks Palo Alto","year":"2020","unstructured":"Palo Alto Networks. 2020 unit 42 iot threat report. https:\/\/iotbusinessnews.com\/download\/white-papers\/UNIT42-IoT-Threat-Report.pdf, 2020. Accessed 2022-9-10."},{"key":"e_1_3_2_1_39_1","volume-title":"How-to: Extracting decryption keys for d-link. https:\/\/onekey.com\/blog\/extracting-decryption-keys-dlink\/","author":"ONEKEY.","year":"2022","unstructured":"ONEKEY. How-to: Extracting decryption keys for d-link. https:\/\/onekey.com\/blog\/extracting-decryption-keys-dlink\/, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_40_1","volume-title":"https:\/\/github.com\/angr\/pyvex","year":"2022","unstructured":"Pyvex. https:\/\/github.com\/angr\/pyvex, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_41_1","first-page":"49","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"David","year":"2015","unstructured":"David A. Ramos and Dawson Engler. Under-constrained symbolic execution: Correctness checking for real code. In 24th USENIX Security Symposium (USENIX Security 15), pages 49--64, Washington, D.C., August 2015. USENIX Association."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23039"},{"key":"e_1_3_2_1_43_1","first-page":"781","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Redini Nilo","year":"2017","unstructured":"Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. BootStomp: On the security of bootloaders in mobile devices. In 26th USENIX Security Symposium (USENIX Security 17), pages 781--798, Vancouver, BC, August 2017. USENIX Association."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00036"},{"key":"e_1_3_2_1_45_1","volume-title":"https:\/\/scikit-learn.org\/stable\/modules\/decomposition.html","author":"Dimensionality","year":"2022","unstructured":"Dimensionality reduction. https:\/\/scikit-learn.org\/stable\/modules\/decomposition.html, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_46_1","volume-title":"https:\/\/github.com\/ReFirmLabs\/binwalk","year":"2022","unstructured":"ReFirmLabs. Binwalk. https:\/\/github.com\/ReFirmLabs\/binwalk, 2022. Accessed 2022-9-10."},{"key":"e_1_3_2_1_47_1","first-page":"1239","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Scharnowski Tobias","year":"2022","unstructured":"Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi. Fuzzware: Using precise mmio modeling for effective firmware fuzzing. In 31st USENIX Security Symposium (USENIX Security 22), pages 1239--1256, 2022."},{"key":"e_1_3_2_1_48_1","volume-title":"scikit-learn. https:\/\/scikit-learn.org\/stable\/","year":"2022","unstructured":"scikit-learn developers. scikit-learn. https:\/\/scikit-learn.org\/stable\/, 2022. Accessed 2022-9-10."},{"key":"e_1_3_2_1_49_1","volume-title":"Mitigating program security vulnerabilities: Approaches and challenges. ACM Computing Surveys (CSUR), 44(3):1--46","author":"Shahriar Hossain","year":"2012","unstructured":"Hossain Shahriar and Mohammad Zulkernine. Mitigating program security vulnerabilities: Approaches and challenges. ACM Computing Surveys (CSUR), 44(3):1--46, 2012."},{"key":"e_1_3_2_1_50_1","volume-title":"Internet of things (iot). https:\/\/www.statista.com\/topics\/2637\/internet-of-things","year":"2021","unstructured":"Statista. Internet of things (iot). https:\/\/www.statista.com\/topics\/2637\/internet-of-things, 2021. Accessed 2022-9-10."},{"key":"e_1_3_2_1_51_1","volume-title":"Thousands of mikrotik routers hacked to eavesdrop on network traffic. https:\/\/thehackernews.com\/2018\/09\/mikrotik-router-hacking.html","year":"2018","unstructured":"SwatiKhandelwal. Thousands of mikrotik routers hacked to eavesdrop on network traffic. https:\/\/thehackernews.com\/2018\/09\/mikrotik-router-hacking.html. 2018. Accessed 2022-9-10."},{"key":"e_1_3_2_1_52_1","volume-title":"https:\/\/en.wikipedia.org\/wiki\/Global_Offset_Table","author":"Table Global Offset","year":"2022","unstructured":"Global Offset Table. https:\/\/en.wikipedia.org\/wiki\/Global_Offset_Table, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3543295"},{"key":"e_1_3_2_1_54_1","volume-title":"https:\/\/en.wikipedia.org\/wiki\/DBSCAN","year":"2022","unstructured":"wikipedia. https:\/\/en.wikipedia.org\/wiki\/DBSCAN, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_55_1","volume-title":"https:\/\/en.wikipedia.org\/wiki\/Euclidean_distance","year":"2022","unstructured":"wikipedia. https:\/\/en.wikipedia.org\/wiki\/Euclidean_distance, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_56_1","volume-title":"https:\/\/en.wiktionary.org\/wiki\/Manhattan_distance","year":"2022","unstructured":"wikipedia. https:\/\/en.wiktionary.org\/wiki\/Manhattan_distance, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_57_1","volume-title":"https:\/\/en.wikipedia.org\/wiki\/Pearson_correlation_coefficient","year":"2022","unstructured":"wikipedia. https:\/\/en.wikipedia.org\/wiki\/Pearson_correlation_coefficient, 2022. Accessed 2022-10-10."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"e_1_3_2_1_59_1","volume-title":"https:\/\/angr.io\/","author":"Yan Shoshitaishvili Audrey Dutcher","year":"2022","unstructured":"Audrey Dutcher Yan Shoshitaishvili, Ruoyu (Fish) Wang. Angr. https:\/\/angr.io\/, 2022. Accessed 2022-9-10."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48987.2021.00036"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-29959-0_31"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24031"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00109"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3360563"},{"key":"e_1_3_2_1_65_1","first-page":"1099","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. Firm-afl:high-throughput greybox fuzzing of iot firmware via augmented process emulation. In 28th USENIX Security Symposium (USENIX Security 19), pages 1099--1114, 2019."},{"key":"e_1_3_2_1_66_1","volume-title":"https:\/\/www.zynamics.com\/bindiff.html","year":"2022","unstructured":"zynamics. Bindiff. https:\/\/www.zynamics.com\/bindiff.html, 2022. Accessed 2023-2-14."}],"event":{"name":"ASPLOS '23: 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4","location":"Vancouver BC Canada","acronym":"ASPLOS '23","sponsor":["SIGARCH ACM Special Interest Group on Computer Architecture","SIGOPS ACM Special Interest Group on Operating Systems","SIGPLAN ACM Special Interest Group on Programming Languages","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3623278.3624759","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3623278.3624759","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:26Z","timestamp":1750178186000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3623278.3624759"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,25]]},"references-count":66,"alternative-id":["10.1145\/3623278.3624759","10.1145\/3623278"],"URL":"https:\/\/doi.org\/10.1145\/3623278.3624759","relation":{},"subject":[],"published":{"date-parts":[[2023,3,25]]},"assertion":[{"value":"2024-02-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}