{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,12]],"date-time":"2025-09-12T19:28:18Z","timestamp":1757705298286,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,27]],"date-time":"2024-10-27T00:00:00Z","timestamp":1729987200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"DARPA","award":["N66001-22-2-4037"],"award-info":[{"award-number":["N66001-22-2-4037"]}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CCF-2008660","CCF-1901098"],"award-info":[{"award-number":["CCF-2008660","CCF-1901098"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Amazon","award":["Amazon Research Award"],"award-info":[{"award-number":["Amazon Research Award"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,27]]},"DOI":"10.1145\/3691620.3695543","type":"proceedings-article","created":{"date-parts":[[2024,10,18]],"date-time":"2024-10-18T15:39:19Z","timestamp":1729265959000},"page":"1783-1794","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["STASE: Static Analysis Guided Symbolic Execution for UEFI Vulnerability Signature Generation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1649-2906","authenticated-orcid":false,"given":"Md","family":"Shafiuzzaman","sequence":"first","affiliation":[{"name":"University of California, Santa Barbara, Santa Barbara, California, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-0228-0069","authenticated-orcid":false,"given":"Achintya","family":"Desai","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara, Santa Barbara, California, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4793-7859","authenticated-orcid":false,"given":"Laboni","family":"Sarker","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara, Santa Barbara, California, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2993-1215","authenticated-orcid":false,"given":"Tevfik","family":"Bultan","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara, Santa Barbara, California, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,10,27]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Cia vault 7 data leak: What do we know now? https:\/\/www.infosecinstitute.com\/resources\/hacking\/cia-vault-7-data-leak-know-since-now\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Conti leaks reveal ransomware gang's interest in firmware-based attacks. https:\/\/thehackernews.com\/2022\/06\/conti-leaks-reveal-ransomware-gangs.html."},{"key":"e_1_3_2_1_3_1","unstructured":"Cosmicstrand: the discovery of a sophisticated uefi firmware rootkit. https:\/\/securelist.com\/cosmicstrand-uefi-firmware-rootkit\/106973\/."},{"key":"e_1_3_2_1_4_1","unstructured":"A deeper uefi dive into moonbounce. https:\/\/www.binarly.io\/blog\/a-deeper-uefi-dive-into-moonbounce."},{"key":"e_1_3_2_1_5_1","unstructured":"Finspy: the ultimate spying tool. https:\/\/usa.kaspersky.com\/blog\/finspy-for-windows-macos-linux\/25559\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Hacking team spyware preloaded with uefi bios rootkit to hide itself. https:\/\/thehackernews.com\/2015\/07\/hacking-uefi-bios-rootkit.html."},{"key":"e_1_3_2_1_7_1","unstructured":"Lojax uefi rootkit overview. https:\/\/h20195.www2.hp.com\/v2\/GetDocument.aspx?docname=4AA7-4019ENW."},{"key":"e_1_3_2_1_8_1","unstructured":"Malware delivery through uefi bootkit with mosaicregressor. https:\/\/usa.kaspersky.com\/blog\/mosaicregressor-uefi-malware\/23419\/."},{"key":"e_1_3_2_1_9_1","unstructured":"Mebromi bios rootkit. https:\/\/digital.nhs.uk\/cyber-alerts\/2018\/cc-2565."},{"key":"e_1_3_2_1_10_1","unstructured":"The reference manual for the kquery language. https:\/\/klee-se.org\/docs\/kquery\/."},{"key":"e_1_3_2_1_11_1","unstructured":"Trickbot malware gets uefi\/bios bootkit feature to remain undetected. https:\/\/thehackernews.com\/2020\/12\/trickbot-malware-gets-uefibios-bootkit.html."},{"key":"e_1_3_2_1_12_1","unstructured":"Uefi threats moving to the esp: Introducing especter bootkit. https:\/\/www.welivesecurity.com\/2021\/10\/05\/uefi-threats-moving-esp-introducing-especter-bootkit\/."},{"key":"e_1_3_2_1_13_1","unstructured":"Klee 3.0 2023."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2566620"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53413-7_5"},{"key":"e_1_3_2_1_17_1","volume-title":"cclyzer++: Scalable and precise pointer analysis for llvm. https:\/\/galois.com\/blog\/2022\/08\/cclyzer-scalable-and-precise-pointer-analysis-for-llvm\/","author":"Barrett L.","year":"2022","unstructured":"L. Barrett and S. Moore. cclyzer++: Scalable and precise pointer analysis for llvm. https:\/\/galois.com\/blog\/2022\/08\/cclyzer-scalable-and-precise-pointer-analysis-for-llvm\/, 2022."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/FRUCT.2013.6737940"},{"key":"e_1_3_2_1_19_1","volume-title":"Symbolic execution for BIOS security","author":"Bazhaniuk O.","year":"2015","unstructured":"O. Bazhaniuk, J. Loucaides, L. Rosenbaum, M. R. Tuttle, and V. Zimmer. Symbolic execution for BIOS security. In WOOT. USENIX Association, 2015."},{"key":"e_1_3_2_1_20_1","first-page":"199","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Brown F.","year":"2020","unstructured":"F. Brown, D. Stefan, and D. Engler. Sys: A {Static\/Symbolic} tool for finding good bugs in good (browser) code. In 29th USENIX Security Symposium (USENIX Security 20), pages 199--216, 2020."},{"key":"e_1_3_2_1_21_1","first-page":"199","volume-title":"USENIX Security Symposium","author":"Brown F.","year":"2020","unstructured":"F. Brown, D. Stefan, and D. R. Engler. Sys: A static\/symbolic tool for finding good bugs in good (browser) code. In USENIX Security Symposium, pages 199--216. USENIX Association, 2020."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534384"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-99527-0_32"},{"key":"e_1_3_2_1_24_1","first-page":"1713","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Christensen J.","year":"2020","unstructured":"J. Christensen, I. M. Anghel, R. Taglang, M. Chiroiu, and R. Sion. {DECAF}: Automatic, adaptive de-bloating and hardening of {COTS} firmware. In 29th USENIX Security Symposium (USENIX Security 20), pages 1713--1730, 2020."},{"key":"e_1_3_2_1_25_1","first-page":"2010","volume-title":"The smt-libv2 language and tools: A tutorial. Language c","author":"Cok D. R.","year":"2011","unstructured":"D. R. Cok et al. The smt-libv2 language and tools: A tutorial. Language c, pages 2010--2011, 2011."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/75277.75280"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/1792734.1792766"},{"key":"e_1_3_2_1_28_1","unstructured":"J. Engblom. Finding bios vulnerabilities with symbolic execution and virtual platforms. Last-updated: 06\/07\/2019."},{"key":"e_1_3_2_1_29_1","unstructured":"U. Forum. Uefi specifications. https:\/\/uefi.org\/specifications."},{"key":"e_1_3_2_1_30_1","first-page":"68","volume-title":"Proceedings, Part II 24","author":"Garmany B.","year":"2019","unstructured":"B. Garmany, M. Stoffel, R. Gawlik, and T. Holz. Static detection of uninitialized stack variables in binary code. In Computer Security-ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23--27, 2019, Proceedings, Part II 24, pages 68--87. Springer, 2019."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/77606.77608"},{"key":"e_1_3_2_1_32_1","first-page":"422","volume-title":"Computer Aided Verification: 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17--23, 2016, Proceedings, Part II 28","author":"Jordan H.","year":"2016","unstructured":"H. Jordan, B. Scholz, and P. Suboti\u0107. Souffl\u00e9: On synthesis of program analyzers. In Computer Aided Verification: 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17--23, 2016, Proceedings, Part II 28, pages 422--430. Springer, 2016."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2023.3237981"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the RSA Conference","author":"Kovah X.","year":"2015","unstructured":"X. Kovah and C. Kallenberg. Are you giving firmware attackers a free pass. In Proceedings of the RSA Conference, San Francisco, CA, USA, pages 20--24, 2015."},{"volume-title":"BlackLotus UEFI Windows Bootkit. https:\/\/github.com\/ldpreload\/BlackLotus\/","year":"2022","key":"e_1_3_2_1_35_1","unstructured":"ldpreload Yukari. BlackLotus UEFI Windows Bootkit. https:\/\/github.com\/ldpreload\/BlackLotus\/, 2022."},{"key":"e_1_3_2_1_36_1","unstructured":"B. Mullen. Vulnerability management in uefi. https:\/\/uefi.org\/sites\/default\/files\/resources\/Vulnerability%20Management%20in%20UEFI_Mullen.pdf."},{"key":"e_1_3_2_1_37_1","volume-title":"Exploiting ami aptio firmware on example of intel nuc","author":"Oleksiuk D.","year":"2016","unstructured":"D. Oleksiuk. Exploiting ami aptio firmware on example of intel nuc, 2016."},{"key":"e_1_3_2_1_38_1","volume-title":"https:\/\/github.com\/Cr4sh\/ThinkPwn\/","author":"Oleksiuk D.","year":"2022","unstructured":"D. Oleksiuk. Thinkpwn. https:\/\/github.com\/Cr4sh\/ThinkPwn\/, 2022."},{"key":"e_1_3_2_1_39_1","unstructured":"Quarkslab. Pixiefail: Nine vulnerabilities in tianocore's edk ii ipv6 network stack. https:\/\/blog.quarkslab.com\/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html."},{"key":"e_1_3_2_1_40_1","volume-title":"Intel","author":"Richardson B.","year":"2019","unstructured":"B. Richardson, C. Wu, J. Yao, and V. J. Zimmer. Using host-based firware analysis to improve platform resiliency. Technical report, Intel, 2019."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-09484-2_6"},{"key":"e_1_3_2_1_42_1","unstructured":"Souffle-Lang. Github - souffle-lang\/souffle: Souffl\u00e9 is a variant of datalog for tool designers crafting analyses in horn clauses."},{"key":"e_1_3_2_1_43_1","unstructured":"Statista. Global shipments of personal computers. https:\/\/www.statista.com\/statistics\/273495\/global-shipments-of-personal-computers-since-2006\/."},{"key":"e_1_3_2_1_44_1","unstructured":"tianocore. Edk ii. https:\/\/github.com\/tianocore\/tianocore.github.io\/wiki\/EDK-II."},{"key":"e_1_3_2_1_45_1","first-page":"316","volume-title":"Verification and Validation. Industrial Practice: 8th International Symposium, ISoLA 2018, Limassol, Cyprus, November 5--9, 2018, Proceedings, Part IV 8","author":"Tsankov P.","year":"2018","unstructured":"P. Tsankov. Security analysis of smart contracts in datalog. In Leveraging Applications of Formal Methods, Verification and Validation. Industrial Practice: 8th International Symposium, ISoLA 2018, Limassol, Cyprus, November 5--9, 2018, Proceedings, Part IV 8, pages 316--322. Springer, 2018."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1984.5010248"},{"key":"e_1_3_2_1_47_1","volume-title":"Proc. 15th Annu. CanSecWest Conf.(CanSecWest)","author":"Wojtczuk R.","year":"2015","unstructured":"R. Wojtczuk and C. Kallenberg. Attacks on uefi security. In Proc. 15th Annu. CanSecWest Conf.(CanSecWest), 2015."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18072.2020.9218694"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179421"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833723"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103656.2103709"}],"event":{"name":"ASE '24: 39th IEEE\/ACM International Conference on Automated Software Engineering","sponsor":["SIGAI ACM Special Interest Group on Artificial Intelligence","SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"],"location":"Sacramento CA USA","acronym":"ASE '24"},"container-title":["Proceedings of the 39th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3691620.3695543","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3691620.3695543","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3691620.3695543","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:09:39Z","timestamp":1750295379000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3691620.3695543"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,27]]},"references-count":50,"alternative-id":["10.1145\/3691620.3695543","10.1145\/3691620"],"URL":"https:\/\/doi.org\/10.1145\/3691620.3695543","relation":{},"subject":[],"published":{"date-parts":[[2024,10,27]]},"assertion":[{"value":"2024-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}