{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T12:15:19Z","timestamp":1780661719495,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,4,26]],"date-time":"2026-04-26T00:00:00Z","timestamp":1777161600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,27]]},"DOI":"10.1145\/3767295.3769326","type":"proceedings-article","created":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T20:20:04Z","timestamp":1777062004000},"page":"439-452","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Effective On-Hardware Fuzzing of Embedded Operating Systems"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2667-5431","authenticated-orcid":false,"given":"Yuheng","family":"Shen","sequence":"first","affiliation":[{"name":"Tsinghua University, Beijing, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3612-4315","authenticated-orcid":false,"given":"Jianzhong","family":"Liu","sequence":"additional","affiliation":[{"name":"Shandong University, QingDao, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-2754-806X","authenticated-orcid":false,"given":"Qiming","family":"Guo","sequence":"additional","affiliation":[{"name":"Beihang University, Beijing, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-0179-8048","authenticated-orcid":false,"given":"Yifei","family":"Chu","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8425-4803","authenticated-orcid":false,"given":"Qiang","family":"Zhang","sequence":"additional","affiliation":[{"name":"Hunan University, Changsha, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9040-7247","authenticated-orcid":false,"given":"Heyuan","family":"Shi","sequence":"additional","affiliation":[{"name":"Central South University, Changsha, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0955-503X","authenticated-orcid":false,"given":"Yu","family":"Jiang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,4,26]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/community.st.com\/t5\/stm32-mcus-products\/emulator-for-stm32h745\/td-p\/649287","author":"Anuj Peter BENSCH","year":"2024","unstructured":"Peter BENSCH Anuj. STM32H745. https:\/\/community.st.com\/t5\/stm32-mcus-products\/emulator-for-stm32h745\/td-p\/649287, 2024."},{"key":"e_1_3_2_1_2_1","volume-title":"Apache NuttX: A POSLX-Compliant Real-Time Operating System. https:\/\/github.com\/apache\/nuttx","author":"Foundation Apache Software","year":"2024","unstructured":"Apache Software Foundation. Apache NuttX: A POSLX-Compliant Real-Time Operating System. https:\/\/github.com\/apache\/nuttx, 2024. Written in C, C++, assembly; Real-time microkernel; Initial release: 2007; Latest release: 12.5.1 (April 15, 2024)."},{"key":"e_1_3_2_1_3_1","volume-title":"Exposing Security Flaws in the TCP\/IP Stack. https:\/\/www.armis.com\/research\/urgent-11\/","year":"2019","unstructured":"Armis. URGENT\/11: Exposing Security Flaws in the TCP\/IP Stack. https:\/\/www.armis.com\/research\/urgent-11\/, 2019. Accessed: 2024-09-04."},{"key":"e_1_3_2_1_4_1","volume-title":"Thorsten Holz. REDQUEEN: Fuzzing with Input-to-State Correspondence. In Symposium on Network and Distributed System Security (NDSS)","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, and Thorsten Holz. REDQUEEN: Fuzzing with Input-to-State Correspondence. In Symposium on Network and Distributed System Security (NDSS), 2019."},{"key":"e_1_3_2_1_5_1","first-page":"18","volume":"4","author":"Richard Barry","year":"2008","unstructured":"Richard Barry et al. FreeRTOS. Internet, Oct, 4:18, 2008.","journal-title":"FreeRTOS. Internet, Oct"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_3_2_1_7_1","first-page":"2024","author":"Project Clang","year":"2024","unstructured":"Clang Project. Sanitizer Coverage, 2024. Accessed: 2024-09-13.","journal-title":"Sanitizer Coverage"},{"key":"e_1_3_2_1_8_1","first-page":"2138","volume-title":"Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17","author":"Corina Jake","year":"2017","unstructured":"Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, and Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17, page 2123\u20132138, New York, NY, USA, 2017. Association for Computing Machinery."},{"key":"e_1_3_2_1_9_1","volume-title":"DMU Cyber Week","author":"Duverger St\u00e9phane","year":"2021","unstructured":"St\u00e9phane Duverger and Ana\u00efs Gantet. GUSTAVE: Fuzz it like it's app. DMU Cyber Week, 2021."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598115"},{"key":"e_1_3_2_1_11_1","first-page":"1254","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Feng Bo","unstructured":"Bo Feng, Alejandro Mera, and Long Lu. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling. In 29th USENIX Security Symposium (USENIX Security 20), pages 1237\u20131254. USENIX Association, August 2020."},{"key":"e_1_3_2_1_12_1","unstructured":"Google. Kernel Address Sanitizer. https:\/\/www.kernel.org\/doc\/html\/latest\/dev-tools\/kasan.html."},{"key":"e_1_3_2_1_13_1","unstructured":"Hubert H\u00f6gl and Dominic Rath. Open On-Chip Debugger. Fakult\u00e4t f\u00fcr Informatik Tech. Rep 2006."},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. ACM Softw. Eng., 1(FSE), jul","author":"Hung Hsin-Wei","year":"2024","unstructured":"Hsin-Wei Hung and Ardalan Amiri Sani. BRF: Fuzzing the eBPF Runtime. Proc. ACM Softw. Eng., 1(FSE), jul 2024."},{"key":"e_1_3_2_1_15_1","volume-title":"Finding Bugs in File Systems with an Extensible Fuzzing Framework. ACM Trans. Storage, 16(2), may","author":"Kim Seulbae","year":"2020","unstructured":"Seulbae Kim, Meng Xu, Sanidhya Kashyap, Jungyeon Yoon, Wen Xu, and Taesoo Kim. Finding Bugs in File Systems with an Extensible Fuzzing Framework. ACM Trans. Storage, 16(2), may 2020."},{"key":"e_1_3_2_1_16_1","volume-title":"American Fuzzy Lop","year":"2013","unstructured":"lcamtuf. American Fuzzy Lop, 2013. https:\/\/lcamtuf.coredump.cx\/afl\/."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690232"},{"key":"e_1_3_2_1_18_1","volume-title":"Horus: Accelerating Kernel Fuzzing through Efficient Host-VM Memory Access Procedures. ACM Trans. Softw. Eng. Methodol., 33(1), nov","author":"Liu Jianzhong","year":"2023","unstructured":"Jianzhong Liu, Yuheng Shen, Yiru Xu, Hao Sun, and Yu Jiang. Horus: Accelerating Kernel Fuzzing through Efficient Host-VM Memory Access Procedures. ACM Trans. Softw. Eng. Methodol., 33(1), nov 2023."},{"issue":"1","key":"e_1_3_2_1_19_1","first-page":"1","article-title":"Intrusion Detection System for Automotive Controller Area Network (CAN) Bus System","volume":"2019","author":"Lokman Siti-Farhana","year":"2019","unstructured":"Siti-Farhana Lokman, Abu Talib Othman, and Muhammad-Husaini Abu-Bakar. Intrusion Detection System for Automotive Controller Area Network (CAN) Bus System: A Review. EURASIP Journal on Wireless Communications and Networking, 2019(1):1\u201317, 2019.","journal-title":"A Review. EURASIP Journal on Wireless Communications and Networking"},{"key":"e_1_3_2_1_20_1","first-page":"1966","volume-title":"Raheem Beyah. MOPT: Optimized Mutation Scheduling for Fuzzers. In Proceedings of the 28th USENIX Conference on Security Symposium, SEC'19","author":"Lyu Chenyang","year":"2019","unstructured":"Chenyang Lyu, Shouling Ji, Chao Zhang, Yuwei Li, Wei-Han Lee, Yu Song, and Raheem Beyah. MOPT: Optimized Mutation Scheduling for Fuzzers. In Proceedings of the 28th USENIX Conference on Security Symposium, SEC'19, page 1949\u20131966, USA, 2019. USENIX Association."},{"key":"e_1_3_2_1_21_1","first-page":"5340","volume-title":"Long Lu. SHiFT: Semi-hosted Fuzz Testing for Embedded Applications. In 33rd USENIX Security Symposium (USENIX Security 24)","author":"Mera Alejandro","year":"2024","unstructured":"Alejandro Mera, Changming Liu, Ruimin Sun, Engin Kirda, and Long Lu. SHiFT: Semi-hosted Fuzz Testing for Embedded Applications. In 33rd USENIX Security Symposium (USENIX Security 24), pages 5323\u20135340, Philadelphia, PA, August 2024. USENIX Association."},{"key":"e_1_3_2_1_22_1","volume-title":"Zephyr is a new generation, scalable, optimized, secure RTOS","author":"Nashif Anas","year":"2016","unstructured":"Anas Nashif. Zephyr is a new generation, scalable, optimized, secure RTOS, 2016. https:\/\/github.com\/zephyrproject-rtos\/zephyr."},{"key":"e_1_3_2_1_23_1","first-page":"743","volume-title":"Suman Jana. MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation. In 27th USENIX Security Symposium (USENIX Security 18)","author":"Pailoor Shankara","year":"2018","unstructured":"Shankara Pailoor, Andrew Aday, and Suman Jana. MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation. In 27th USENIX Security Symposium (USENIX Security 18), pages 729\u2013743, Baltimore, MD, August 2018. USENIX Association."},{"key":"e_1_3_2_1_24_1","first-page":"2213","volume-title":"Yanjun Wu. V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS '21","author":"Pan Gaoning","year":"2021","unstructured":"Gaoning Pan, Xingwei Lin, Xuhong Zhang, Yongkang Jia, Shouling Ji, Chunming Wu, Xinlei Ying, Jiashui Wang, and Yanjun Wu. V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS '21, page 2197\u20132213, New York, NY, USA, 2021. Association for Computing Machinery."},{"key":"e_1_3_2_1_25_1","first-page":"182","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo, Cornelius Aschermann, Sebastian Schinzel, and Thorsten Holz. kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels. In 26th USENIX Security Symposium (USENIX Security 17), pages 167\u2013182, Vancouver, BC, August 2017. USENIX Association."},{"key":"e_1_3_2_1_26_1","first-page":"499","volume-title":"Yu Jiang. Brief Industry Paper: Directed Kernel Fuzz Testing on Real-time Linux. In 2023 IEEE Real-Time Systems Symposium (RTSS)","author":"Shen Yuheng","unstructured":"Yuheng Shen, Shijun Chen, Jianzhong Liu, Yiru Xu, Qiang Zhang, Runzhe Wang, Heyuan Shi, and Yu Jiang. Brief Industry Paper: Directed Kernel Fuzz Testing on Real-time Linux. In 2023 IEEE Real-Time Systems Symposium (RTSS), pages 495\u2013499. IEEE, 2023."},{"key":"e_1_3_2_1_27_1","volume-title":"Rtkaller: State-Aware Task Generation for RTOS Fuzzing. ACM Trans. Embed. Comput. Syst., 20(5s), sep","author":"Shen Yuheng","year":"2021","unstructured":"Yuheng Shen, Hao Sun, Yu Jiang, Heyuan Shi, Yixiao Yang, and Wanli Chang. Rtkaller: State-Aware Task Generation for RTOS Fuzzing. ACM Trans. Embed. Comput. Syst., 20(5s), sep 2021."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2022.3198910"},{"key":"e_1_3_2_1_29_1","first-page":"628","volume-title":"18th USENIX Symposium on Operating Systems Design and Implementation (OSDI 24)","author":"Sun Hao","year":"2024","unstructured":"Hao Sun and Zhendong Su. Validating the eBPF Verifier via State Embedding. In 18th USENIX Symposium on Operating Systems Design and Implementation (OSDI 24), pages 615\u2013628, Santa Clara, CA, July 2024. USENIX Association."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3627703.3629562"},{"key":"e_1_3_2_1_31_1","unstructured":"The Linux Kernel Organization. KCOV: Kernel Code Coverage. https:\/\/docs.kernel.org\/dev-tools\/kcov.html."},{"key":"e_1_3_2_1_32_1","volume-title":"Syzkaller: an unsupervised coverage-guided kernel fuzzer","author":"Vyukov Dmitry","year":"2015","unstructured":"Dmitry Vyukov. Syzkaller: an unsupervised coverage-guided kernel fuzzer, 2015. https:\/\/github.com\/google\/syzkaller."},{"key":"e_1_3_2_1_33_1","unstructured":"Dmitry Vyukov and Andrey Konovalov. Pseudo-syscalls 2015. https:\/\/github.com\/google\/syzkaller\/blob\/master\/docs\/pseudo_syscalls.md."},{"key":"e_1_3_2_1_34_1","volume-title":"Syzlang: System Call Description Language","author":"Vyukov Dmitry","year":"2015","unstructured":"Dmitry Vyukov and Andrey Konovalov. Syzlang: System Call Description Language, 2015. https:\/\/github.com\/google\/syzkaller\/blob\/master\/docs\/syscall_descriptions_syntax.md."},{"key":"e_1_3_2_1_35_1","first-page":"2526","volume-title":"Yu Jiang. Data Coverage for Guided Fuzzing. In 33rd USENIX Security Symposium (USENIX Security 24)","author":"Wang Mingzhe","year":"2024","unstructured":"Mingzhe Wang, Jie Liang, Chijin Zhou, Zhiyong Wu, Jingzhou Fu, Zhuo Su, Qing Liao, Bin Gu, Bodong Wu, and Yu Jiang. Data Coverage for Guided Fuzzing. In 33rd USENIX Security Symposium (USENIX Security 24), pages 2511\u20132526, Philadelphia, PA, August 2024. USENIX Association."},{"key":"e_1_3_2_1_36_1","first-page":"5423","volume-title":"Kevin Sullivan. Fuzzing Mobile Robot Environments for Fast Automated Crash Detection. In 2021 IEEE International Conference on Robotics and Automation (ICRA)","author":"Woodlief Trey","year":"2021","unstructured":"Trey Woodlief, Sebastian Elbaum, and Kevin Sullivan. Fuzzing Mobile Robot Environments for Fast Automated Crash Detection. In 2021 IEEE International Conference on Robotics and Automation (ICRA), pages 5417\u20135423, 2021."},{"key":"e_1_3_2_1_37_1","volume-title":"RT-Thread is an open source IoT operating system","author":"Xiong Bernard","year":"2007","unstructured":"Bernard Xiong and Man Jianting. RT-Thread is an open source IoT operating system., 2007. https:\/\/github.com\/RT-Thread\/rt-thread."},{"key":"e_1_3_2_1_38_1","first-page":"761","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Yun Insu","year":"2018","unstructured":"Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In 27th USENIX Security Symposium (USENIX Security 18), pages 745\u2013761, Baltimore, MD, August 2018. USENIX Association."}],"event":{"name":"EUROSYS '26: 21st European Conference on Computer Systems","location":"McEwan Hall\/The University of Edinburgh Edinburgh Scotland UK","acronym":"EUROSYS '26","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 21st European Conference on Computer Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3767295.3769326","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T11:56:31Z","timestamp":1780660591000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3767295.3769326"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,26]]},"references-count":38,"alternative-id":["10.1145\/3767295.3769326","10.1145\/3767295"],"URL":"https:\/\/doi.org\/10.1145\/3767295.3769326","relation":{},"subject":[],"published":{"date-parts":[[2026,4,26]]},"assertion":[{"value":"2026-04-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}