2021-06-20 11:02:29 +02:00
@inproceedings { grammarinator ,
author = {Ren{\'{a}}ta Hodov{\'{a}}n and
{\'{A}}kos Kiss and
Tibor Gyim{\'{o}}thy},
editor = {Wishnu Prasetya and
Tanja E. J. Vos and
Sinem Getir},
title = {Grammarinator: a grammar-based open source fuzzer},
booktitle = {Proceedings of the 9th {ACM} {SIGSOFT} International Workshop on Automating
{TEST} Case Design, Selection, and Evaluation, A-TEST@ESEC/SIGSOFT
{FSE} 2018, Lake Buena Vista, FL, USA, November 05, 2018},
pages = {45--48},
publisher = {{ACM}},
year = {2018},
url = {https://doi.org/10.1145/3278186.3278193},
doi = {10.1145/3278186.3278193},
timestamp = {Wed, 09 Jan 2019 17:56:06 +0100},
biburl = {https://dblp.org/rec/conf/sigsoft/Hodovan0G18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { modelfuzz ,
author = {Pham, Van-Thuan and B\"{o}hme, Marcel and Roychoudhury, Abhik},
title = {Model-Based Whitebox Fuzzing for Program Binaries},
year = {2016},
isbn = {9781450338455},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/2970276.2970316},
doi = {10.1145/2970276.2970316},
booktitle = {Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering},
pages = {543–
numpages = {11},
keywords = {Program Binaries, Symbolic Execution},
location = {Singapore, Singapore},
series = {ASE 2016}
}
2021-06-17 00:13:46 +02:00
@article { hung2017leading ,
title={Leading the IoT Gartner Insight on How to Lead in a Cnnected World},
author={Hung, Mark},
journal={Gartner Research},
volume={1},
pages={1--5},
year={2017}
}
@incollection { mcmillen2015security ,
title={Security attacks on industrial control systems},
author={McMillen, David},
booktitle={Technical Report},
year={2015},
publisher={IBM}
}
@online { posey2021iot ,
author = {Posey, Brien},
title = {IoT devices},
year = 2021,
url = {https://web.archive.org/web/20210520072243/https://internetofthingsagenda.techtarget.com/definition/IoT-device},
urldate = {2021-05-20}
}
2021-06-20 11:02:29 +02:00
@online { xss ,
author = {The OWASP Foundation},
title = {Cross Site Scripting (XSS) Software Attack | OWASP},
year = 2021,
url = {https://web.archive.org/web/20210615012447/https://owasp.org/www-community/attacks/xss/},
urldate = {2021-06-15}
}
2021-06-17 00:13:46 +02:00
@online { OWASP2021Fuzzing ,
author = {The OWASP Foundation},
title = {Fuzzing | OWASP},
year = 2021,
url = {https://web.archive.org/web/20210414111843/https://owasp.org/www-community/Fuzzing},
urldate = {2021-04-14}
}
2021-06-20 11:02:29 +02:00
@inproceedings { iothunter ,
author = {Bo Yu and
Pengfei Wang and
Tai Yue and
Yong Tang},
editor = {Lorenzo Cavallaro and
Johannes Kinder and
XiaoFeng Wang and
Jonathan Katz},
title = {Poster: Fuzzing IoT Firmware via Multi-stage Message Generation},
booktitle = {Proceedings of the 2019 {ACM} {SIGSAC} Conference on Computer and
Communications Security, {CCS} 2019, London, UK, November 11-15, 2019},
pages = {2525--2527},
publisher = {{ACM}},
year = {2019},
url = {https://doi.org/10.1145/3319535.3363247},
doi = {10.1145/3319535.3363247},
timestamp = {Tue, 10 Nov 2020 20:00:54 +0100},
biburl = {https://dblp.org/rec/conf/ccs/YuWYT19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article { hfuzz ,
author = {Xinyao Liu and
Baojiang Cui and
Junsong Fu and
Jinxin Ma},
title = {HFuzz: Towards automatic fuzzing testing of NB-IoT core network protocols
implementations},
journal = {Future Gener. Comput. Syst.},
volume = {108},
pages = {390--400},
year = {2020},
url = {https://doi.org/10.1016/j.future.2019.12.032},
doi = {10.1016/j.future.2019.12.032},
timestamp = {Mon, 18 May 2020 17:42:49 +0200},
biburl = {https://dblp.org/rec/journals/fgcs/LiuCFM20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article { siotfuzzer ,
title={SIoTFuzzer: Fuzzing Web Interface in IoT Firmware via Stateful Message Generation},
author={Zhang, Hangwei and Lu, Kai and Zhou, Xu and Yin, Qidi and Wang, Pengfei and Yue, Tai},
journal={Applied Sciences},
volume={11},
number={7},
pages={3120},
year={2021},
publisher={Multidisciplinary Digital Publishing Institute}
}
@inproceedings { diane ,
title={DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices},
author={Redini, Nilo and Continella, Andrea and Das, Dipanjan and De Pasquale, Giulio and Spahn, Noah and Machiry, Aravind and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni},
booktitle={42nd IEEE Symposium on Security and Privacy 2021},
year={2021}
}
@inproceedings { firmfuzz ,
author = {Prashast Srivastava and
Hui Peng and
Jiahao Li and
Hamed Okhravi and
Howard E. Shrobe and
Mathias Payer},
editor = {Peng Liu and
Yuqing Zhang},
title = {FirmFuzz: Automated IoT Firmware Introspection and Analysis},
booktitle = {Proceedings of the 2nd International {ACM} Workshop on Security and
Privacy for the Internet-of-Things, IoT S{\&}P@CCS 2019, London,
UK, November 15, 2019},
pages = {15--21},
publisher = {{ACM}},
year = {2019},
url = {https://doi.org/10.1145/3338507.3358616},
doi = {10.1145/3338507.3358616},
timestamp = {Tue, 10 Nov 2020 16:06:16 +0100},
biburl = {https://dblp.org/rec/conf/ccs/SrivastavaPLOSP19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { mulbin ,
author = {Nilo Redini and
Aravind Machiry and
Ruoyu Wang and
Chad Spensky and
Andrea Continella and
Yan Shoshitaishvili and
Christopher Kruegel and
Giovanni Vigna},
title = {Karonte: Detecting Insecure Multi-binary Interactions in Embedded
Firmware},
booktitle = {2020 {IEEE} Symposium on Security and Privacy, {SP} 2020, San Francisco,
CA, USA, May 18-21, 2020},
pages = {1544--1561},
publisher = {{IEEE}},
year = {2020},
url = {https://doi.org/10.1109/SP40000.2020.00036},
doi = {10.1109/SP40000.2020.00036},
timestamp = {Thu, 20 Aug 2020 17:04:50 +0200},
biburl = {https://dblp.org/rec/conf/sp/RediniM0SCSKV20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
2021-06-17 00:13:46 +02:00
@article { lowendos ,
author = {Oliver Hahm and
Emmanuel Baccelli and
Hauke Petersen and
Nicolas Tsiftes},
title = {Operating Systems for Low-End Devices in the Internet of Things: {A}
Survey},
journal = {{IEEE} Internet Things J.},
volume = {3},
number = {5},
pages = {720--734},
year = {2016},
url = {https://doi.org/10.1109/JIOT.2015.2505901},
doi = {10.1109/JIOT.2015.2505901},
timestamp = {Mon, 08 Jun 2020 22:23:02 +0200},
biburl = {https://dblp.org/rec/journals/iotj/HahmBPT16.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article { snipuzz ,
author = {Xiaotao Feng and
Ruoxi Sun and
Xiaogang Zhu and
Minhui Xue and
Sheng Wen and
Dongxi Liu and
Surya Nepal and
Yang Xiang},
title = {Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference},
journal = {CoRR},
volume = {abs/2105.05445},
year = {2021},
url = {https://arxiv.org/abs/2105.05445},
archivePrefix = {arXiv},
eprint = {2105.05445},
timestamp = {Mon, 31 May 2021 08:26:46 +0200},
biburl = {https://dblp.org/rec/journals/corr/abs-2105-05445.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { firmafl ,
author = {Yaowen Zheng and
Ali Davanian and
Heng Yin and
Chengyu Song and
Hongsong Zhu and
Limin Sun},
editor = {Nadia Heninger and
Patrick Traynor},
title = {{FIRM-AFL:} High-Throughput Greybox Fuzzing of IoT Firmware via Augmented
Process Emulation},
booktitle = {28th {USENIX} Security Symposium, {USENIX} Security 2019, Santa Clara,
CA, USA, August 14-16, 2019},
pages = {1099--1114},
publisher = {{USENIX} Association},
year = {2019},
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/zheng},
timestamp = {Mon, 01 Feb 2021 08:43:20 +0100},
biburl = {https://dblp.org/rec/conf/uss/ZhengDYSZS19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { largeanal ,
author = {Andrei Costin and
Jonas Zaddach and
Aur{\'{e}}lien Francillon and
Davide Balzarotti},
editor = {Kevin Fu and
Jaeyeon Jung},
title = {A Large-Scale Analysis of the Security of Embedded Firmwares},
booktitle = {Proceedings of the 23rd {USENIX} Security Symposium, San Diego, CA,
USA, August 20-22, 2014},
pages = {95--110},
publisher = {{USENIX} Association},
year = {2014},
url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin},
timestamp = {Mon, 01 Feb 2021 08:43:17 +0100},
biburl = {https://dblp.org/rec/conf/uss/CostinZFB14.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { autodyn ,
author = {Andrei Costin and
Apostolis Zarras and
Aur{\'{e}}lien Francillon},
editor = {Xiaofeng Chen and
XiaoFeng Wang and
Xinyi Huang},
title = {Automated Dynamic Firmware Analysis at Scale: {A} Case Study on Embedded
Web Interfaces},
booktitle = {Proceedings of the 11th {ACM} on Asia Conference on Computer and Communications
Security, AsiaCCS 2016, Xi'an, China, May 30 - June 3, 2016},
pages = {437--448},
publisher = {{ACM}},
year = {2016},
url = {https://doi.org/10.1145/2897845.2897900},
doi = {10.1145/2897845.2897900},
timestamp = {Tue, 10 Nov 2020 16:06:16 +0100},
biburl = {https://dblp.org/rec/conf/ccs/CostinZF16.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { avatar ,
author = {Jonas Zaddach and
Luca Bruno and
Aur{\'{e}}lien Francillon and
Davide Balzarotti},
title = {{AVATAR:} {A} Framework to Support Dynamic Security Analysis of Embedded
Systems' Firmwares},
booktitle = {21st Annual Network and Distributed System Security Symposium, {NDSS}
2014, San Diego, California, USA, February 23-26, 2014},
publisher = {The Internet Society},
year = {2014},
url = {https://www.ndss-symposium.org/ndss2014/avatar-framework-support-dynamic-security-analysis-embedded-systems-firmwares},
timestamp = {Mon, 01 Feb 2021 08:42:18 +0100},
biburl = {https://dblp.org/rec/conf/ndss/ZaddachBFB14.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article { firmcorn ,
author = {Zhijie Gui and
Hui Shu and
Fei Kang and
Xiaobing Xiong},
title = {{FIRMCORN:} Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized
Virtual Execution},
journal = {{IEEE} Access},
volume = {8},
pages = {29826--29841},
year = {2020},
url = {https://doi.org/10.1109/ACCESS.2020.2973043},
doi = {10.1109/ACCESS.2020.2973043},
timestamp = {Tue, 03 Mar 2020 09:38:04 +0100},
biburl = {https://dblp.org/rec/journals/access/GuiSKX20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { iotfuzzer ,
author = {Jiongyi Chen and
Wenrui Diao and
Qingchuan Zhao and
Chaoshun Zuo and
Zhiqiang Lin and
XiaoFeng Wang and
Wing Cheong Lau and
Menghan Sun and
Ronghai Yang and
Kehuan Zhang},
title = {IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based
Fuzzing},
booktitle = {25th Annual Network and Distributed System Security Symposium, {NDSS}
2018, San Diego, California, USA, February 18-21, 2018},
publisher = {The Internet Society},
year = {2018},
url = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018\_01A-1\_Chen\_paper.pdf},
timestamp = {Thu, 09 Aug 2018 10:57:16 +0200},
biburl = {https://dblp.org/rec/conf/ndss/ChenDZZL0LSYZ18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article { wmifuzzer ,
author = {Dong Wang and
Xiaosong Zhang and
Ting Chen and
Jingwei Li},
title = {Discovering Vulnerabilities in {COTS} IoT Devices through Blackbox
Fuzzing Web Management Interface},
journal = {Secur. Commun. Networks},
volume = {2019},
pages = {5076324:1--5076324:19},
year = {2019},
url = {https://doi.org/10.1155/2019/5076324},
doi = {10.1155/2019/5076324},
timestamp = {Thu, 10 Sep 2020 14:41:04 +0200},
biburl = {https://dblp.org/rec/journals/scn/WangZCL19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
2021-06-20 11:02:29 +02:00
@Misc { aflpp ,
title = {American Fuzzy Lop plus plus},
howpublished = {\url{https://github.com/AFLplusplus/AFLplusplus}},
}
@Misc { panda ,
title = {Panda},
howpublished = {\url{https://github.com/panda-re/panda}},
}
@Misc { afl ,
title = {american fuzzy lob},
howpublished = {\url{https://github.com/google/AFL}},
}
@Misc { xsstrike ,
title = {XSStrike},
howpublished = {\url{https://github.com/s0md3v/XSStrike}},
}
2021-06-17 00:13:46 +02:00
@Misc { binwalk ,
title = {Binwalk},
howpublished = {\url{https://github.com/ReFirmLabs/binwalk}},
}
2021-06-20 11:02:29 +02:00
@Misc { valgrind ,
title = {Valgrind},
howpublished = {\url{https://www.valgrind.org/}},
}
@Misc { triforceafl ,
title = {TriforceAFL},
howpublished = {\url{https://github.com/nccgroup/TriforceAFL}},
}
@Misc { fuzzdb ,
title = {FuzzDB},
howpublished = {\url{https://github.com/fuzzdb-project/fuzzdb}},
}
@Misc { blons ,
title = {Big List of Naughty Strings},
howpublished = {\url{https://github.com/minimaxir/big-list-of-naughty-strings}},
}
@Misc { radamsa ,
title = {radamsa},
howpublished = {\url{https://gitlab.com/akihe/radamsa}},
}
2021-06-17 00:13:46 +02:00
@Misc { IDA ,
title = {IDA Pro},
howpublished = {\url{https://hex-rays.com/ida-pro/}},
}
@Misc { boofuzz ,
title = {boofuzz},
howpublished = {\url{https://github.com/jtpereyda/boofuzz}},
}
@inproceedings { firmup ,
author = {Yaniv David and
Nimrod Partush and
Eran Yahav},
editor = {Xipeng Shen and
James Tuck and
Ricardo Bianchini and
Vivek Sarkar},
title = {FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware},
booktitle = {Proceedings of the Twenty-Third International Conference on Architectural
Support for Programming Languages and Operating Systems, {ASPLOS}
2018, Williamsburg, VA, USA, March 24-28, 2018},
pages = {392--404},
publisher = {{ACM}},
year = {2018},
url = {https://doi.org/10.1145/3173162.3177157},
doi = {10.1145/3173162.3177157},
timestamp = {Mon, 22 Mar 2021 16:55:03 +0100},
biburl = {https://dblp.org/rec/conf/asplos/DavidPY18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { crash ,
author = {Marius Muench and
Jan Stijohann and
Frank Kargl and
Aur{\'{e}}lien Francillon and
Davide Balzarotti},
title = {What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded
Devices},
booktitle = {25th Annual Network and Distributed System Security Symposium, {NDSS}
2018, San Diego, California, USA, February 18-21, 2018},
publisher = {The Internet Society},
year = {2018},
url = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018\_01A-4\_Muench\_paper.pdf},
timestamp = {Thu, 09 Aug 2018 10:57:16 +0200},
biburl = {https://dblp.org/rec/conf/ndss/MuenchSKFB18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
2021-06-09 02:11:45 +02:00
}
2021-06-20 11:02:29 +02:00
@inproceedings { tfuzz ,
author = {Hui Peng and
Yan Shoshitaishvili and
Mathias Payer},
title = {T-Fuzz: Fuzzing by Program Transformation},
booktitle = {2018 {IEEE} Symposium on Security and Privacy, {SP} 2018, Proceedings,
21-23 May 2018, San Francisco, California, {USA}},
pages = {697--710},
publisher = {{IEEE} Computer Society},
year = {2018},
url = {https://doi.org/10.1109/SP.2018.00056},
doi = {10.1109/SP.2018.00056},
timestamp = {Wed, 16 Oct 2019 14:14:51 +0200},
biburl = {https://dblp.org/rec/conf/sp/PengSP18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { angora ,
author = {Peng Chen and
Hao Chen},
title = {Angora: Efficient Fuzzing by Principled Search},
booktitle = {2018 {IEEE} Symposium on Security and Privacy, {SP} 2018, Proceedings,
21-23 May 2018, San Francisco, California, {USA}},
pages = {711--725},
publisher = {{IEEE} Computer Society},
year = {2018},
url = {https://doi.org/10.1109/SP.2018.00046},
doi = {10.1109/SP.2018.00046},
timestamp = {Wed, 16 Oct 2019 14:14:51 +0200},
biburl = {https://dblp.org/rec/conf/sp/ChenC18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { karonte ,
author = {Nilo Redini and
Aravind Machiry and
Ruoyu Wang and
Chad Spensky and
Andrea Continella and
Yan Shoshitaishvili and
Christopher Kruegel and
Giovanni Vigna},
title = {Karonte: Detecting Insecure Multi-binary Interactions in Embedded
Firmware},
booktitle = {2020 {IEEE} Symposium on Security and Privacy, {SP} 2020, San Francisco,
CA, USA, May 18-21, 2020},
pages = {1544--1561},
publisher = {{IEEE}},
year = {2020},
url = {https://doi.org/10.1109/SP40000.2020.00036},
doi = {10.1109/SP40000.2020.00036},
timestamp = {Thu, 20 Aug 2020 17:04:50 +0200},
biburl = {https://dblp.org/rec/conf/sp/RediniM0SCSKV20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings { vuzzer ,
author = {Sanjay Rawat and
Vivek Jain and
Ashish Kumar and
Lucian Cojocar and
Cristiano Giuffrida and
Herbert Bos},
title = {VUzzer: Application-aware Evolutionary Fuzzing},
booktitle = {24th Annual Network and Distributed System Security Symposium, {NDSS}
2017, San Diego, California, USA, February 26 - March 1, 2017},
publisher = {The Internet Society},
year = {2017},
url = {https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/vuzzer-application-aware-evolutionary-fuzzing/},
timestamp = {Mon, 01 Feb 2021 08:42:22 +0100},
biburl = {https://dblp.org/rec/conf/ndss/0001JKCGB17.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article { compwbgbox ,
title={A comparative study of white box, black box and grey box testing techniques},
author={Khan, Mohd Ehmer and Khan, Farmeena and others},
journal={Int. J. Adv. Comput. Sci. Appl},
volume={3},
number={6},
year={2012},
publisher={Citeseer}
}
