research-article

Open access

Challenges in Firmware Re-Hosting, Emulation, and Analysis

Authors:

Christopher Wright,

William A. Moeglein,

Saurabh Bagchi,

Milind Kulkarni,

Abraham A. ClementsAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 54, Issue 1

Article No.: 5, Pages 1 - 36

https://doi.org/10.1145/3423167

Published: 02 January 2021 Publication History

All formats PDF

Abstract

System emulation and firmware re-hosting have become popular techniques to answer various security and performance related questions, such as determining whether a firmware contain security vulnerabilities or meet timing requirements when run on a specific hardware platform. While this motivation for emulation and binary analysis has previously been explored and reported, starting to either work or research in the field is difficult. To this end, we provide a comprehensive guide for the practitioner or system emulation researcher. We layout common challenges faced during firmware re-hosting, explaining successive steps and surveying common tools used to overcome these challenges. We provide classification techniques on five different axes, including emulator methods, system type, fidelity, emulator purpose, and control. These classifications and comparison criteria enable the practitioner to determine the appropriate tool for emulation. We use our classifications to categorize popular works in the field and present 28 common challenges faced when creating, emulating, and analyzing a system from obtaining firmwares to post emulation analysis.

References

[1]

2017. $20M in Bounties Paid and $100M In Sight. Retrieved from https://www.hackerone.com/blog/20M-in-bounties-paid-and-100M-in-sight.

[2]

AFL-Fuzz. [n.d.]. afl-fuzz. Retrieved from https://github.com/google/AFL.

[3]

Irfan Ahmed, Sebastian Obermeier, Martin Naedele, and Golden G. Richard III. 2012. SCADA systems: Challenges for forensic investigators. Computer 45, 12 (December 2012), 44--51.

Digital Library

[4]

Saed Alrabaee, Paria Shirani, Lingyu Wang, and Mourad Debbabi. 2018. FOSSIL: A resilient and efficient system for identifying FOSS functions in malware binaries. ACM Trans. Priv. Secur. 21, 2 (2018), 8.

Digital Library

[5]

angr. [n.d.]. boyscout. Retrieved from https://github.com/angr/angr/blob/master/angr/analyses/boyscout.py.

[6]

angr. [n.d.]. girlscout. Retrieved from https://github.com/angr/angr/blob/master/angr/analyses/girlscout.py.

[7]

Roberto Baldoni, Emilio Coppa, Daniele Cono D’elia, Camil Demetrescu, and Irene Finocchi. 2018. A survey of symbolic execution techniques. Comput. Surv. 51, 3, Article 50 (May 2018), 39 pages.

Digital Library

[8]

Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley. 2014. BYTEWEIGHT: Learning to recognize functions in binary code. In Proceedings of the 23rd USENIX Security Symposium. 845--860.

[9]

Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, and David Brumley. 2017. Your exploit is mine: Automatic shellcode transplant for remote exploits. In Proceedings of the IEEE Symposium on Security and Privacy.

[10]

BE-PUM. [n.d.]. BE-PUM. Retrieved from https://github.com/NMHai/BE-PUM.

[11]

Fabrice Bellard. 2005. QEMU, a fast and portable dynamic translator. In Proceedings of the Annual Conference on USENIX Annual Technical Conference. USENIX Association, Berkeley, CA, 41--41.

Digital Library

[12]

Nathan Binkert, Bradford Beckmann, Gabriel Black, Steven K. Reinhardt, Ali Saidi, Arkaprava Basu, Joel Hestness, Derek R. Hower, Tushar Krishna, Somayeh Sardashti, Rathijit Sen, Korey Sewell, Muhammad Shoaib, Nilay Vaish, Mark D. Hill, and David A. Wood. 2011. The Gem5 simulator. SIGARCH Comput. Arch. News 39, 2 (August 2011), 1--7.

Digital Library

[13]

BitBlaze. [n.d.]. FuzzBALL. Retrieved from https://github.com/bitblaze-fuzzball/fuzzball.

[14]

boofuzz. [n.d.]. boofuzz.Retrieved from https://github.com/jtpereyda/boofuzz.

[15]

Pietro Braione, Giovanni Denaro, and Mauro Pezzè. 2013. Enhancing symbolic execution with built-in term rewriting and constrained lazy initialization. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering. ACM, New York, NY, 411--421.

Digital Library

[16]

Pietro Braione, Giovanni Denaro, and Mauro Pezzè. 2015. Symbolic execution of programs with heap inputs. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering. ACM, New York, NY, 602--613.

Digital Library

[17]

Jonathan Broome and David Marx. 2000. Method and Iimplementation for Intercepting and Processing System Calls in Programmed Digital Computer to Emulate Retrograde operating System. US Patent 6,086,623.

[18]

David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward J. Schwartz. 2011. BAP: A binary analysis platform. In Proceedings of the International Conference on Computer Aided Verification. Springer, 463--469.

Digital Library

[19]

Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation. USENIX Association, Berkeley, CA, 209--224. http://dl.acm.org/citation.cfm?id=1855741.1855756

Digital Library

[20]

Cristian Cadar, Patrice Godefroid, Sarfraz Khurshid, Corina S. Păsăreanu, Koushik Sen, Nikolai Tillmann, and Willem Visser. 2011. Symbolic execution for software testing in practice: Preliminary assessment. In Proceedings of the 33rd International Conference on Software Engineering. Association for Computing Machinery, New York, NY, 1066--1071.

Digital Library

[21]

Joan Calvet, José M. Fernandez, and Jean-Yves Marion. 2012. Aligot: Cryptographic function identification in obfuscated binary programs. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, 169--182.

Digital Library

[22]

Capstone. [n.d.]. Capstone Disassembler. Retrieved from http://www.capstone-engine.org/.

[23]

Dan Caselden, Alex Bazhanyuk, Mathias Payer, Laszlo Szekeres, Stephen McCamant, and Dawn Song. 2013. Transformation-aware Exploit Generation Using a HI-CFG. Technical Report UCB/EECS-2013-85. EECS Department, University of California, Berkeley.

[24]

Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, and David Brumley. 2012. Unleashing Mayhem on binary code. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, CA, 380--394.

Digital Library

[25]

Daming D. Chen, Maverick Woo, David Brumley, and Manuel Egele. 2016. Towards automated dynamic analysis for linux-based embedded firmware. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium.

[26]

Kai Cheng, Qiang Li, Lei Wang, Qian Chen, Yaowen Zheng, Limin Sun, and Zhenkai Liang. 2018. DTaint: Detecting the taint-style vulnerability in embedded device firmware. In Proceedings of the 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 430--441.

[27]

Anton Chernoff, Mark Herdeg, Ray Hookway, Chris Reeve, Norman Rubin, Tony Tye, S. Bharadwaj Yadavalli, and John Yates. 1998. FX!32 a profile-directed binary translator. IEEE Micro 18, 2 (March 1998), 56--64.

Digital Library

[28]

Vitaly Chipounov, Volodymyr Kuznetsov, and George Candea. 2011. S2E: A platform for in-vivo multi-path analysis of software systems. SIGARCH Comput. Arch. News 39, 1 (March 2011), 265--278.

Digital Library

[29]

Zheng Leong Chua, Shiqi Shen, Prateek Saxena, and Zhenkai Liang. 2017. Neural nets can learn function type signatures from binaries. In Proceedings of the 26th USENIX Security Symposium. 99--116.

[30]

Catalin Cimpanu. 2019. Android Exploits Are Now Worth More Than iOS Exploits For The First Time. Retrieved from https://www.zdnet.com/article/android-exploits-are-now-worth-more-than-ios-exploits-for-the-first-time/.

[31]

Cisco. [n.d.]. Joy. Retrieved from https://github.com/cisco/joy.

[32]

Cisomag. 2020. Tesla Offers US$1 Million and a Car to Hack its Model 3 Car. Retrieved from https://www.cisomag.com/tesla-offers-us1-million-and-a-car-as-bug-bounty-reward/.

[33]

James Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: A generic dynamic taint analysis framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis. ACM, New York, NY, 196--206.

Digital Library

[34]

John Clemens. 2015. Automatic classification of object code using machine learning. Dig. Invest. 14, S1 (August 2015), S156–S162.

Digital Library

[35]

Abraham Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer. 2020. HALucinator: Firmware re-hosting through abstraction layer emulation. In 29th USENIX Security Symposium (USENIX Security'20). USENIX Association, 1201--1218. https://www.usenix.org/conference/usenixsecurity20/presentation/clements.

[36]

Lucian Cojocar, Jonas Zaddach, Roel Verdult, Herbert Bos, Aurélien Francillon, and Davide Balzarotti. 2015. PIE: Parser identification in embedded systems. In Proceedings of the 31st Annual Computer Security Applications Conference. Association for Computing Machinery, New York, NY, 251--260.

Digital Library

[37]

Comsecuris. [n.d.]. GDB Ghidra. Retrieved from https://github.com/Comsecuris/gdbghidra.

[38]

ConsenSys. [n.d.]. Mythril. Retrieved from https://github.com/ConsenSys/mythril.

[39]

Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, and Giovanni Vigna. 2017. Difuze: Interface aware fuzzing for kernel drivers. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 2123--2138.

Digital Library

[40]

Nassim Corteggiani, Giovanni Camurati, and Aurélien Francillon. 2018. Inception: System-wide security testing of real-world embedded systems software. In Proceedings of the 27th USENIX Security Symposium. USENIX Association, Baltimore, MD, 309--326. https://www.usenix.org/conference/usenixsecurity18/presentation/corteggiani.

[41]

Andrei Costin and Jonas Zaddach. 2013. Embedded devices security and firmware reverse engineering. In black hat USA 2013 Workshop. blackhat.com. https://media.blackhat.com/us-13/US-13-Zaddach-Workshop-on-Embedded-Devices-Security-and-Firmware-Reverse-Engineering-WP.pdf.

[42]

Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. [n.d.]. firmware.re. http://firmware.re/usenixsec14/.

[43]

Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. 2014. A large-scale analysis of the security of embedded firmwares. In Proceedings of the 23rd USENIX Security Symposium. USENIX Association, San Diego, CA, 95--110. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin.

[44]

Andrei Costin, Apostolis Zarras, and Aurélien Francillon. 2016. Automated dynamic firmware analysis at scale: A case study on embedded web interfaces. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. ACM, New York, NY, 437--448.

Digital Library

[45]

Andrei Costin, Apostolis Zarras, and Aurélien Francillon. 2017. Towards automated classification of firmware images and identification of embedded devices. In ICT Systems Security and Privacy Protection, Sabrina De Capitani di Vimercati and Fabio Martinelli (Eds.). Springer International Publishing, Cham, 233--247.

[46]

Craig. 2012. Emulating NVRAM in Qemu. Retrieved from http://www.devttys0.com/2012/03/emulating-nvram-in-qemu/.

[47]

Robin David, Sébastien Bardin, Thanh Dinh Ta, Laurent Mounier, Josselin Feist, Marie-Laure Potet, and Jean-Yves Marion. 2016. BINSEC/SE: A dynamic symbolic execution toolkit for binary-level analysis. In Proceedings of the IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering. IEEE Computer Society, Los Alamitos, CA, 653--656.

[48]

Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution. In Proceedings of the 22nd USENIX Security Symposium. USENIX Association, Berkeley, CA, 463--478.

[49]

Pietro De Nicolao, Marcello Pogliani, Mario Polino, Michele Carminati, Davide Quarta, and Stefano Zanero. 2018. ELISA: ELiciting ISA of raw binaries for fine-grained code and data separation. In Detection of Intrusions and Malware, and Vulnerability Assessment, Cristiano Giuffrida, Sébastien Bardin, and Gregory Blanc (Eds.). Springer International Publishing, Cham, 351--371.

[50]

Brendan Dolan-Gavitt, Josh Hodosh, Patrick Hulin, Tim Leek, and Ryan Whelan. 2015. Repeatable reverse engineering with PANDA. In Proceedings of the 5th Program Protection and Reverse Engineering Workshop. ACM, New York, NY, Article 4, 11 pages.

Digital Library

[51]

Christopher Domas. 2017. Breaking the x86 ISA. In black hat USA 2017 Workshop. blackhat.com. https://www. blackhat.com/docs/us-17/thursday/us-17-Domas-Breaking-The-x86-Instruction-Set-wp.pdf.

[52]

DOSBox. [n.d.]. DOSBox. Retrieved from https://www.dosbox.com/.

[53]

DroidSniff. [n.d.]. DroidSniff. Retrieved from https://github.com/evozi/DroidSniff.

[54]

Thomas Dullien and Sebastian Porst. 2009. REIL: A platform-independent intermediate representation of disassembled code for static code analysis. Zynamics. https://static.googleusercontent.com/media/www.zynamics.com/en//downloads/csw09.pdf.

[55]

EtherApe. [n.d.]. EtherApe. Retrieved from https://etherape.sourceforge.io/.

[56]

FaceDancer. [n.d.]. FaceDancer. Retrieved fom https://github.com/usb-tools/Facedancer.

[57]

Bo Feng, Alejandro Mera, and Long Lu. 2019. P2IM: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling (extended version). arXiv abs/1909.06472. Retrieved from https://arxiv.org/abs/1909.06472.

[58]

Firmadyne. 2018. firmadyne/libnvram. Retrieved from https://github.com/firmadyne/libnvram.

[59]

firminsight. [n.d.]. Retrieved from https://github.com/ilovepp/firminsight.

[60]

firmware-mod-kit. [n.d.]. Retrieved from https://github.com/rampageX/firmware-mod-kit.

[61]

José Fragoso Santos, Petar Maksimović, Gabriela Sampaio, and Philippa Gardner. 2019. JaVerT 2.0: Compositional symbolic execution for JavaScript. In Proceedings of the ACM on Principles of Programming Languages 3, Article 66 (January 2019), 31 pages.

Digital Library

[62]

Prashant Gandhi, Somesh Khanna, and Sree Ramaswamy. 2017. Which Industries Are the Most Digital (and Why)? Retrieved from https://hbr.org/2016/04/a-chart-that-shows-which-industries-are-the-most-digital-and-why.

[63]

Patrice Godefroid, Michael Y. Levin, and David Molnar. 2008. Automated whitebox fuzz testing. In Proceedings of the Network and Distributed Systems Security Symposium.

[64]

Google. [n.d.]. clusterfuzz. Retrieved from https://github.com/google/clusterfuzz.

[65]

Google. [n.d.]. domato. Retrieved from https://github.com/googleprojectzero/domato.

[66]

Google. [n.d.]. fuzzilli. Retrieved from https://github.com/googleprojectzero/fuzzilli.

[67]

Google. [n.d.]. gofuzz. Retrieved from https://github.com/google/gofuzz.

[68]

Google. [n.d.]. honggfuzz. Retrieved from https://github.com/google/honggfuzz.

[69]

Google. [n.d.]. syzkaller. Retrieved from https://github.com/google/syzkaller.

[70]

Google. [n.d.]. winafl. Retrieved from https://github.com/googleprojectzero/winafl.

[71]

Gustavo Grieco, Martín Ceresa, and Pablo Buiras. 2016. QuickFuzz: An automatic random fuzzer for common file formats. In Proceedings of the 9th International Symposium on Haskell. ACM, New York, NY, 13--20.

Digital Library

[72]

Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Davide Balzarotti, Aurelien Francillon, Yung Ryn Choe, Christophe Kruegel, et al. 2020. Toward the analysis of embedded firmware through automated re-hosting. In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses.

[73]

Jim Hall. [n.d.]. HP LaserJet The Early History. Retrieved from http://hparchive.com/seminar_notes/HP_LaserJet_The_Early_History_by_Jim_Hall_110512.pdf.

[74]

Armijn Hemel and Shane Coughlan. [n.d.]. Binary Analysis Toolkit. Retrieved from http://www.binaryanalysis.org/old/home.

[75]

Hemel, Armijn. [n.d.]. BANG—Binary Analysis Next Generation. Retrieved from https://github.com/armijnhemel/binaryanalysis-ng.

[76]

Grant Hernandez, Farhaan Fowze, Dave Tian, Tuba Yavuz, and Kevin Butler. 2017. FirmUSB: Vetting USB device firmware using domain informed symbolic execution. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS'17). Association for Computing Machinery, New York, NY, USA, 2245--2262. https://doi.org/10.1145/3133956.3134050

Digital Library

[77]

Brendan Hesse. 2019. Earn Up to $1 Million from Apple’s Expanded Bug Bounty Program. Retrieved from https://lifehacker.com/earn-up-to-1-million-from-apples-expanded-bug-bounty-p-1837106598.

[78]

Emily R. Jacobson, Nathan Rosenblum, and Barton P. Miller. 2011. Labeling library functions in stripped binaries. In Proceedings of the 10th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools. ACM, 1--8.

[79]

Janala2. [n.d.]. Janala2. Retrieved from https://github.com/ksen007/janala2.

[80]

Dave Jones. 2011. Trinity: A system call fuzzer. In Proceedings of the 13th Ottawa Linux Symposium.

[81]

Sami Kairajärvi, Andrei Costin, and Timo Hämäläinen. 2020. ISAdetect: Usable automated detection of CPU architecture and endianness for executable binary files and object code. In Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, New York, NY, 376--380.

Digital Library

[82]

Sushma Kalle, Nehal Ameen, Hyunguk Yoo, and Irfan Ahmed. 2019. CLIK on PLCs! Attacking control logic with decompilation and virtual PLC.

[83]

Aaron Kaluszka. [n.d.]. Computer Emulation History. Retrieved from https://kaluszka.com/vt/emulation/history.html.

[84]

Markus Kammerstetter, Christian Platzer, and Wolfgang Kastner. 2014. Prospect: Peripheral proxying supported embedded code testing. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. ACM, New York, NY, 329--340.

Digital Library

[85]

Stamatis Karnouskos. 2011. Stuxnet worm impact on industrial cyber-physical system security. In Proceedings of the 37th Annual Conference of the IEEE Industrial Electronics Society. 4490--4494.

[86]

Anastasis Keliris and Michail Maniatakos. 2019. ICSREF: A framework for automated reverse engineering of industrial control systems binaries. In Proceedings of the Network and Distributed Systems Security Symposium.

[87]

M. Ammar Ben Khadra, Dominik Stoffel, and Wolfgang Kunz. 2016. Speculative disassembly of binary code. In Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems. ACM, New York, NY, Article 16, 10 pages.

Digital Library

[88]

Kismet. [n.d.]. Kismet. Retrieved from https://www.kismetwireless.net/.

[89]

George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. 2018. Evaluating fuzz testing. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, 2123--2138.

Digital Library

[90]

Karl Koscher, Tadayoshi Kohno, and David Molnar. 2015. SURROGATES: Enabling near-real-time dynamic analyses of embedded systems. In Proceedings of the 9th USENIX Workshop on Offensive Technologies. USENIX Association, Berkeley, CA.

[91]

Christopher Kruegel. 2014. Full system emulation: Achieving successful automated dynamic analysis of evasive malware. In blackhat USA 2014 Workshop. blackhat.com. https://www.blackhat.com/docs/us-14/materials/us-14-Kruegel-Full-System-Emulation-Achieving-Successful-Automated-Dynamic-Analysis-Of-Evasive-Malware-WP.pdf.

[92]

Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, and Giovanni Vigna. 2005. Automating mimicry attacks using static binary analysis. In Proceedings of the 14th USENIX Security Symposium, Vol. 14. 11--11.

[93]

Christopher Kruegel, William Robertson, Fredrik Valeur, and Giovanni Vigna. 2004. Static disassembly of obfuscated binaries. In Proceedings of the 13th USENIX Security Symposium, Vol. 13. 18--18.

[94]

Christopher Kruegel, William Robertson, and Giovanni Vigna. 2004. Detecting kernel-level rootkits through binary analysis. In Proceedings of the 20th Annual Computer Security Applications Conference. IEEE, 91--100.

Digital Library

[95]

C. Lattner and V. Adve. 2004. LLVM: A compilation framework for lifelong program analysis transformation. In Proceedings of the International Symposium on Code Generation and Optimization. 75--86.

[96]

Kevin P. Lawton. 1996. Bochs: A portable pc emulator for Unix/X. Linux J. 1996, 29es, Article 7 (September 1996). http://dl.acm.org/citation.cfm?id=326350.326357

[97]

Leveldown Security. [n.d.]. SVD-Loader-Ghidra. Retrieved from https://github.com/leveldown-security/SVD-Loader-Ghidra.

[98]

R. Li, Z. Zhao, X. Zhou, G. Ding, Y. Chen, Z. Wang, and H. Zhang. 2017. Intelligent 5G: When cellular networks meet artificial intelligence. IEEE Wireless Commun. 24, 5 (2017), 175--183.

Digital Library

[99]

Yanlin Li, Jonathan M. McCune, and Adrian Perrig. 2011. VIPER: Verifying the integrity of PERipherals’ firmware. In Proceedings of the 18th ACM Conference on Computer and Communications Security. Association for Computing Machinery, New York, NY, 3--16.

Digital Library

[100]

Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, and Kang Li. 2018. Mobilefindr: Function similarity identification for reversing mobile binaries. In Proceedings of the European Symposium on Research in Computer Security. Springer, 66--83.

[101]

Ulf Lindqvist and Peter G. Neumann. 2017. The future of the Internet of Things. Commun. ACM 60, 2 (January 2017), 26--30.

Digital Library

[102]

Peng Liu, Chunchang Xiang, Xiaohang Wang, Binjie Xia, Yangfan Liu, Weidong Wang, and Qingdong Yao. 2009. A NoC emulation/verification framework. In Proceedings of the 6th International Conference on Information Technology: New Generations. IEEE, 859--864.

Digital Library

[103]

Blake Loring, Duncan Mitchell, and Johannes Kinder. 2017. ExpoSE: Practical symbolic execution of standalone JavaScript. In Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software. ACM, New York, NY, 196--199.

Digital Library

[104]

Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna. 2017. BOOMERANG: Exploiting the semantic gap in trusted execution environments. In Proceedings of the 2017 Network and Distributed System Security Symposium.

[105]

Peter S. Magnusson, Magnus Christensson, Jesper Eskilson, Daniel Forsgren, Gustav Hallberg, Johan Hogberg, Fredrik Larsson, Andreas Moestedt, and Bengt Werner. 2002. Simics: A full system simulation platform. Computer 35, 2 (2002), 50--58.

Digital Library

[106]

Malcolm. [n.d.]. Malcolm. Retrieved from https://github.com/idaholab/Malcolm.

[107]

James Manyika, Sree Ramaswamy, Somesh Khanna, Hugo Sarrazin, Gary Pinkus, Guru Sethupathy, and Andrew Yaffe. 2015. Digital America: A tale of the haves and have-mores. Retrieved from https://www.mckinsey.com/industries/technology-media-and-telecommunications/our-insights/digital-america-a-tale-of-the-haves-and-have-mores.

[108]

Xavi Mendez. [n.d.]. wfuzz. Retrieved from https://github.com/xmendez/wfuzz.

[109]

Gaurav Mittal, David Zaretsky, Gokhan Memik, and Prith Banerjee. 2005. Automatic extraction of function bodies from software binaries. In Proceedings of the ASP-DAC 2005. Asia and South Pacific Design Automation Conference, 2005, Vol. 2. IEEE, 928--931.

[110]

Harish Mohanan, Perraju Bendapudi, Abishek Kumarasubramanian, Rajesh Jalan, and Ramarathnam Venkatesan. 2012. Function Matching in Binaries. US Patent 8,166,466.

[111]

Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, and Artem Dinaburg. 2019. Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts. arxiv:cs.SE/1907.03890. Retrieved from https://arxiv.org/abs/1907.03890.

[112]

Marius Muench, Dario Nisi, Aurélien Francillon, and Davide Balzarotti. 2018. Avatar: A multi-target orchestration platform. In Proceedings of the Workshop on Binary Analysis Research, Colocated with Network and Distributed Systems Security Symposium.

[113]

Marius Muench, Jan Stijohann, Frank Kargl, Aurelien Francillon, and Davide Balzarotti. 2018. What you corrupt is not what you crash: Challenges in fuzzing embedded devices. In Proceedings of the Network and Distributed System Security Symposium.

[114]

NationalSecurityAgency. [n.d.]. NationalSecurityAgency/ghidra. Retrieved from https://github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questions.

[115]

Nicholas Nethercote and Julian Seward. 2007. Valgrind: A framework for heavyweight dynamic binary instrumentation. ACM SIGPLAN Conf. Program. Lang. Des. Implement. 42, 6 (June 2007), 89--100.

Digital Library

[116]

Netresec. [n.d.]. NetworkMiner. Retrieved from https://www.netresec.com/?page=NetworkMiner.

[117]

NetWorkPacketCapture. [n.d.]. Retrieved from https://github.com/huolizhuminh/NetWorkPacketCapture.

[118]

Lily Hay Newman. 2018. Facebook Bug Bounty Program Makes Biggest Reward Payout Yet. Retrieved from https://www.wired.com/story/facebook-bug-bounty-biggest-payout/.

[119]

NSA. [n.d.]. Ghidra. Retrieved from https://ghidra-sre.org/.

[120]

U.S. Department of Energy. [n.d.]. The Smart Grid. Retrieved from https://www.smartgrid.gov/the_smart_grid/smart_grid.html.

[121]

OWASP. [n.d.]. IoTGoat. Retrieved from https://github.com/OWASP/IoTGoat.

[122]

PAGalaxyLab. [n.d.]. vxhunter. Retrieved from https://github.com/PAGalaxyLab/vxhunter.

[123]

Dorottya Papp, Zhendong Ma, and Levente Buttyan. 2015. Embedded systems security: Threats, vulnerabilities, and attack taxonomy. In Proceedings of the 2015 13th Annual Conference on Privacy, Security and Trust. 145--152.

[124]

Riyad Parvez, Paul A. S. Ward, and Vijay Ganesh. 2016. Combining static analysis and targeted symbolic execution for scalable bug-finding in application binaries. In Proceedings of the 26th Annual International Conference on Computer Science and Software Engineering. IBM Corp., Riverton, NJ, 116--127. http://dl.acm.org/citation.cfm?id=3049877.3049889

Digital Library

[125]

PcapPlusPlus. [n.d.]. PcapPlusPlus. Retrieved from https://github.com/seladb/PcapPlusPlus.

[126]

PCem. [n.d.]. PCem. Retrieved from https://github.com/Anamon/pcem.

[127]

Hui Peng, Yan Shoshitaishvili, and Mathias Payer. 2018. T-fuzz: Fuzzing by program transformation. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 697--710.

[128]

Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow, and Thorsten Holz. 2015. Cross-architecture bug search in binary executables. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 709--724.

Digital Library

[129]

Richard Phillips and Bonnie Montalvo. 2010. Using emulation to debug control logic code. In Proceedings of the 2010 Winter Simulation Conference (2010).

[130]

PixelCyber. [n.d.]. Thor. Retrieved from https://github.com/PixelCyber/Thor.

[131]

Praetorian. [n.d.]. The Damn Vulnerable Router Firmware Project. Retrieved from https://github.com/praetorian-code/DVRF.

[132]

Rui Qiao and R. Sekar. 2016. Effective Function Recovery for COTS Binaries Using Interface Verification. Technical Report. Technical report, Secure Systems Lab, Stony Brook University.

[133]

Rui Qiao and R. Sekar. 2017. Function interface analysis: A principled approach for function recognition in COTS binaries. In Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. IEEE, 201--212.

[134]

radamsa. [n.d.]. radamsa. Retrieved from https://gitlab.com/akihe/radamsa.

[135]

Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Application-aware evolutionary fuzzing. In Proceedings of the Network and Distributed Systems Security Symposium, Vol. 17. 1--14.

[136]

Hex Rays. [n.d.]. Retrieved from https://hex-rays.com/products/ida/.

[137]

Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2020. KARONTE: Detecting insecure multi-binary interactions in embedded firmware. In Proceedings of the IEEE Symposium on Security and Privacy.

[138]

Teddy Reed. [n.d.]. subzero. Retrieved from https://github.com/theopolis/subzero.

[139]

ReFirm Labs. [n.d.]. binwalk. Retrieved from https://github.com/ReFirmLabs/binwalk.

[140]

Corinne Reichert. 2019. Google’s Android Bug Bounty Program Will Now Pay Out $1.5 Million. Retrieved from https://www.cnet.com/news/googles-android-bug-bounty-program-will-now-pay-out-1-5-million/.

[141]

Samsung. [n.d.]. Jalangi2. Retrieved from https://github.com/Samsung/jalangi2.

[142]

Chase Schultz. [n.d.]. firmware_collection. Retrieved from https://github.com/f47h3r/firmware_collection.

[143]

Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC, 317--331.

Digital Library

[144]

Sen, Koushik. [n.d.]. jCUTE. Retrieved from https://github.com/osl/jcute.

[145]

Kostya Serebryany. 2017. OSS-Fuzz-Google’s Continuous Fuzzing Service for Open Source Software.

[146]

Saumil Shah. [n.d.]. The ARM-X Firmware Emulation Framework. Retrieved from https://github.com/therealsaumil/armx.

[147]

Asankhaya Sharma. 2014. Exploiting undefined behaviors for efficient symbolic execution. In Companion Proceedings of the 36th International Conference on Software Engineering. ACM, New York, NY, 727--729.

Digital Library

[148]

Shellphish. 2017. Cyber Grand Shellphish. Retrieved from http://phrack.org/papers/cyber_grand_shellphish.html.

[149]

Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing functions in binaries with neural networks. In Proceedings of the 24th USENIX Security Symposium. 611--626.

[150]

Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2015. Firmalice - Automatic detection of authentication bypass vulnerabilities in binary firmware. In Proceedings of the 2015 Network and Distributed System Security Symposium.

[151]

Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Audrey Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2016. SoK: (State of) the art of war: Offensive techniques in binary analysis. In Proceedings of the IEEE Symposium on Security and Privacy.

[152]

Sibyl. [n.d.]. Sibyl. Retrieved from https://github.com/cea-sec/Sibyl.

[153]

Sickendick, Karl. [n.d.]. pcode-emulator. Retrieved from https://github.com/kc0bfv/pcode-emulator.

[154]

Slack. [n.d.]. Slack. Retrieved from https://angr.slack.com.

[155]

Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. 2008. BitBlaze: A new approach to computer security via binary analysis. In Proceedings of the International Conference on Information Systems Security. Springer, 1--25.

Digital Library

[156]

Prashast Srivastava, Hui Peng, Jiahao Li, Hamed Okhravi, Howard Shrobe, and Mathias Payer. 2019. FirmFuzz: Automated IoT firmware introspection and analysis. In Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things (2019), 15--21.

Digital Library

[157]

SSRFmap. [n.d.]. SSRFmap. Retrieved from https://github.com/swisskyrepo/SSRFmap.

[158]

Nick Stephens, John Grosen, Christopher Salls, Audrey Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting fuzzing through selective symbolic execution. In Proceedings of the 2016 Network and Distributed System Security Symposium.

[159]

Vinaitheerthan Sundaram, Patrick Eugster, and Xiangyu Zhang. 2010. Efficient diagnostic tracing for wireless sensor networks. In Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems. ACM, 169--182.

Digital Library

[160]

Florin Dragos Tanasache, Mara Sorella, Silvia Bonomi, Raniero Rapone, and Davide Meacci. 2019. Building an emulation environment for cyber security analyses of complex networked systems. In Proceedings of the 20th International Conference on Distributed Computing and Networking (2019).

Digital Library

[161]

Matthew Tancreti, Mohammad Sajjad Hossain, Saurabh Bagchi, and Vijay Raghunathan. 2011. Aveksha: A hardware-software approach for non-intrusive tracing and profiling of wireless embedded systems. In Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems. ACM, 288--301.

Digital Library

[162]

Matthew Tancreti, Vinaitheerthan Sundaram, Saurabh Bagchi, and Patrick Eugster. 2015. TARDIS: Software-only system-level record and replay in wireless sensor networks. In Proceedings of the 14th International Conference on Information Processing in Sensor Networks. ACM, 286--297.

Digital Library

[163]

TCPDump. [n.d.]. Retrieved from http://www.tcpdump.org/.

[164]

Radare2 Team. 2017. Radare2 Book. GitHub.

[165]

Telerik. [n.d.]. Fiddler. Retrieved from https://www.telerik.com/fiddler.

[166]

Keen Security Lab Tencent. 2016. Car Hacking Research: Remote Attack Tesla Motors. Retrieved from https://keenlab.tencent.com/en/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/.

[167]

Sam Thomas, Flavio Garcia, and Tom Chothia. 2017. HumIDIFy: A tool for hidden functionality detection in firmware. 279--300.

[168]

Michael F. Thompson and Timothy Vidas. 2018. CGC Monitor: A Vetting System for the DARPA Cyber Grand Challenge. Retrieved from https://calhoun.nps.edu/handle/10945/59209.

[169]

Brian Van Leeuwen, Vincent Urias, John Eldridge, Charles Villamarin, and Ron Olsberg. 2010. Cyber security analysis testbed: Combining real, emulation, and simulation. In Proceedings of the 44th Annual 2010 IEEE International Carnahan Conference on Security Technology. 121--126.

[170]

Sebastian Vasile, David Oswald, and Tom Chothia. 2019. Breaking all the things—A systematic survey of firmware extraction techniques for IoT devices. In Smart Card Research and Advanced Applications, Begül Bilgin and Jean-Bernard Fischer (Eds.). Springer International Publishing, Cham, 171--185.

[171]

Marek Vasut. 2017. Adding New Architecture to QEMU. Retrieved from https://events17.linuxfoundation.org/sites/events/files/slides/ossj-2017.pdf.

[172]

Trygve Vea. [n.d.]. firmwaredb. Retrieved from https://github.com/kvisle/firmwaredb.

[173]

Vector 35. [n.d.]. Binary Ninja. Retrieved from https://binary.ninja/.

[174]

John Viega and Hugh Thompson. 2012. The state of embedded-device security (Spoiler Alert: It’s Bad). IEEE Symp. Secur. Priv. 10, 5 (September 2012), 68--70.

Digital Library

[175]

Sebastian Vogl, Robert Gawlik, Behrad Garmany, Thomas Kittel, Jonas Pfoh, Claudia Eckert, and Thorsten Holz. 2014. Dynamic hooks: Hiding control flow changes within non-control data. In Proceedings of the 23rd USENIX Security Symposium. 813--328.

[176]

Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Machiry Aravind, John Grosen, Paul Grosen, Christopher Kruegel, and Giovanni Vigna. 2017. Ramblr: Making reassembly great again. In Proceedings of the 2017 Network and Distributed System Security Symposium.

[177]

Xiajing Wang, Rui Ma, Bowen Dou, Zefeng Jian, and Hongzhou Chen. 2018. OFFDTAN: A new approach of offline dynamic taint analysis for binaries. Secur. Commun. Netw. 2018 (2018), 13. 10.1155/2018/7693861

Digital Library

[178]

Kayla Wiles. 2019. First All-digital Nuclear Reactor System in the U.S. Installed at Purdue University. Retrieved from https://www.purdue.edu/newsroom/releases/2019/Q3/first-all-digital-nuclear-reactor-control-system-in-the-u.s.-installed-at-purdue-university.html.

[179]

Wireshark. [n.d.]. Wireshark. Retrieved from https://www.wireshark.org/.

[180]

Dongpeng Xu, Jiang Ming, and Dinghao Wu. 2017. Cryptographic function detection in obfuscated binaries via bit-precise symbolic loop mapping. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 921--937.

[181]

Hongfa Xue, Shaowen Sun, Guru Venkataramani, and Tian Lan. 2019. Machine learning-based analysis of program binaries: A comprehensive study. IEEE Access 7 (2019), 65889--65912.

[182]

Seung Jei Yang, Jung Ho Choi, Ki Bom Kim, and Taejoo Chang. 2015. New acquisition method based on firmware update protocols for Android smartphones. Dig. Invest. 14 (2015), S68–S76.

Digital Library

[183]

Miao Yu, Jianwei Zhuge, Ming Cao, Zhiwei Shi, and Lin Jiang. 2020. A survey of security vulnerability analysis, discovery, detection, and mitigation on IoT devices. Fut. Internet 12, 2 (February 2020), 27.

[184]

Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM: A practical concolic execution engine tailored for hybrid fuzzing. In Proceedings of the 27th USENIX Security Symposium. 745--761.

[185]

Jonas Zaddach, Luca Bruno, Aurãlien Francillon, and Davide Balzarotti. 2014. Avatar: A framework to support dynamic security analysis of embedded systems’ firmwares. In Proceedings of the Network and Distributed Systems Security Symposium.

[186]

Jonas Zaddach, Anil Kurmus, Davide Balzarotti, Erik-Oliver Blass, Aurélien Francillon, Travis Goodspeed, Moitrayee Gupta, and Ioannis Koltsidas. 2013. Implementation and implications of a stealth hard-drive backdoor. In Proceedings of the 29th Annual Computer Security Applications Conference. Association for Computing Machinery, New York, NY, 279--288.

Digital Library

[187]

Ruijin Zhu, Yu-an Tan, Quanxin Zhang, Yuanzhang Li, and Jun Zheng. 2016. Determining image base of firmware for ARM devices by matching literal pools. Dig. Invest. 16 (2016), 19--28.

Digital Library

[188]

Ruijin Zhu, Baofeng Zhang, Junjie Mao, Quanxin Zhang, and Yu-an Tan. 2017. A methodology for determining the image base of ARM-based industrial control system firmware. Int. J. Crit. Infrastruct. Protect. 16 (2017), 26--35.

Digital Library

Cited By

Ruiz-Villafranca SCastelo Gómez JCarrillo-Mondéjar JRoldán-Gómez JMartínez J(2025)A self-contained emulator for the forensic examination of IoE scenariosAd Hoc Networks10.1016/j.adhoc.2024.103718168(103718)Online publication date: Mar-2025
https://doi.org/10.1016/j.adhoc.2024.103718
Freitas OTaffarel FSantos AJúnior L(2024)Uncovering Hidden Risks in IoT devices: A Post-Pandemic National Study of SOHO Wi-Fi Router SecurityJournal of Internet Services and Applications10.5753/jisa.2024.383415:1(485-495)Online publication date: 16-Oct-2024
https://doi.org/10.5753/jisa.2024.3834
Arikawa YNishiura KMizuno O(2024)Finding bugs in embedded external device drivers using emulationProceedings of the 2024 The 6th World Symposium on Software Engineering (WSSE)10.1145/3698062.3698079(129-132)Online publication date: 13-Sep-2024
https://dl.acm.org/doi/10.1145/3698062.3698079
Show More Cited By

Index Terms

Challenges in Firmware Re-Hosting, Emulation, and Analysis
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Embedded systems
  2. Real-time systems
2. Hardware
  1. Hardware validation
    1. Functional verification
      1. Simulation and emulation

Recommendations

Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications Conference

With the rapid proliferation of IoT devices, our cyberspace is nowadays dominated by billions of low-cost computing nodes, which are very heterogeneous to each other. Dynamic analysis, one of the most effective approaches to finding software bugs, has ...
Fidelity Evaluation based Time Dilation in Hybrid Network Emulation
SIGSIM PADS '15: Proceedings of the 3rd ACM SIGSIM Conference on Principles of Advanced Discrete Simulation

Hybrid network emulation has emerged as a new way to exploit advantages of both network simulation and emulation. Hybrid network emulation often uses a technology called time dilation to combat performance limitation. In order to implement accurate time ...
Fidelity-aware large-scale distributed network emulation
Abstract
The design and development of new network protocols, architectures, and technologies requires an evaluation phase where the researcher must provide empirical evidence for the performance of their contributions, potentially in comparison to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 54, Issue 1

January 2022

844 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3446641

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 January 2021

Accepted: 01 September 2020

Revised: 01 July 2020

Received: 01 January 2020

Published in CSUR Volume 54, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

U.S. Department of Energy
National Nuclear Security

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

34
Total Citations
View Citations
3,925
Total Downloads

Downloads (Last 12 months)1,425
Downloads (Last 6 weeks)199

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ruiz-Villafranca SCastelo Gómez JCarrillo-Mondéjar JRoldán-Gómez JMartínez J(2025)A self-contained emulator for the forensic examination of IoE scenariosAd Hoc Networks10.1016/j.adhoc.2024.103718168(103718)Online publication date: Mar-2025
https://doi.org/10.1016/j.adhoc.2024.103718
Freitas OTaffarel FSantos AJúnior L(2024)Uncovering Hidden Risks in IoT devices: A Post-Pandemic National Study of SOHO Wi-Fi Router SecurityJournal of Internet Services and Applications10.5753/jisa.2024.383415:1(485-495)Online publication date: 16-Oct-2024
https://doi.org/10.5753/jisa.2024.3834
Arikawa YNishiura KMizuno O(2024)Finding bugs in embedded external device drivers using emulationProceedings of the 2024 The 6th World Symposium on Software Engineering (WSSE)10.1145/3698062.3698079(129-132)Online publication date: 13-Sep-2024
https://dl.acm.org/doi/10.1145/3698062.3698079
Liu HGan SZhang CGao ZZhang HWang XGao G(2024)Labrador: Response Guided Directed Fuzzing for Black-box IoT Devices2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00127(1920-1938)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00127
Cheng SLui YTsai NHong B(2024)Toward Intelligent IoT Endpoint Detection and Response Using Digital Twins via Firmware EmulationIEEE Internet of Things Magazine10.1109/IOTM.001.24000707:6(20-26)Online publication date: Nov-2024
https://doi.org/10.1109/IOTM.001.2400070
Xiao YChen JHu YHuang J(2024)FIRMRES: Exposing Broken Device-Cloud Access Control in IoT Through Static Firmware Analysis2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00054(495-506)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00054
Novais LNaia NAzevedo JCabral J(2024)Let’s Get Cyber-Physical: Validation of Safety-Critical Cyber-Physical SystemsIEEE Access10.1109/ACCESS.2024.347021612(142569-142581)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3470216
Liu PCao YYan YWang Y(2024)Firmware Vulnerability Detection Algorithm Based on Matching Pattern-Specific Numerical Features With Structural FeaturesIEEE Access10.1109/ACCESS.2024.337853312(42317-42328)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3378533
Kim JYu JLee YKim DYun J(2024)HD-FUZZ: Hardware dependency-aware firmware fuzzing via hybrid MMIO modelingJournal of Network and Computer Applications10.1016/j.jnca.2024.103835224(103835)Online publication date: Apr-2024
https://doi.org/10.1016/j.jnca.2024.103835
Ye JFei Xde Carnavalet XZhao LWu LZhang M(2024)Detecting command injection vulnerabilities in Linux-based embedded firmware with LLM-based taint analysis of library functionsComputers & Security10.1016/j.cose.2024.103971144(103971)Online publication date: Sep-2024
https://doi.org/10.1016/j.cose.2024.103971
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents