{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T08:40:05Z","timestamp":1780044005087,"version":"3.53.1"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372268"],"award-info":[{"award-number":["62372268"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001381","name":"National Research Foundation Singapore","doi-asserted-by":"publisher","award":["NRF-NCR25-Fuzz-0001"],"award-info":[{"award-number":["NRF-NCR25-Fuzz-0001"]}],"id":[{"id":"10.13039\/501100001381","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Jinan City \"20 New Universities\" Funding Project","award":["2021GXRC084"],"award-info":[{"award-number":["2021GXRC084"]}]},{"name":"Shandong Provincial Natural Science Foundation","award":["ZR2021LZH007"],"award-info":[{"award-number":["ZR2021LZH007"]}]},{"name":"Shandong Provincial Natural Science Foundation","award":["ZR2022LZH013"],"award-info":[{"award-number":["ZR2022LZH013"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3678914","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"579-593","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-9917-1527","authenticated-orcid":false,"given":"Jianing","family":"Wang","sequence":"first","affiliation":[{"name":"National University of Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3367-0951","authenticated-orcid":false,"given":"Shanqing","family":"Guo","sequence":"additional","affiliation":[{"name":"Shandong University, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0916-8806","authenticated-orcid":false,"given":"Wenrui","family":"Diao","sequence":"additional","affiliation":[{"name":"Shandong University, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3065-0165","authenticated-orcid":false,"given":"Yue","family":"Liu","sequence":"additional","affiliation":[{"name":"Southeast University, China and QI-ANXIN Group, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0083-733X","authenticated-orcid":false,"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University, China; Zhongguancun Laboratory, China and Quancheng Laboratory, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9506-102X","authenticated-orcid":false,"given":"Yichen","family":"Liu","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7138-5030","authenticated-orcid":false,"given":"Zhenkai","family":"Liang","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.52"},{"key":"e_1_3_2_1_2_1","volume-title":"CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses. In 2019 IEEE Cybersecurity Development (SecDev)","author":"Afrose Sharmin","unstructured":"Sharmin Afrose, Sazzadur Rahaman, and Danfeng Yao. 2019. CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses. In 2019 IEEE Cybersecurity Development (SecDev). IEEE, 49\u201361."},{"key":"e_1_3_2_1_3_1","volume-title":"Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 614\u2013631","author":"Ami Amit\u00a0Seal","year":"2022","unstructured":"Amit\u00a0Seal Ami, Nathan Cooper, Kaushal Kafle, Kevin Moran, Denys Poshyvanyk, and Adwait Nadkarni. 2022. Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 614\u2013631."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_1_5_1","volume-title":"Bugcrowd: Crowdsourced Cybersecurity Platform. https:\/\/www.bugcrowd.com\/","year":"2023","unstructured":"Bugcrowd. 2023. Bugcrowd: Crowdsourced Cybersecurity Platform. https:\/\/www.bugcrowd.com\/"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Daming\u00a0D Chen Maverick Woo David Brumley and Manuel Egele. 2016. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware.. In NDSS Vol.\u00a016. 1\u201316.","DOI":"10.14722\/ndss.2016.23415"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Jiongyi Chen Wenrui Diao Qingchuan Zhao Chaoshun Zuo Zhiqiang Lin XiaoFeng Wang Wing\u00a0Cheong Lau Menghan Sun Ronghai Yang and Kehuan Zhang. 2018. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing.. In NDSS.","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Yikang Chen Yibo Liu Ka\u00a0Lok Wu Duc\u00a0V Le and Sze\u00a0Yiu Chau. 2024. Towards Precise Reporting of Cryptographic Misuses. In NDSS.","DOI":"10.14722\/ndss.2024.241032"},{"key":"e_1_3_2_1_9_1","unstructured":"MITRE Corporation. 2006. Common Weakness Enumeration: A Community-Developed List of Software and Hardware Weakness Types.https:\/\/cwe.mitre.org\/"},{"key":"e_1_3_2_1_10_1","unstructured":"MITRE Corporation. 2006. CWE-259: Use of Hard-coded Password. https:\/\/cwe.mitre.org\/data\/definitions\/259.html"},{"key":"e_1_3_2_1_11_1","unstructured":"MITRE Corporation. 2006. CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG). https:\/\/cwe.mitre.org\/data\/definitions\/337.html"},{"key":"e_1_3_2_1_12_1","unstructured":"MITRE Corporation. 2006. CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). https:\/\/cwe.mitre.org\/data\/definitions\/338.html"},{"key":"e_1_3_2_1_13_1","unstructured":"MITRE Corporation. 2009. CWE-780: Use of RSA Algorithm without OAEP. https:\/\/cwe.mitre.org\/data\/definitions\/780.html"},{"key":"e_1_3_2_1_14_1","volume-title":"23rd { USENIX} Security Symposium ({ USENIX} Security 14). 95\u2013110.","author":"Costin Andrei","unstructured":"Andrei Costin, Jonas Zaddach, Aur\u00e9lien Francillon, and Davide Balzarotti. 2014. A large-scale analysis of the security of embedded firmwares. In 23rd { USENIX} Security Symposium ({ USENIX} Security 14). 95\u2013110."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897900"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_17_1","unstructured":"Stack Exchange. 2011. Why should one not use the same asymmetric key for encryption as they do for signing?https:\/\/security.stackexchange.com\/questions\/1806\/ why-should-one-not-use-the-same-asymmetric-key-for-encryption-as-they-do-for-sig"},{"key":"e_1_3_2_1_18_1","unstructured":"Stack Exchange. 2015. Why is HMAC-SHA1 still considered secure?https:\/\/crypto.stackexchange.com\/questions\/26510\/why-is-hmac-sha1-still-considered-secure"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 29th USENIX Security Symposium.","author":"Feng Bo","year":"2020","unstructured":"Bo Feng, Alejandro Mera, and Long Lu. 2020. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling. In Proceedings of the 29th USENIX Security Symposium."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.31"},{"key":"e_1_3_2_1_21_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Flores-Montoya Antonio","year":"2020","unstructured":"Antonio Flores-Montoya and Eric Schulte. 2020. Datalog disassembly. In 29th USENIX Security Symposium (USENIX Security 20). 1075\u20131092."},{"key":"e_1_3_2_1_22_1","unstructured":"Ghidra. 2024. Additional P-CODE Operations. https:\/\/spinsel.dev\/assets\/2020-06-17-ghidra-brainfuck-processor-1\/ghidra_docs\/language_spec\/html\/additionalpcode.html"},{"key":"e_1_3_2_1_23_1","volume-title":"NIST Report on Cryptographic Key Length and Cryptoperiod","author":"Giry Damien","year":"2020","unstructured":"Damien Giry. 2020. NIST Report on Cryptographic Key Length and Cryptoperiod (2020). https:\/\/www.keylength.com\/en\/4\/"},{"key":"e_1_3_2_1_24_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Hernandez Grant","year":"2020","unstructured":"Grant Hernandez, Dave\u00a0Jing Tian, Anurag\u00a0Swarnim Yadav, Byron\u00a0J Williams, and Kevin\u00a0RB Butler. 2020. { BigMAC} :{ Fine-Grained} Policy Analysis of Android Firmware. In 29th USENIX Security Symposium (USENIX Security 20). 271\u2013287."},{"key":"e_1_3_2_1_25_1","unstructured":"Tibor Jager Kenneth\u00a0G Paterson and Juraj Somorovsky. 2013. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography.. In NDSS."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-41540-6_23"},{"key":"e_1_3_2_1_27_1","volume-title":"SURROGATES: Enabling near-real-time dynamic analyses of embedded systems. In 9th { USENIX} Workshop on Offensive Technologies ({ WOOT} 15).","author":"Koscher Karl","year":"2015","unstructured":"Karl Koscher, Tadayoshi Kohno, and David Molnar. 2015. SURROGATES: Enabling near-real-time dynamic analyses of embedded systems. In 9th { USENIX} Workshop on Offensive Technologies ({ WOOT} 15)."},{"key":"e_1_3_2_1_28_1","volume-title":"32nd European Conference on Object-Oriented Programming (ECOOP","author":"Kr\u00fcger Stefan","year":"2018","unstructured":"Stefan Kr\u00fcger, Johannes Sp\u00e4th, Karim Ali, Eric Bodden, and Mira Mezini. 2018. Crysl: An extensible approach to validating the correct usage of cryptographic apis. In 32nd European Conference on Object-Oriented Programming (ECOOP 2018). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik."},{"key":"e_1_3_2_1_29_1","volume-title":"Binwalk: Firmware Analysis Tool. https:\/\/github.com\/ReFirmLabs\/binwalk","author":"Labs ReFirm","year":"2014","unstructured":"ReFirm Labs. 2014. Binwalk: Firmware Analysis Tool. https:\/\/github.com\/ReFirmLabs\/binwalk"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243783"},{"key":"e_1_3_2_1_31_1","volume-title":"International Conference on Network and System Security. Springer, 349\u2013362","author":"Li Yong","year":"2015","unstructured":"Yong Li, Yuanyuan Zhang, Juanru Li, and Dawu Gu. 2015. iCryptoTracer: Dynamic analysis on misuse of cryptography functions in iOS applications. In International Conference on Network and System Security. Springer, 349\u2013362."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678653"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180201"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3127005.3127010"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"e_1_3_2_1_36_1","volume-title":"Ghidra: A Software Reverse Engineering (SRE) Suite of Tools Developed by NSA. https:\/\/ghidra-sre.org\/","author":"National Security\u00a0Agency (NSA).","year":"2019","unstructured":"National Security\u00a0Agency (NSA). 2019. Ghidra: A Software Reverse Engineering (SRE) Suite of Tools Developed by NSA. https:\/\/ghidra-sre.org\/"},{"key":"e_1_3_2_1_37_1","unstructured":"National Security\u00a0Agency (NSA). 2019. P-Code Reference Manual. https:\/\/ghidra.re\/courses\/languages\/html\/pcoderef.html"},{"key":"e_1_3_2_1_38_1","unstructured":"National\u00a0Institute of Standards and Technology (NIST). 2017. Juliet Test Suite: A collection of test cases in the C\/C++ language.https:\/\/samate.nist.gov\/SARD\/testsuite.php"},{"key":"e_1_3_2_1_39_1","unstructured":"Stack Overflow. 2011. How to generate RSA private key using OpenSSL?https:\/\/stackoverflow.com\/questions\/5927164\/how-to-generate-rsa-private-key-using-openssl"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00010"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24324"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00036"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243793"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware.. In NDSS.","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2014.22"},{"key":"e_1_3_2_1_47_1","volume-title":"Periscope: An effective probing and fuzzing framework for the hardware-os boundary. In NDSS.","author":"Song Dokyung","year":"2019","unstructured":"Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, and Michael Franz. 2019. Periscope: An effective probing and fuzzing framework for the hardware-os boundary. In NDSS."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23205"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338507.3358616"},{"key":"e_1_3_2_1_50_1","unstructured":"CrypTody. 2024. Artifacts forCrypTody. https:\/\/github.com\/Ji4n1ng\/CrypTody"},{"key":"e_1_3_2_1_51_1","unstructured":"Wikipedia. 2023. Converting to SSA. https:\/\/en.wikipedia.org\/wiki\/Static_single_assignment_form#Converting_to_SSA"},{"key":"e_1_3_2_1_52_1","unstructured":"Wikipedia. 2023. Coppersmith\u2019s attack. https:\/\/en.wikipedia.org\/wiki\/Coppersmith%27s_attack"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"crossref","unstructured":"Le Yu Shiqing Ma Zhuo Zhang Guanhong Tao Xiangyu Zhang Dongyan Xu Vincent\u00a0E Urias Han\u00a0Wei Lin Gabriela\u00a0F Ciocarlie Vinod Yegneswaran 2021. ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation.. In NDSS.","DOI":"10.14722\/ndss.2021.24445"},{"key":"e_1_3_2_1_54_1","volume-title":"AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems","author":"Zaddach Jonas","year":"2014","unstructured":"Jonas Zaddach, Luca Bruno, Aurelien Francillon, Davide Balzarotti, 2014. AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems\u2019 Firmwares.. In NDSS, Vol.\u00a014. 1\u201316."},{"key":"e_1_3_2_1_55_1","volume-title":"CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID","author":"Zhang Li","year":"2019","unstructured":"Li Zhang, Jiongyi Chen, Wenrui Diao, Shanqing Guo, Jian Weng, and Kehuan Zhang. 2019. CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019). 151\u2013164."},{"key":"e_1_3_2_1_56_1","volume-title":"UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Zhao Binbin","year":"2023","unstructured":"Binbin Zhao, Shouling Ji, Xuhong Zhang, Yuan Tian, Qinying Wang, Yuwen Pu, Chenyang Lyu, and Raheem Beyah. 2023. UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware. In 32nd USENIX Security Symposium (USENIX Security 23). 3421\u20133438."},{"key":"e_1_3_2_1_57_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. 2019. FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation. In 28th USENIX Security Symposium (USENIX Security 19). 1099\u20131114."}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Padua Italy","acronym":"RAID '24"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678914","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3678914","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678914"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":57,"alternative-id":["10.1145\/3678890.3678914","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3678914","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}