{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,2]],"date-time":"2026-03-02T12:50:30Z","timestamp":1772455830004,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,11,22]],"date-time":"2026-11-22T00:00:00Z","timestamp":1795305600000},"content-version":"vor","delay-in-days":368,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100000781","name":"European Research Council","doi-asserted-by":"publisher","award":["101045669"],"award-info":[{"award-number":["101045669"]}],"id":[{"id":"10.13039\/501100000781","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2232915, 2146568, 2442984, 2247954"],"award-info":[{"award-number":["2232915, 2146568, 2442984, 2247954"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Advanced Research Projects Agency - Health","award":["SP4701-23-C-0074"],"award-info":[{"award-number":["SP4701-23-C-0074"]}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["EXC 2092 CASA - 390781972"],"award-info":[{"award-number":["EXC 2092 CASA - 390781972"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765125","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:33:16Z","timestamp":1763854396000},"page":"4484-4498","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-0138-279X","authenticated-orcid":false,"given":"Moritz","family":"Bley","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-3944-9494","authenticated-orcid":false,"given":"Tobias","family":"Scharnowski","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-8480-8016","authenticated-orcid":false,"given":"Simon","family":"W\u00f6rner","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1630-1687","authenticated-orcid":false,"given":"Moritz","family":"Schloegel","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2783-1264","authenticated-orcid":false,"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Security and Privacy, Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"USENIX Security Symposium","author":"Aafer Yousra","year":"2021","unstructured":"Yousra Aafer, Wei You, Yi Sun, Yu Shi, Xiangyu Zhang, and Heng Yin. Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing. In USENIX Security Symposium, 2021."},{"key":"e_1_3_2_1_2_1","volume-title":"James C Davis. Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)","author":"Amusuo Paschal C","year":"2023","unstructured":"Paschal C Amusuo, Ricardo Andr\u00e9s Calvo M\u00e9ndez, Zhongwei Xu, Aravind Machiry, and James C Davis. Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks. In ACM\/IEEE International Conference on Automated Software Engineering (ASE), 2023."},{"key":"e_1_3_2_1_3_1","volume-title":"Abhik Roychoudhury. Stateful Greybox Fuzzing. In USENIX Security Symposium","author":"Ba Jinsheng","year":"2022","unstructured":"Jinsheng Ba, Marcel B\u00f6hme, Zahra Mirzamomen, and Abhik Roychoudhury. Stateful Greybox Fuzzing. In USENIX Security Symposium, 2022."},{"key":"e_1_3_2_1_4_1","volume-title":"ACM Conference on Computer and Communications Security (CCS)","author":"Bars Nils","year":"2024","unstructured":"Nils Bars, Moritz Schloegel, Nico Schiller, Lukas Bernhard, and Thorsten Holz. No Peer, no Cry: Network Application Fuzzing via Fault Injection. In ACM Conference on Computer and Communications Security (CCS), 2024."},{"key":"e_1_3_2_1_5_1","volume-title":"Fast and Portable Dynamic Translator. In USENIX Annual Technical Conference (ATC)","author":"Bellard Fabrice","year":"2005","unstructured":"Fabrice Bellard. QEMU, a Fast and Portable Dynamic Translator. In USENIX Annual Technical Conference (ATC), 2005."},{"key":"e_1_3_2_1_6_1","volume-title":"Technical Report: Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks. Technical Report 2509.13740, arXiv","author":"Bley Moritz","year":"2025","unstructured":"Moritz Bley, Tobias Scharnowski, Simon W\u00f6rner, Moritz Schloegel, and Thorsten Holz. Technical Report: Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks. Technical Report 2509.13740, arXiv, 2025. https:\/\/arxiv.org\/abs\/2509.13740."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427280"},{"key":"e_1_3_2_1_8_1","volume-title":"Manuel Egele. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In Symposium on Network and Distributed System Security (NDSS)","author":"Chen Daming D","year":"2016","unstructured":"Daming D Chen, Maverick Woo, David Brumley, and Manuel Egele. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In Symposium on Network and Distributed System Security (NDSS), 2016."},{"key":"e_1_3_2_1_9_1","volume-title":"Kehuan Zhang. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In Symposium on Network and Distributed System Security (NDSS)","author":"Chen Jiongyi","year":"2018","unstructured":"Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In Symposium on Network and Distributed System Security (NDSS), 2018."},{"key":"e_1_3_2_1_10_1","volume-title":"Damith C Ranasinghe. MultiFuzz: A Multi-Stream Fuzzer For Testing Monolithic Firmware. In USENIX Security Symposium","author":"Chesser Michael","year":"2024","unstructured":"Michael Chesser, Surya Nepal, and Damith C Ranasinghe. MultiFuzz: A Multi-Stream Fuzzer For Testing Monolithic Firmware. In USENIX Security Symposium, 2024."},{"key":"e_1_3_2_1_11_1","volume-title":"Mathias Payer. HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation. In USENIX Security Symposium","author":"Clements Abraham A.","year":"2020","unstructured":"Abraham A. Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer. HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation. In USENIX Security Symposium, 2020."},{"key":"e_1_3_2_1_12_1","unstructured":"Contiki-NG Team. Contiki-NG: The OS for Next Generation IoT Devices. https:\/\/github.com\/contiki-ng\/contiki-ng as of today."},{"key":"e_1_3_2_1_13_1","volume-title":"AIM: Automatic Interrupt Modeling for Dynamic Firmware Analysis","author":"Feng Bo","year":"2023","unstructured":"Bo Feng, Meng Luo, Changming Liu, Long Lu, and Engin Kirda. AIM: Automatic Interrupt Modeling for Dynamic Firmware Analysis. IEEE Transactions on Dependable and Secure Computing, 2023."},{"key":"e_1_3_2_1_14_1","volume-title":"USENIX Security Symposium","author":"Feng Bo","year":"2020","unstructured":"Bo Feng, Alejandro Mera, and Long Lu. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling. In USENIX Security Symposium, 2020."},{"key":"e_1_3_2_1_15_1","volume-title":"Marc Heuse. AFL: Combining Incremental Steps of Fuzzing Research. In USENIX Workshop on Offensive Technologies (WOOT)","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. AFL: Combining Incremental Steps of Fuzzing Research. In USENIX Workshop on Offensive Technologies (WOOT), 2020."},{"issue":"11","key":"e_1_3_2_1_16_1","volume":"39","author":"Gao Jian","year":"2020","unstructured":"Jian Gao, Yiwen Xu, Yu Jiang, Zhe Liu, Wanli Chang, Xun Jiao, and Jiaguang Sun. Em-fuzz: Augmented Firmware Fuzzing via Memory Checking. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 39(11), 2020.","journal-title":"Memory Checking. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems"},{"key":"e_1_3_2_1_17_1","volume-title":"Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology. sensors, 12(9)","author":"Gomez Carles","year":"2012","unstructured":"Carles Gomez, Joaquim Oller, and Josep Paradells. Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology. sensors, 12(9), 2012."},{"key":"e_1_3_2_1_18_1","volume-title":"Green and Thanassis Avgerinos. GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)","author":"Harrison","year":"2022","unstructured":"Harrison Green and Thanassis Avgerinos. GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs. In ACM\/IEEE International Conference on Automated Software Engineering (ASE), 2022."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/515384"},{"key":"e_1_3_2_1_20_1","volume-title":"Kevin Butler. FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware. In Symposium on Network and Distributed System Security (NDSS)","author":"Hernandez Grant","year":"2022","unstructured":"Grant Hernandez, Marius Muench, Dominik Maier, Alyssa Milburn, Shinjo Park, Tobias Scharnowski, Tyler Tucker, Patrick Traynor, and Kevin Butler. FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware. In Symposium on Network and Distributed System Security (NDSS), 2022."},{"key":"e_1_3_2_1_21_1","volume-title":"Wolfgang Kastner. Prospect: Peripheral Proxying Supported Embedded Code Testing. In ACM Symposium on Information, Computer and Communications Security (ASIACCS)","author":"Kammerstetter Markus","year":"2014","unstructured":"Markus Kammerstetter, Christian Platzer, and Wolfgang Kastner. Prospect: Peripheral Proxying Supported Embedded Code Testing. In ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2014."},{"key":"e_1_3_2_1_22_1","volume-title":"Yongdae Kim. Firmae: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis. In Annual Computer Security Applications Conference (ACSAC)","author":"Kim Mingeun","year":"2020","unstructured":"Mingeun Kim, Dongkwan Kim, Eunsoo Kim, Suryeon Kim, Yeongjin Jang, and Yongdae Kim. Firmae: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis. In Annual Computer Security Applications Conference (ACSAC), 2020."},{"key":"e_1_3_2_1_23_1","volume-title":"Dave Jing Tian. PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications. In USENIX Security Symposium","author":"Kim Taegyu","year":"2021","unstructured":"Taegyu Kim, Vireshwar Kumar, Junghwan Rhee, Jizhou Chen, Kyungtae Kim, Chung Hwan Kim, Dongyan Xu, and Dave Jing Tian. PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications. In USENIX Security Symposium, 2021."},{"key":"e_1_3_2_1_24_1","volume-title":"Michael Hicks. Evaluating Fuzz Testing. In ACM Conference on Computer and Communications Security (CCS)","author":"Klees George","year":"2018","unstructured":"George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. Evaluating Fuzz Testing. In ACM Conference on Computer and Communications Security (CCS), 2018."},{"key":"e_1_3_2_1_25_1","volume-title":"David Molnar. SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems. In USENIX Workshop on Offensive Technologies (WOOT)","author":"Koscher Karl","year":"2015","unstructured":"Karl Koscher, Tadayoshi Kohno, and David Molnar. SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems. In USENIX Workshop on Offensive Technologies (WOOT), 2015."},{"key":"e_1_3_2_1_26_1","volume-title":"Jiaguang Sun. Bleem: Packet Sequence Oriented Fuzzing for Protocol Implementations. In USENIX Security Symposium","author":"Luo Zhengxiong","year":"2023","unstructured":"Zhengxiong Luo, Junze Yu, Feilong Zuo, Jianzhong Liu, Yu Jiang, Ting Chen, Abhik Roychoudhury, and Jiaguang Sun. Bleem: Packet Sequence Oriented Fuzzing for Protocol Implementations. In USENIX Security Symposium, 2023."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3581791.3596857"},{"issue":"11","key":"e_1_3_2_1_28_1","volume":"47","author":"Man\u00e8s Valentin JM","year":"2019","unstructured":"Valentin JM Man\u00e8s, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J Schwartz, and Maverick Woo. The Art, Science, and Engineering of Fuzzing: A Survey. IEEE Transactions on Software Engineering, 47(11), 2019.","journal-title":"Engineering of Fuzzing: A Survey. IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_1_29_1","volume-title":"Engin Kirda. DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis. In IEEE Symposium on Security and Privacy (S&P)","author":"Mera Alejandro","year":"2021","unstructured":"Alejandro Mera, Bo Feng, Long Lu, and Engin Kirda. DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis. In IEEE Symposium on Security and Privacy (S&P), 2021."},{"key":"e_1_3_2_1_30_1","volume-title":"Long Lu. SHiFT: Semi-hosted Fuzz Testing for Embedded Applications. In USENIX Security Symposium","author":"Mera Alejandro","year":"2024","unstructured":"Alejandro Mera, Changming Liu, Ruimin Sun, Engin Kirda, and Long Lu. SHiFT: Semi-hosted Fuzz Testing for Embedded Applications. In USENIX Security Symposium, 2024."},{"key":"e_1_3_2_1_31_1","volume-title":"Symposium on Network and Distributed System Security (NDSS), Workshop on Binary Analysis Research","author":"Muench Marius","year":"2018","unstructured":"Marius Muench, Dario Nisi, Aur\u00e9lien Francillon, and Davide Balzarotti. Avatar 2: A Multi-target Orchestration Platform. In Symposium on Network and Distributed System Security (NDSS), Workshop on Binary Analysis Research, 2018."},{"key":"e_1_3_2_1_32_1","volume-title":"Davide Balzarotti. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. In Symposium on Network and Distributed System Security (NDSS)","author":"Muench Marius","year":"2018","unstructured":"Marius Muench, Jan Stijohann, Frank Kargl, Aur\u00e9lien Francillon, and Davide Balzarotti. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. In Symposium on Network and Distributed System Security (NDSS), 2018."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10233-3"},{"key":"e_1_3_2_1_34_1","unstructured":"Nordic Semiconductor. nRF Connect SDK: sdk-nrf. https:\/\/github.com\/nrfconnect\/sdk-nrf as of today."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2015.7232966"},{"key":"e_1_3_2_1_36_1","volume-title":"Abhik Roychoudhury. AFLNet: A Greybox Fuzzer for Network Protocols. In IEEE International Conference on Software Testing, Validation and Verification (ICST)","author":"Pham Van-Thuan","year":"2020","unstructured":"Van-Thuan Pham, Marcel B\u00f6hme, and Abhik Roychoudhury. AFLNet: A Greybox Fuzzer for Network Protocols. In IEEE International Conference on Software Testing, Validation and Verification (ICST), 2020."},{"key":"e_1_3_2_1_37_1","volume-title":"Beyah Reheem. SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices. In IEEE Symposium on Security and Privacy (S&P)","author":"Qinying Wang","year":"2024","unstructured":"Wang Qinying, Chang Boyu, Ji Shouling, Tian Yuan, Zhang Xuhong, Zhao Binbin, Pan Gaoning, Lyu Chenyang, Payer Mathias, Wang Wenhai, and Beyah Reheem. SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices. In IEEE Symposium on Security and Privacy (S&P), 2024."},{"key":"e_1_3_2_1_38_1","first-page":"1055","author":"Romkey John","year":"1988","unstructured":"John Romkey. Nonstandard for transmission of IP datagrams over serial lines: SLIP. RFC 1055, 1988.","journal-title":"SLIP. RFC"},{"key":"e_1_3_2_1_39_1","volume-title":"USENIX Security Symposium","author":"Ruge Jan","year":"2020","unstructured":"Jan Ruge, Jiska Classen, Francesco Gringoli, and Matthias Hollick. Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets. In USENIX Security Symposium, 2020."},{"key":"e_1_3_2_1_40_1","volume-title":"Ali Abbasi. Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing. In USENIX Security Symposium","author":"Scharnowski Tobias","year":"2022","unstructured":"Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi. Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing. In USENIX Security Symposium, 2022."},{"key":"e_1_3_2_1_41_1","volume-title":"USENIX Security Symposium","author":"Scharnowski Tobias","year":"2025","unstructured":"Tobias Scharnowski, Simeon Hoffmann, Moritz Bley, Simon W\u00f6rner, Daniel Klischies, Felix Buchmann, Nils Ole Tippenhauer, Thorsten Holz, Marius Muench, and Reviewing Model. GDMA: Fully Automated DMA Rehosting via Iterative Type Overlays. In USENIX Security Symposium, 2025."},{"key":"e_1_3_2_1_42_1","volume-title":"USENIX Security Symposium","author":"Scharnowski Tobias","year":"2023","unstructured":"Tobias Scharnowski, Simon Woerner, Felix Buchmann, Nils Bars, Moritz Schloegel, and Thorsten Holz. Hoedur: Embedded Firmware Fuzzing using Multi-Stream Inputs. In USENIX Security Symposium, 2023."},{"key":"e_1_3_2_1_43_1","volume-title":"Thorsten Holz. SoK: Prudent Evaluation Practices for Fuzzing. In IEEE Symposium on Security and Privacy (S&P)","author":"Schloegel Moritz","year":"2024","unstructured":"Moritz Schloegel, Nils Bars, Nico Schiller, Lukas Bernhard, Tobias Scharnowski, Addison Crump, Arash Ale-Ebrahim, Nicolai Bissantz, Marius Muench, and Thorsten Holz. SoK: Prudent Evaluation Practices for Fuzzing. In IEEE Symposium on Security and Privacy (S&P), 2024."},{"key":"e_1_3_2_1_44_1","volume-title":"Marius Muench. Forming Faster Firmware Fuzzers. In USENIX Security Symposium","author":"Seidel Lukas","year":"2023","unstructured":"Lukas Seidel, Dominik Maier, and Marius Muench. Forming Faster Firmware Fuzzers. In USENIX Security Symposium, 2023."},{"key":"e_1_3_2_1_45_1","unstructured":"STMicroelectronics. STM32CubeF7 MCU Firmware Package. github.com\/STMicroelectronics\/STM32CubeF7\/ as of today."},{"key":"e_1_3_2_1_46_1","volume-title":"Ruoyu Wang. Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation. In USENIX Security Symposium","author":"Tay Hui Jun","year":"2023","unstructured":"Hui Jun Tay, Kyle Zeng, Jayakrishna Menon Vadayath, Arvind S Raj, Audrey Dutcher, Tejesh Reddy, Wil Gibbs, Zion Leonahenahe Basque, Fangzhou Dong, Adam Doupe, Tiffany Bao, Yan Shoshitaishvili, and Ruoyu Wang. Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation. In USENIX Security Symposium, 2023."},{"key":"e_1_3_2_1_47_1","volume-title":"The Extension","author":"Thomas George","year":"2008","unstructured":"George Thomas. Introduction to the modbus Protocol. The Extension, 2008."},{"key":"e_1_3_2_1_48_1","unstructured":"Unicorn Engine. https:\/\/www.unicorn-engine.org\/ as of today."},{"key":"e_1_3_2_1_49_1","volume-title":"Challenges in Firmware Re-hosting, Emulation, and Analysis. ACM Computing Surveys (CSUR), 54(1):1-36","author":"Wright Christopher","year":"2021","unstructured":"Christopher Wright, William A. Moeglein, Saurabh Bagchi, Milind Kulkarni, and Abraham A. Clements. Challenges in Firmware Re-hosting, Emulation, and Analysis. ACM Computing Surveys (CSUR), 54(1):1-36, 2021."},{"key":"e_1_3_2_1_50_1","volume-title":"ACM Computing Surveys (CSUR)","author":"Yun Joobeom","year":"2022","unstructured":"Joobeom Yun, Fayozbek Rustamov, Juhwan Kim, and Youngjoo Shin. Fuzzing of Embedded Systems: A Survey. ACM Computing Surveys (CSUR), 2022."},{"key":"e_1_3_2_1_51_1","volume-title":"American Fuzzy Lop. https:\/\/lcamtuf.coredump.cx\/afl\/","author":"Zalewski Micha\u0142","year":"2013","unstructured":"Micha\u0142 Zalewski. American Fuzzy Lop. https:\/\/lcamtuf.coredump.cx\/afl\/, 2013."},{"key":"e_1_3_2_1_52_1","volume-title":"USENIX Security Symposium","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation. In USENIX Security Symposium, 2019."},{"key":"e_1_3_2_1_53_1","volume-title":"USENIX Security Symposium","author":"Zhou Wei","year":"2021","unstructured":"Wei Zhou, Le Guan, Peng Liu, and Yuqing Zhang. Automatic Firmware Emulation through Invalidity-guided Knowledge Inference. In USENIX Security Symposium, 2021."},{"key":"e_1_3_2_1_54_1","volume-title":"SEmu GitHub Repository. https:\/\/github.com\/MCUSec\/SEmu, as of today","author":"Zhou Wei","year":"2022","unstructured":"Wei Zhou, Lan Zhang, Le Guan, Peng Liu, and Yuqing Zhang. SEmu GitHub Repository. https:\/\/github.com\/MCUSec\/SEmu, as of today, 2022."},{"key":"e_1_3_2_1_55_1","volume-title":"Yuqing Zhang. What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation. In ACM Conference on Computer and Communications Security (CCS)","author":"Zhou Wei","year":"2022","unstructured":"Wei Zhou, Lan Zhang, Le Guan, Peng Liu, and Yuqing Zhang. What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation. In ACM Conference on Computer and Communications Security (CCS), 2022."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765125","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765125","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:20:19Z","timestamp":1766442019000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765125"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":55,"alternative-id":["10.1145\/3719027.3765125","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765125","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}