{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,16]],"date-time":"2026-05-16T18:21:08Z","timestamp":1778955668802,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690216","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"1761-1775","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Collapse Like A House of Cards: Hacking Building Automation System Through Fuzzing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7786-0231","authenticated-orcid":false,"given":"Yue","family":"Zhang","sequence":"first","affiliation":[{"name":"Drexel University, Philadelphia, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9691-8702","authenticated-orcid":false,"given":"Zhen","family":"Ling","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, Jiangsu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1020-2736","authenticated-orcid":false,"given":"Michael","family":"Cash","sequence":"additional","affiliation":[{"name":"University of Central Florida, Orlando, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-9408-3445","authenticated-orcid":false,"given":"Qiguang","family":"Zhang","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, Jiangsu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9403-6837","authenticated-orcid":false,"given":"Christopher","family":"Morales-Gonzalez","sequence":"additional","affiliation":[{"name":"UMass Lowell, Lowell, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8668-8891","authenticated-orcid":false,"given":"Qun Zhou","family":"Sun","sequence":"additional","affiliation":[{"name":"University of Central Florida, Orlando, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2391-7789","authenticated-orcid":false,"given":"Xinwen","family":"Fu","sequence":"additional","affiliation":[{"name":"UMass Lowell, Lowell, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23371"},{"key":"e_1_3_2_1_2_1","volume-title":"https:\/\/www.knx.org\/","author":"KNX Association","year":"2023","unstructured":"KNX Association. Knx. https:\/\/www.knx.org\/, 2023."},{"key":"e_1_3_2_1_3_1","volume-title":"What is ets professional? https:\/\/www.knx.org\/knx-en\/for-professionals\/software\/ets-professional\/","author":"KNX Association","year":"2023","unstructured":"KNX Association. What is ets professional? https:\/\/www.knx.org\/knx-en\/for-professionals\/software\/ets-professional\/, 2023."},{"key":"e_1_3_2_1_4_1","unstructured":"Rage Usha Bhargavi. Smart home automation and security using raspberry module."},{"key":"e_1_3_2_1_5_1","volume-title":"boofuzz: Network protocol fuzzing for humans. https:\/\/boofuzz.readthedocs.io","author":"Documentation Boofuzz","year":"2024","unstructured":"Boofuzz Documentation. boofuzz: Network protocol fuzzing for humans. https:\/\/boofuzz.readthedocs.io, 2024. Accessed: 2024-08-01."},{"key":"e_1_3_2_1_6_1","volume-title":"Qun Zhou Sun, and Xinwen Fu. On false data injection attack against building automation systems. arXiv preprint arXiv:2208.02733","author":"Cash Michael","year":"2022","unstructured":"Michael Cash, Christopher Morales, Shan Wang, Xipeng Jin, Alex Parlato, Qun Zhou Sun, and Xinwen Fu. On false data injection attack against building automation systems. arXiv preprint arXiv:2208.02733, 2022."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC42927.2021.9500413"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.3390\/buildings14010271"},{"key":"e_1_3_2_1_10_1","volume-title":"The security of smart buildings: a systematic literature review. arXiv preprint arXiv:1901.05837","author":"Ciholas Pierre","year":"2019","unstructured":"Pierre Ciholas, Aidan Lennie, Parvin Sadigova, and Jose M Such. The security of smart buildings: a systematic literature review. arXiv preprint arXiv:1901.05837, 2019."},{"key":"e_1_3_2_1_11_1","volume-title":"Ashrae bacnet. https:\/\/bacnet.org\/","author":"BACnet Committee","year":"2023","unstructured":"BACnet Committee. Ashrae bacnet. https:\/\/bacnet.org\/, 2023."},{"key":"e_1_3_2_1_12_1","volume-title":"Bacnet secure connect. https:\/\/bacnetinternational.org\/bacnetsc\/","author":"BACnet Committee","year":"2023","unstructured":"BACnet Committee. Bacnet secure connect. https:\/\/bacnetinternational.org\/bacnetsc\/, 2023."},{"key":"e_1_3_2_1_13_1","volume-title":"Security evaluation of the z-wave wireless protocol. Black hat USA, 24:1--2","author":"Fouladi Behrang","year":"2013","unstructured":"Behrang Fouladi and Sahand Ghanoun. Security evaluation of the z-wave wireless protocol. Black hat USA, 24:1--2, 2013."},{"key":"e_1_3_2_1_14_1","volume-title":"Github - knxd\/knxd. https:\/\/github.com\/knxd\/knxd","year":"2024","unstructured":"GitHub. Github - knxd\/knxd. https:\/\/github.com\/knxd\/knxd, 2024. Accessed: 2024-08-01."},{"key":"e_1_3_2_1_15_1","first-page":"303","volume-title":"SAFECOMP 2010, Vienna, Austria, September 14--17, 2010. Proceedings 29","author":"Granzer Wolfgang","year":"2010","unstructured":"Wolfgang Granzer and Wolfgang Kastner. Security analysis of open building automation systems. In Computer Safety, Reliability, and Security: 29th International Conference, SAFECOMP 2010, Vienna, Austria, September 14--17, 2010. Proceedings 29, pages 303--316. Springer, 2010."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.122442"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7009"},{"key":"e_1_3_2_1_18_1","volume-title":"Bacnet explorer. https:\/\/inneasoft.com\/en\/bacnet-explorer\/","year":"2023","unstructured":"Inneasoft. Bacnet explorer. https:\/\/inneasoft.com\/en\/bacnet-explorer\/, 2023."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/WFCS.2014.6837593"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.69554\/XSQZ3232"},{"key":"e_1_3_2_1_21_1","volume-title":"A study on the security requirements analysis to build a zero trust-based remote work environment. arXiv preprint arXiv:2401.03675","author":"Kim Haena","year":"2024","unstructured":"Haena Kim, Yejun Kim, and Seungjoo Kim. A study on the security requirements analysis to build a zero trust-based remote work environment. arXiv preprint arXiv:2401.03675, 2024."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3097807"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427294"},{"key":"e_1_3_2_1_24_1","first-page":"7085","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Lei Chongqing","year":"2024","unstructured":"Chongqing Lei, Zhen Ling, Yue Zhang, Yan Yang, Junzhou Luo, and Xinwen Fu. A friend?s eye is a good mirror: Synthesizing {MCU} peripheral models from peripheral drivers. In 33rd USENIX Security Symposium (USENIX Security 24), pages 7085--7102, 2024."},{"key":"e_1_3_2_1_25_1","volume-title":"Xinwen Fu. RIoTFuzzer: Companion App Assisted Remote Fuzzing for Detecting Vulnerabilities in IoT Devices. In Proceedings of the 31th Conference on Computer and Communications Security (CCS'24)","author":"Liu Kaizhen","year":"2024","unstructured":"Kaizhen Liu, Ming Yang, Zhen Ling, Yue Zhang, Chongqing Lei, Junzhou Luo, and Xinwen Fu. RIoTFuzzer: Companion App Assisted Remote Fuzzing for Detecting Vulnerabilities in IoT Devices. In Proceedings of the 31th Conference on Computer and Communications Security (CCS'24), 2024."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3036232"},{"key":"e_1_3_2_1_27_1","volume-title":"March","author":"Lourdas Vassilios","year":"2020","unstructured":"Vassilios Lourdas. Knx data secure. https:\/\/support.knx.org\/hc\/en-us\/articles\/360012689639-KNX-Data-Secure, March 2020."},{"key":"e_1_3_2_1_28_1","volume-title":"March","author":"Lourdas Vassilios","year":"2020","unstructured":"Vassilios Lourdas. Knx ip secure. https:\/\/support.knx.org\/hc\/en-us\/articles\/360012666599-KNX-IP-Secure, March 2020."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.3390\/s18124451"},{"key":"e_1_3_2_1_30_1","volume-title":"30th USENIX Security Symposium","author":"Nagy Stefan","year":"2021","unstructured":"Stefan Nagy, Anh Nguyen-Tuong, Jason D Hiser, Jack W Davidson, and Matthew Hicks. Breaking through binaries: Compiler-quality instrumentation for better binary-only fuzzing. In 30th USENIX Security Symposium, 2021."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.3390\/computers13020045"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00067"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5220\/0006263405460552"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00056"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23404"},{"key":"e_1_3_2_1_36_1","volume-title":"Building automation systems market - growth, trends, covid-19 impact, and forecasts (2022 -","year":"2027","unstructured":"ReportLinker. Building automation systems market - growth, trends, covid-19 impact, and forecasts (2022 - 2027). https:\/\/www.reportlinker.com\/p06360537\/, October 2022."},{"key":"e_1_3_2_1_37_1","unstructured":"Francesco Rosati. Enhancing Security in Smart Buildings: Traffic Classification for Automated Access Control. PhD thesis Politecnico di Torino 2024."},{"key":"e_1_3_2_1_38_1","first-page":"2597","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Schumilo Sergej","year":"2021","unstructured":"Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon W\u00f6rner, and Thorsten Holz. Nyx: Greybox hypervisor fuzzing using fast snapshots and affine types. In 30th USENIX Security Symposium (USENIX Security 21), pages 2597--2614, 2021."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519591"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23176"},{"key":"e_1_3_2_1_41_1","volume-title":"Cas bacnet explorer. https:\/\/store.chipkin.com\/products\/tools\/cas-bacnet-explorer","author":"Systems Chipkin Automation","year":"2023","unstructured":"Chipkin Automation Systems. Cas bacnet explorer. https:\/\/store.chipkin.com\/products\/tools\/cas-bacnet-explorer, 2023."},{"key":"e_1_3_2_1_42_1","first-page":"2847","volume-title":"USENIX Security Symposium","author":"Tychalas Dimitrios","year":"2021","unstructured":"Dimitrios Tychalas, Hadjer Benkraouda, and Michail Maniatakos. Icsfuzz: Manipulating i\/os and repurposing binary code to enable instrumented fuzzing in ics control applications. In USENIX Security Symposium, pages 2847--2862, 2021."},{"key":"e_1_3_2_1_43_1","volume-title":"Sneak into buildings with KNXnet\/IP","author":"Vacherot Claire","year":"2020","unstructured":"Claire Vacherot. Sneak into buildings with knxnet\/ip. In Sneak into buildings with KNXnet\/IP, 2020."},{"key":"e_1_3_2_1_44_1","volume-title":"Automated security findings management: A case study in industrial devops. arXiv preprint arXiv:2401.06602","author":"Voggenreiter Markus","year":"2024","unstructured":"Markus Voggenreiter, Florian Angermeir, Fabiola Moy\u00f3n, Ulrich Sch\u00f6pp, and Pierre Bonvin. Automated security findings management: A case study in industrial devops. arXiv preprint arXiv:2401.06602, 2024."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.aej.2024.01.013"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423340"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00057"},{"key":"e_1_3_2_1_49_1","volume-title":"Zhiqiang Lin. When Compiler Optimizations Meet Symbolic Execution: An Empirical Study. In Proceedings of the 31th Conference on Computer and Communications Security (CCS'24)","author":"Zhang Yue","year":"2024","unstructured":"Yue Zhang, Melih Sirlanci, Ruoyu \"Fish\" Wang, and Zhiqiang Lin. When Compiler Optimizations Meet Symbolic Execution: An Empirical Study. In Proceedings of the 31th Conference on Computer and Communications Security (CCS'24), 2024."},{"key":"e_1_3_2_1_50_1","first-page":"1099","volume-title":"USENIX Security Symposium","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. Firm-afl: High-throughput greybox fuzzing of iot firmware via augmented process emulation. In USENIX Security Symposium, pages 1099--1114, 2019."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690216","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690216","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:11:24Z","timestamp":1755843084000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690216"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":50,"alternative-id":["10.1145\/3658644.3690216","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690216","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}