{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:05:24Z","timestamp":1750309524816,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,6,11]],"date-time":"2025-06-11T00:00:00Z","timestamp":1749600000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Acquisition, Technology & Logistics Agency (ATLA)","award":["JPJ004596"],"award-info":[{"award-number":["JPJ004596"]}]},{"name":"New Energy and Industrial Technology Development Organization (NEDO)","award":["JPNP24003"],"award-info":[{"award-number":["JPNP24003"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,25]]},"DOI":"10.1145\/3713081.3731719","type":"proceedings-article","created":{"date-parts":[[2025,6,6]],"date-time":"2025-06-06T17:20:36Z","timestamp":1749230436000},"page":"105-115","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Shepherd: High-Precision Coverage Inference for Response-guided Blackbox Fuzzing (Registered Report)"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-8519-0979","authenticated-orcid":false,"given":"Takuya","family":"Shimizu","sequence":"first","affiliation":[{"name":"Ricerca Security, Inc., Tokyo, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-9280-0047","authenticated-orcid":false,"given":"Ryuichi","family":"Yoshizawa","sequence":"additional","affiliation":[{"name":"Ricerca Security, Inc., Tokyo, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7326-1031","authenticated-orcid":false,"given":"Kaoru","family":"Otsuka","sequence":"additional","affiliation":[{"name":"Ricerca Security, Inc., Tokyo, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-2784-7642","authenticated-orcid":false,"given":"Yudai","family":"Fujiwara","sequence":"additional","affiliation":[{"name":"Ricerca Security, Inc., Tokyo, Zaire"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-2805-5605","authenticated-orcid":false,"given":"Yuichi","family":"Sugiyama","sequence":"additional","affiliation":[{"name":"Ricerca Security, Inc., Tokyo, Japan"}]}],"member":"320","published-online":{"date-parts":[[2025,6,11]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"USENIX Security Symposium. 2759\u20132776","author":"Aafer Yousra","year":"2021","unstructured":"Yousra Aafer, Wei You, Yi Sun, Yu Shi, Xiangyu Zhang, and Heng Yin. 2021. Android SmartTVs vulnerability discovery via log-guided fuzzing. In USENIX Security Symposium. 2759\u20132776."},{"key":"e_1_3_2_1_2_1","volume-title":"Corasick","author":"Aho Alfred V.","year":"1975","unstructured":"Alfred V. Aho and Margaret J. Corasick. 1975. Efficient string matching: an aid to bibliographic search. 18, 6 (1975), 333\u2013340."},{"key":"e_1_3_2_1_3_1","volume-title":"2022 IEEE Conference on Software Testing, Verification and Validation (ICST). 302\u2013311","author":"Asprone Dario","year":"2022","unstructured":"Dario Asprone, Jonathan Metzman, Abhishek Arya, Giovani Guizzo, and Federica Sarro. 2022. Comparing Fuzzers on a Level Playing Field with FuzzBench. In 2022 IEEE Conference on Software Testing, Verification and Validation (ICST). 302\u2013311."},{"key":"e_1_3_2_1_4_1","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS). 1032\u20131043","author":"B\u00f6hme Marcel","year":"2016","unstructured":"Marcel B\u00f6hme, Van-Thuan Pham, and Abhik Roychoudhury. 2016. Coverage-based Greybox Fuzzing as Markov Chain. In ACM SIGSAC Conference on Computer and Communications Security (CCS). 1032\u20131043."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the International Conference on Software Engineering (ICSE). 1621\u20131633","author":"B\u00f6hme Marcel","year":"2022","unstructured":"Marcel B\u00f6hme, L\u00e1szl\u00f3 Szekeres, and Jonathan Metzman. 2022. On the Reliability of Coverage-Based Fuzzer Benchmarking. In Proceedings of the International Conference on Software Engineering (ICSE). 1621\u20131633."},{"key":"e_1_3_2_1_6_1","volume-title":"Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In The Network and Distributed System Security Symposium (NDSS).","author":"Chen Daming D","year":"2016","unstructured":"Daming D Chen, Manuel Egele, Maverick Woo, and David Brumley. 2016. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In The Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_7_1","volume-title":"IOTFUZZER: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In The Network and Distributed System Security Symposium (NDSS).","author":"Chen Jiongyi","year":"2018","unstructured":"Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IOTFUZZER: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In The Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_8_1","volume-title":"USENIX Security Symposium. 1201\u20131218","author":"Clements Abraham A","year":"2020","unstructured":"Abraham A Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer. 2020. HALucinator: Firmware re-hosting through abstraction layer emulation. In USENIX Security Symposium. 1201\u20131218."},{"key":"e_1_3_2_1_9_1","volume-title":"USENIX Security Symposium. 95\u2013110","author":"Costin Andrei","year":"2014","unstructured":"Andrei Costin, Jonas Zaddach, Aur\u00e9lien Francillon, and Davide Balzarotti. 2014. A large-scale analysis of the security of embedded firmwares. In USENIX Security Symposium. 95\u2013110."},{"key":"e_1_3_2_1_10_1","volume-title":"ACM Asia Conference on Computer and Communications Security (AsiaCCS). 437\u2013448","author":"Costin Andrei","year":"2016","unstructured":"Andrei Costin, Apostolis Zarras, and Aur\u00e9lien Francillon. 2016. Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In ACM Asia Conference on Computer and Communications Security (AsiaCCS). 437\u2013448."},{"key":"e_1_3_2_1_11_1","volume-title":"ACM Asia Conference on Computer and Communications Security (AsiaCCS). 687\u2013701","author":"Fasano Andrew","year":"2021","unstructured":"Andrew Fasano, Tiemoko Ballo, Marius Muench, Tim Leek, Alexander Bulekov, Brendan Dolan-Gavitt, Manuel Egele, Aur\u00e9lien Francillon, Long Lu, Nick Gregory, et al. 2021. Sok: Enabling security analyses of embedded systems via rehosting. In ACM Asia Conference on Computer and Communications Security (AsiaCCS). 687\u2013701."},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Security Symposium. 1237\u20131254","author":"Feng Bo","year":"2020","unstructured":"Bo Feng, Alejandro Mera, and Long Lu. 2020. P2IM: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In USENIX Security Symposium. 1237\u20131254."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484543"},{"key":"e_1_3_2_1_14_1","volume-title":"USENIX Security Symposium. 2577\u20132594","author":"Gan Shuitao","year":"2020","unstructured":"Shuitao Gan, Chao Zhang, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, and Zuoning Chen. 2020. GREYONE: Data flow sensitive fuzzing. In USENIX Security Symposium. 2577\u20132594."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.04.001"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2834476"},{"key":"e_1_3_2_1_18_1","volume-title":"Labrador: Response Guided Directed Fuzzing for Black-box IoT Devices. In IEEE Symposium on Security and Privacy (S&P). 1920\u20131938","author":"Liu Hangtian","year":"2024","unstructured":"Hangtian Liu, Shuitao Gan, Chao Zhang, Zicong Gao, Hongqi Zhang, Xiangzhi Wang, and Guangming Gao. 2024. Labrador: Response Guided Directed Fuzzing for Black-box IoT Devices. In IEEE Symposium on Security and Privacy (S&P). 1920\u20131938."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1064978.1065034"},{"key":"e_1_3_2_1_20_1","volume-title":"USENIX Security Symposium. 1949\u20131966","author":"Lyu Chenyang","year":"2019","unstructured":"Chenyang Lyu, Shouling Ji, Chao Zhang, Yuwei Li, Wei-Han Lee, Yu Song, and Raheem Beyah. 2019. MOPT: Optimized mutation scheduling for fuzzers. In USENIX Security Symposium. 1949\u20131966."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2946563"},{"volume-title":"Introduction to Information Retrieval","author":"Manning Christopher D","key":"e_1_3_2_1_22_1","unstructured":"Christopher D Manning, Prabhakar Raghavan, and Hinrich Sch\u00fctze. 2008. Introduction to Information Retrieval. Cambridge University Press."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the International Conference on Software Engineering (ICSE). 1024\u20131036","author":"Man\u00e8s Valentin J.M.","year":"2020","unstructured":"Valentin J.M. Man\u00e8s, Soomin Kim, and Sang Kil Cha. 2020. Ankou: Guiding Grey-box Fuzzing towards Combinatorial Difference. In Proceedings of the International Conference on Software Engineering (ICSE). 1024\u20131036."},{"key":"e_1_3_2_1_24_1","unstructured":"A Moroo and Y Sugiyama. 2021. ARMored coresight: Towards efficient binary-only fuzzing."},{"key":"e_1_3_2_1_25_1","volume-title":"NDSS Binary Analysis Research Workshop.","author":"Muench Marius","year":"2018","unstructured":"Marius Muench, Dario Nisi, Aur\u00e9lien Francillon, and Davide Balzarotti. 2018. Avatar2: A Multi-Target Orchestration Platform. In NDSS Binary Analysis Research Workshop."},{"key":"e_1_3_2_1_26_1","volume-title":"What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. In The Network and Distributed System Security Symposium (NDSS).","author":"Muench Marius","year":"2018","unstructured":"Marius Muench, Jan Stijohann, Frank Kargl, Aur\u00e9lien Francillon, and Davide Balzarotti. 2018. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. In The Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_27_1","unstructured":"N. S. Agency. 2025. Ghidra. https:\/\/ghidra-sre.org\/. (Accessed 01-19-2025)."},{"key":"e_1_3_2_1_28_1","volume-title":"USENIX Workshop on Offensive Technologies (WOOT 17)","author":"Obermaier Johannes","year":"2017","unstructured":"Johannes Obermaier and Stefan Tatschner. 2017. Shedding too much light on a microcontroller's firmware protection. In USENIX Workshop on Offensive Technologies (WOOT 17)."},{"key":"e_1_3_2_1_29_1","volume-title":"Reverse engineering flash memory for fun and benefit. Blackhat US","author":"Jeong Wook Oh.","year":"2014","unstructured":"Jeong Wook Oh. 2014. Reverse engineering flash memory for fun and benefit. Blackhat US (2014)."},{"key":"e_1_3_2_1_30_1","first-page":"1980","article-title":"Smart Greybox Fuzzing","volume":"47","author":"Pham V.","year":"2021","unstructured":"V. Pham, M. Bohme, A. E. Santosa, A. Caciulescu, and A. Roychoudhury. 2021. Smart Greybox Fuzzing. IEEE Transactions on Software Engineering 47, 09 (2021), 1980\u20131997.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_1_31_1","volume-title":"IEEE International Conference on Software Testing, Validation and Verification (ICST). 460\u2013465","author":"Pham Van-Thuan","year":"2020","unstructured":"Van-Thuan Pham, Marcel B\u00f6hme, and Abhik Roychoudhury. 2020. Aflnet: A greybox fuzzer for network protocols. In IEEE International Conference on Software Testing, Validation and Verification (ICST). 460\u2013465."},{"key":"e_1_3_2_1_32_1","volume-title":"IEEE Symposium on Security and Privacy (S&P). 484\u2013500","author":"Redini Nilo","year":"2021","unstructured":"Nilo Redini, Andrea Continella, Dipanjan Das, Giulio De Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna. 2021. Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices. In IEEE Symposium on Security and Privacy (S&P). 484\u2013500."},{"key":"e_1_3_2_1_33_1","volume-title":"USENIX Security Symposium. 1239\u20131256","author":"Scharnowski Tobias","year":"2022","unstructured":"Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi. 2022. Fuzzware: Using precise MMIO modeling for effective firmware fuzzing. In USENIX Security Symposium. 1239\u20131256."},{"key":"e_1_3_2_1_34_1","volume-title":"IEEE Symposium on Security and Privacy (S&P). IEEE","author":"Schloegel Moritz","year":"2024","unstructured":"Moritz Schloegel, Nils Bars, Nico Schiller, Lukas Bernhard, Tobias Scharnowski, Addison Crump, Arash Ale-Ebrahim, Nicolai Bissantz, Marius Muench, and Thorsten Holz. 2024. Sok: Prudent evaluation practices for fuzzing. In IEEE Symposium on Security and Privacy (S&P). IEEE, 1974\u20131993."},{"key":"e_1_3_2_1_35_1","volume-title":"USENIX Security Symposium.","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. 2017. kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels. In USENIX Security Symposium."},{"key":"e_1_3_2_1_36_1","volume-title":"libFuzzer-a library for coverage-guided fuzz testing. LLVM project","author":"Serebryany Kostya","year":"2015","unstructured":"Kostya Serebryany. 2015. libFuzzer-a library for coverage-guided fuzz testing. LLVM project (2015), 34."},{"key":"e_1_3_2_1_37_1","volume-title":"USENIX Security Symposium.","author":"Serebryany Kostya","year":"2017","unstructured":"Kostya Serebryany. 2017. OSS-Fuzz - Google's continuous fuzzing service for open source software. In USENIX Security Symposium."},{"key":"e_1_3_2_1_38_1","volume-title":"The Network and Distributed System Security Symposium (NDSS '16","volume":"16","author":"Stephens Nick","year":"2016","unstructured":"Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting fuzzing through selective symbolic execution.. In The Network and Distributed System Security Symposium (NDSS '16, Vol. 16). 1\u201316."},{"key":"e_1_3_2_1_39_1","volume-title":"SurgeFuzz: Surge-Aware Directed Fuzzing for CPU Designs. In 2023 IEEE\/ACM International Conference on Computer Aided Design (ICCAD). 1\u20139.","author":"Sugiyama Yuichi","year":"2023","unstructured":"Yuichi Sugiyama, Reoma Matsuo, and Ryota Shioya. 2023. SurgeFuzz: Surge-Aware Directed Fuzzing for CPU Designs. In 2023 IEEE\/ACM International Conference on Computer Aided Design (ICCAD). 1\u20139."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Martin Szydlowski Manuel Egele Christopher Kr\u00fcgel and Giovanni Vigna. 2011. Challenges for Dynamic Analysis of iOS Applications. In Open Research Problems in Network Security.","DOI":"10.1007\/978-3-642-27585-2_6"},{"key":"e_1_3_2_1_41_1","volume-title":"International Conference on Smart Card Research and Advanced Applications. 171\u2013185","author":"Vasile Sebastian","year":"2018","unstructured":"Sebastian Vasile, David Oswald, and Tom Chothia. 2018. Breaking all the things\u2014A systematic survey of firmware extraction techniques for IoT devices. In International Conference on Smart Card Research and Advanced Applications. 171\u2013185."},{"key":"e_1_3_2_1_42_1","volume-title":"IEEE\/ACM International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). 328\u2013337","author":"Wang Mingzhe","year":"2021","unstructured":"Mingzhe Wang, Zhiyong Wu, Xinyi Xu, Jie Liang, Chijin Zhou, Huafeng Zhang, and Yu Jiang. 2021. Industry practice of coverage-guided enterprise-level DBMS fuzzing. In IEEE\/ACM International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). 328\u2013337."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the International Conference on Software Engineering (ICSE). 26\u201336","author":"Wang Pei","year":"2018","unstructured":"Pei Wang, Qinkun Bao, Li Wang, Shuai Wang, Zhaofeng Chen, Tao Wei, and Dinghao Wu. 2018. Software protection on the go: A large-scale empirical study on mobile app obfuscation. In Proceedings of the International Conference on Software Engineering (ICSE). 26\u201336."},{"key":"e_1_3_2_1_44_1","volume-title":"SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices. IEEE Symposium on Security and Privacy (S&P)","author":"Wang Qinying","year":"2023","unstructured":"Qinying Wang, Bo-Eun Chang, Shouling Ji, Yuan Tian, Xuhong Zhang, Binbin Zhao, Gaoning Pan, Chenyang Lyu, Mathias Payer, Wenhai Wang, and Raheem A. Beyah. 2023. SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices. IEEE Symposium on Security and Privacy (S&P) (2023), 2310\u20132387."},{"key":"e_1_3_2_1_45_1","volume-title":"USENIX Security Symposium. 5627\u20135644","author":"Wu Yuhao","year":"2024","unstructured":"Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, and Ning Zhang. 2024. Your firmware has arrived: A study of firmware update vulnerabilities. In USENIX Security Symposium. 5627\u20135644."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538644"},{"key":"e_1_3_2_1_47_1","unstructured":"Micha\u0142 Zalewski. 2016. American Fuzzy Lop-Whitepaper. https:\/\/lcamtuf.coredump.cx\/afl\/technical_details.txt. (2016)."},{"key":"e_1_3_2_1_48_1","volume-title":"USENIX Security Symposium. 1099\u20131114","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. 2019. FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation. In USENIX Security Symposium. 1099\u20131114."},{"key":"e_1_3_2_1_49_1","volume-title":"USENIX Security Symposium. 2007\u20132024","author":"Zhou Wei","year":"2021","unstructured":"Wei Zhou, Le Guan, Peng Liu, and Yuqing Zhang. 2021. Automatic firmware emulation through invalidity-guided knowledge inference. In USENIX Security Symposium. 2007\u20132024."},{"key":"e_1_3_2_1_50_1","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS). 2169\u20132182","author":"Zhu Xiaogang","year":"2021","unstructured":"Xiaogang Zhu and Marcel B\u00f6hme. 2021. Regression greybox fuzzing. In ACM SIGSAC Conference on Computer and Communications Security (CCS). 2169\u20132182."},{"key":"e_1_3_2_1_51_1","first-page":"1","article-title":"Fuzzing","volume":"54","author":"Zhu Xiaogang","year":"2022","unstructured":"Xiaogang Zhu, Sheng Wen, Seyit Camtepe, and Yang Xiang. 2022. Fuzzing: A Survey for Roadmap. Comput. Surveys 54, 11s (2022), 1\u201336.","journal-title":"A Survey for Roadmap. Comput. Surveys"}],"event":{"name":"ISSTA Companion '25: 34th ACM SIGSOFT International Symposium on Software Testing and Analysis","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"],"location":"Clarion Hotel Trondheim Trondheim Norway","acronym":"ISSTA Companion '25"},"container-title":["Proceedings of the 34th ACM SIGSOFT International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3713081.3731719","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:09Z","timestamp":1750295889000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3713081.3731719"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,11]]},"references-count":51,"alternative-id":["10.1145\/3713081.3731719","10.1145\/3713081"],"URL":"https:\/\/doi.org\/10.1145\/3713081.3731719","relation":{},"subject":[],"published":{"date-parts":[[2025,6,11]]},"assertion":[{"value":"2025-06-11","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}