@inproceedings{grammarinator, author = {Ren{\'{a}}ta Hodov{\'{a}}n and {\'{A}}kos Kiss and Tibor Gyim{\'{o}}thy}, editor = {Wishnu Prasetya and Tanja E. J. Vos and Sinem Getir}, title = {Grammarinator: a grammar-based open source fuzzer}, booktitle = {Proceedings of the 9th {ACM} {SIGSOFT} International Workshop on Automating {TEST} Case Design, Selection, and Evaluation, A-TEST@ESEC/SIGSOFT {FSE} 2018, Lake Buena Vista, FL, USA, November 05, 2018}, pages = {45--48}, publisher = {{ACM}}, year = {2018}, url = {https://doi.org/10.1145/3278186.3278193}, doi = {10.1145/3278186.3278193}, timestamp = {Wed, 09 Jan 2019 17:56:06 +0100}, biburl = {https://dblp.org/rec/conf/sigsoft/Hodovan0G18.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{modelfuzz, author = {Pham, Van-Thuan and B\"{o}hme, Marcel and Roychoudhury, Abhik}, title = {Model-Based Whitebox Fuzzing for Program Binaries}, year = {2016}, isbn = {9781450338455}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/2970276.2970316}, doi = {10.1145/2970276.2970316}, booktitle = {Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering}, pages = {543–553}, numpages = {11}, keywords = {Program Binaries, Symbolic Execution}, location = {Singapore, Singapore}, series = {ASE 2016} } @article{hung2017leading, title={Leading the IoT Gartner Insight on How to Lead in a Cnnected World}, author={Hung, Mark}, journal={Gartner Research}, volume={1}, pages={1--5}, year={2017} } @incollection{mcmillen2015security, title={Security attacks on industrial control systems}, author={McMillen, David}, booktitle={Technical Report}, year={2015}, publisher={IBM} } @online{posey2021iot, author = {Posey, Brien}, title = {IoT devices}, year = 2021, url = {https://web.archive.org/web/20210520072243/https://internetofthingsagenda.techtarget.com/definition/IoT-device}, urldate = {2021-05-20} } @online{miraisec, author = {Eduard Kovacs}, title = {Over 500,000 IoT Devices Vulnerable to Mirai Botnet}, year = 2016, url = {https://web.archive.org/web/20210507170030/https://www.securityweek.com/over-500000-iot-devices-vulnerable-mirai-botnet}, urldate = {2021-05-07} } @online{xss, author = {The OWASP Foundation}, title = {Cross Site Scripting (XSS) Software Attack | OWASP}, year = 2021, url = {https://web.archive.org/web/20210615012447/https://owasp.org/www-community/attacks/xss/}, urldate = {2021-06-15} } @online{OWASP2021Fuzzing, author = {The OWASP Foundation}, title = {Fuzzing | OWASP}, year = 2021, url = {https://web.archive.org/web/20210414111843/https://owasp.org/www-community/Fuzzing}, urldate = {2021-04-14} } @inproceedings{iothunter, author = {Bo Yu and Pengfei Wang and Tai Yue and Yong Tang}, editor = {Lorenzo Cavallaro and Johannes Kinder and XiaoFeng Wang and Jonathan Katz}, title = {Poster: Fuzzing IoT Firmware via Multi-stage Message Generation}, booktitle = {Proceedings of the 2019 {ACM} {SIGSAC} Conference on Computer and Communications Security, {CCS} 2019, London, UK, November 11-15, 2019}, pages = {2525--2527}, publisher = {{ACM}}, year = {2019}, url = {https://doi.org/10.1145/3319535.3363247}, doi = {10.1145/3319535.3363247}, timestamp = {Tue, 10 Nov 2020 20:00:54 +0100}, biburl = {https://dblp.org/rec/conf/ccs/YuWYT19.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @article{hfuzz, author = {Xinyao Liu and Baojiang Cui and Junsong Fu and Jinxin Ma}, title = {HFuzz: Towards automatic fuzzing testing of NB-IoT core network protocols implementations}, journal = {Future Gener. Comput. Syst.}, volume = {108}, pages = {390--400}, year = {2020}, url = {https://doi.org/10.1016/j.future.2019.12.032}, doi = {10.1016/j.future.2019.12.032}, timestamp = {Mon, 18 May 2020 17:42:49 +0200}, biburl = {https://dblp.org/rec/journals/fgcs/LiuCFM20.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @article{siotfuzzer, title={SIoTFuzzer: Fuzzing Web Interface in IoT Firmware via Stateful Message Generation}, author={Zhang, Hangwei and Lu, Kai and Zhou, Xu and Yin, Qidi and Wang, Pengfei and Yue, Tai}, journal={Applied Sciences}, volume={11}, number={7}, pages={3120}, year={2021}, publisher={Multidisciplinary Digital Publishing Institute} } @inproceedings{diane, title={DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices}, author={Redini, Nilo and Continella, Andrea and Das, Dipanjan and De Pasquale, Giulio and Spahn, Noah and Machiry, Aravind and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni}, booktitle={42nd IEEE Symposium on Security and Privacy 2021}, year={2021} } @inproceedings{firmfuzz, author = {Prashast Srivastava and Hui Peng and Jiahao Li and Hamed Okhravi and Howard E. Shrobe and Mathias Payer}, editor = {Peng Liu and Yuqing Zhang}, title = {FirmFuzz: Automated IoT Firmware Introspection and Analysis}, booktitle = {Proceedings of the 2nd International {ACM} Workshop on Security and Privacy for the Internet-of-Things, IoT S{\&}P@CCS 2019, London, UK, November 15, 2019}, pages = {15--21}, publisher = {{ACM}}, year = {2019}, url = {https://doi.org/10.1145/3338507.3358616}, doi = {10.1145/3338507.3358616}, timestamp = {Tue, 10 Nov 2020 16:06:16 +0100}, biburl = {https://dblp.org/rec/conf/ccs/SrivastavaPLOSP19.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{mulbin, author = {Nilo Redini and Aravind Machiry and Ruoyu Wang and Chad Spensky and Andrea Continella and Yan Shoshitaishvili and Christopher Kruegel and Giovanni Vigna}, title = {Karonte: Detecting Insecure Multi-binary Interactions in Embedded Firmware}, booktitle = {2020 {IEEE} Symposium on Security and Privacy, {SP} 2020, San Francisco, CA, USA, May 18-21, 2020}, pages = {1544--1561}, publisher = {{IEEE}}, year = {2020}, url = {https://doi.org/10.1109/SP40000.2020.00036}, doi = {10.1109/SP40000.2020.00036}, timestamp = {Thu, 20 Aug 2020 17:04:50 +0200}, biburl = {https://dblp.org/rec/conf/sp/RediniM0SCSKV20.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @article{lowendos, author = {Oliver Hahm and Emmanuel Baccelli and Hauke Petersen and Nicolas Tsiftes}, title = {Operating Systems for Low-End Devices in the Internet of Things: {A} Survey}, journal = {{IEEE} Internet Things J.}, volume = {3}, number = {5}, pages = {720--734}, year = {2016}, url = {https://doi.org/10.1109/JIOT.2015.2505901}, doi = {10.1109/JIOT.2015.2505901}, timestamp = {Mon, 08 Jun 2020 22:23:02 +0200}, biburl = {https://dblp.org/rec/journals/iotj/HahmBPT16.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @article{snipuzz, author = {Xiaotao Feng and Ruoxi Sun and Xiaogang Zhu and Minhui Xue and Sheng Wen and Dongxi Liu and Surya Nepal and Yang Xiang}, title = {Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference}, journal = {CoRR}, volume = {abs/2105.05445}, year = {2021}, url = {https://arxiv.org/abs/2105.05445}, archivePrefix = {arXiv}, eprint = {2105.05445}, timestamp = {Mon, 31 May 2021 08:26:46 +0200}, biburl = {https://dblp.org/rec/journals/corr/abs-2105-05445.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{firmafl, author = {Yaowen Zheng and Ali Davanian and Heng Yin and Chengyu Song and Hongsong Zhu and Limin Sun}, editor = {Nadia Heninger and Patrick Traynor}, title = {{FIRM-AFL:} High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation}, booktitle = {28th {USENIX} Security Symposium, {USENIX} Security 2019, Santa Clara, CA, USA, August 14-16, 2019}, pages = {1099--1114}, publisher = {{USENIX} Association}, year = {2019}, url = {https://www.usenix.org/conference/usenixsecurity19/presentation/zheng}, timestamp = {Mon, 01 Feb 2021 08:43:20 +0100}, biburl = {https://dblp.org/rec/conf/uss/ZhengDYSZS19.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{largeanal, author = {Andrei Costin and Jonas Zaddach and Aur{\'{e}}lien Francillon and Davide Balzarotti}, editor = {Kevin Fu and Jaeyeon Jung}, title = {A Large-Scale Analysis of the Security of Embedded Firmwares}, booktitle = {Proceedings of the 23rd {USENIX} Security Symposium, San Diego, CA, USA, August 20-22, 2014}, pages = {95--110}, publisher = {{USENIX} Association}, year = {2014}, url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin}, timestamp = {Mon, 01 Feb 2021 08:43:17 +0100}, biburl = {https://dblp.org/rec/conf/uss/CostinZFB14.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{autodyn, author = {Andrei Costin and Apostolis Zarras and Aur{\'{e}}lien Francillon}, editor = {Xiaofeng Chen and XiaoFeng Wang and Xinyi Huang}, title = {Automated Dynamic Firmware Analysis at Scale: {A} Case Study on Embedded Web Interfaces}, booktitle = {Proceedings of the 11th {ACM} on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi'an, China, May 30 - June 3, 2016}, pages = {437--448}, publisher = {{ACM}}, year = {2016}, url = {https://doi.org/10.1145/2897845.2897900}, doi = {10.1145/2897845.2897900}, timestamp = {Tue, 10 Nov 2020 16:06:16 +0100}, biburl = {https://dblp.org/rec/conf/ccs/CostinZF16.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{avatar, author = {Jonas Zaddach and Luca Bruno and Aur{\'{e}}lien Francillon and Davide Balzarotti}, title = {{AVATAR:} {A} Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares}, booktitle = {21st Annual Network and Distributed System Security Symposium, {NDSS} 2014, San Diego, California, USA, February 23-26, 2014}, publisher = {The Internet Society}, year = {2014}, url = {https://www.ndss-symposium.org/ndss2014/avatar-framework-support-dynamic-security-analysis-embedded-systems-firmwares}, timestamp = {Mon, 01 Feb 2021 08:42:18 +0100}, biburl = {https://dblp.org/rec/conf/ndss/ZaddachBFB14.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @article{firmcorn, author = {Zhijie Gui and Hui Shu and Fei Kang and Xiaobing Xiong}, title = {{FIRMCORN:} Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution}, journal = {{IEEE} Access}, volume = {8}, pages = {29826--29841}, year = {2020}, url = {https://doi.org/10.1109/ACCESS.2020.2973043}, doi = {10.1109/ACCESS.2020.2973043}, timestamp = {Tue, 03 Mar 2020 09:38:04 +0100}, biburl = {https://dblp.org/rec/journals/access/GuiSKX20.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{iotfuzzer, author = {Jiongyi Chen and Wenrui Diao and Qingchuan Zhao and Chaoshun Zuo and Zhiqiang Lin and XiaoFeng Wang and Wing Cheong Lau and Menghan Sun and Ronghai Yang and Kehuan Zhang}, title = {IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing}, booktitle = {25th Annual Network and Distributed System Security Symposium, {NDSS} 2018, San Diego, California, USA, February 18-21, 2018}, publisher = {The Internet Society}, year = {2018}, url = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018\_01A-1\_Chen\_paper.pdf}, timestamp = {Thu, 09 Aug 2018 10:57:16 +0200}, biburl = {https://dblp.org/rec/conf/ndss/ChenDZZL0LSYZ18.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @article{wmifuzzer, author = {Dong Wang and Xiaosong Zhang and Ting Chen and Jingwei Li}, title = {Discovering Vulnerabilities in {COTS} IoT Devices through Blackbox Fuzzing Web Management Interface}, journal = {Secur. Commun. Networks}, volume = {2019}, pages = {5076324:1--5076324:19}, year = {2019}, url = {https://doi.org/10.1155/2019/5076324}, doi = {10.1155/2019/5076324}, timestamp = {Thu, 10 Sep 2020 14:41:04 +0200}, biburl = {https://dblp.org/rec/journals/scn/WangZCL19.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @Misc{aflpp, title = {American Fuzzy Lop plus plus}, howpublished = {\url{https://github.com/AFLplusplus/AFLplusplus}}, } @Misc{panda, title = {Panda}, howpublished = {\url{https://github.com/panda-re/panda}}, } @Misc{afl, title = {american fuzzy lob}, howpublished = {\url{https://github.com/google/AFL}}, } @Misc{xsstrike, title = {XSStrike}, howpublished = {\url{https://github.com/s0md3v/XSStrike}}, } @Misc{binwalk, title = {Binwalk}, howpublished = {\url{https://github.com/ReFirmLabs/binwalk}}, } @Misc{valgrind, title = {Valgrind}, howpublished = {\url{https://www.valgrind.org/}}, } @Misc{triforceafl, title = {TriforceAFL}, howpublished = {\url{https://github.com/nccgroup/TriforceAFL}}, } @Misc{fuzzdb, title = {FuzzDB}, howpublished = {\url{https://github.com/fuzzdb-project/fuzzdb}}, } @Misc{blons, title = {Big List of Naughty Strings}, howpublished = {\url{https://github.com/minimaxir/big-list-of-naughty-strings}}, } @Misc{radamsa, title = {radamsa}, howpublished = {\url{https://gitlab.com/akihe/radamsa}}, } @Misc{IDA, title = {IDA Pro}, howpublished = {\url{https://hex-rays.com/ida-pro/}}, } @Misc{boofuzz, title = {boofuzz}, howpublished = {\url{https://github.com/jtpereyda/boofuzz}}, } @inproceedings{firmup, author = {Yaniv David and Nimrod Partush and Eran Yahav}, editor = {Xipeng Shen and James Tuck and Ricardo Bianchini and Vivek Sarkar}, title = {FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware}, booktitle = {Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, {ASPLOS} 2018, Williamsburg, VA, USA, March 24-28, 2018}, pages = {392--404}, publisher = {{ACM}}, year = {2018}, url = {https://doi.org/10.1145/3173162.3177157}, doi = {10.1145/3173162.3177157}, timestamp = {Mon, 22 Mar 2021 16:55:03 +0100}, biburl = {https://dblp.org/rec/conf/asplos/DavidPY18.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{crash, author = {Marius Muench and Jan Stijohann and Frank Kargl and Aur{\'{e}}lien Francillon and Davide Balzarotti}, title = {What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices}, booktitle = {25th Annual Network and Distributed System Security Symposium, {NDSS} 2018, San Diego, California, USA, February 18-21, 2018}, publisher = {The Internet Society}, year = {2018}, url = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018\_01A-4\_Muench\_paper.pdf}, timestamp = {Thu, 09 Aug 2018 10:57:16 +0200}, biburl = {https://dblp.org/rec/conf/ndss/MuenchSKFB18.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{tfuzz, author = {Hui Peng and Yan Shoshitaishvili and Mathias Payer}, title = {T-Fuzz: Fuzzing by Program Transformation}, booktitle = {2018 {IEEE} Symposium on Security and Privacy, {SP} 2018, Proceedings, 21-23 May 2018, San Francisco, California, {USA}}, pages = {697--710}, publisher = {{IEEE} Computer Society}, year = {2018}, url = {https://doi.org/10.1109/SP.2018.00056}, doi = {10.1109/SP.2018.00056}, timestamp = {Wed, 16 Oct 2019 14:14:51 +0200}, biburl = {https://dblp.org/rec/conf/sp/PengSP18.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{angora, author = {Peng Chen and Hao Chen}, title = {Angora: Efficient Fuzzing by Principled Search}, booktitle = {2018 {IEEE} Symposium on Security and Privacy, {SP} 2018, Proceedings, 21-23 May 2018, San Francisco, California, {USA}}, pages = {711--725}, publisher = {{IEEE} Computer Society}, year = {2018}, url = {https://doi.org/10.1109/SP.2018.00046}, doi = {10.1109/SP.2018.00046}, timestamp = {Wed, 16 Oct 2019 14:14:51 +0200}, biburl = {https://dblp.org/rec/conf/sp/ChenC18.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{karonte, author = {Nilo Redini and Aravind Machiry and Ruoyu Wang and Chad Spensky and Andrea Continella and Yan Shoshitaishvili and Christopher Kruegel and Giovanni Vigna}, title = {Karonte: Detecting Insecure Multi-binary Interactions in Embedded Firmware}, booktitle = {2020 {IEEE} Symposium on Security and Privacy, {SP} 2020, San Francisco, CA, USA, May 18-21, 2020}, pages = {1544--1561}, publisher = {{IEEE}}, year = {2020}, url = {https://doi.org/10.1109/SP40000.2020.00036}, doi = {10.1109/SP40000.2020.00036}, timestamp = {Thu, 20 Aug 2020 17:04:50 +0200}, biburl = {https://dblp.org/rec/conf/sp/RediniM0SCSKV20.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{vuzzer, author = {Sanjay Rawat and Vivek Jain and Ashish Kumar and Lucian Cojocar and Cristiano Giuffrida and Herbert Bos}, title = {VUzzer: Application-aware Evolutionary Fuzzing}, booktitle = {24th Annual Network and Distributed System Security Symposium, {NDSS} 2017, San Diego, California, USA, February 26 - March 1, 2017}, publisher = {The Internet Society}, year = {2017}, url = {https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/vuzzer-application-aware-evolutionary-fuzzing/}, timestamp = {Mon, 01 Feb 2021 08:42:22 +0100}, biburl = {https://dblp.org/rec/conf/ndss/0001JKCGB17.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @article{compwbgbox, title={A comparative study of white box, black box and grey box testing techniques}, author={Khan, Mohd Ehmer and Khan, Farmeena and others}, journal={Int. J. Adv. Comput. Sci. Appl}, volume={3}, number={6}, year={2012}, publisher={Citeseer} } @inproceedings{mirai, author = {Manos Antonakakis and Tim April and Michael Bailey and Matt Bernhard and Elie Bursztein and Jaime Cochran and Zakir Durumeric and J. Alex Halderman and Luca Invernizzi and Michalis Kallitsis and Deepak Kumar and Chaz Lever and Zane Ma and Joshua Mason and Damian Menscher and Chad Seaman and Nick Sullivan and Kurt Thomas and Yi Zhou}, title = {Understanding the Mirai Botnet}, booktitle = {26th {USENIX} Security Symposium ({USENIX} Security 17)}, year = 2017, isbn = {978-1-931971-40-9}, address = {Vancouver, BC}, pages = {1093--1110}, url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis}, publisher = {{USENIX} Association}, month = aug, } @article{crystal, author = {Nan Zhang and Soteris Demetriou and Xianghang Mi and Wenrui Diao and Kan Yuan and Peiyuan Zong and Feng Qian and XiaoFeng Wang and Kai Chen and Yuan Tian and Carl A. Gunter and Kehuan Zhang and Patrick Tague and Yue-Hsun Lin}, title = {Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be}, journal = {CoRR}, volume = {abs/1703.09809}, year = {2017}, url = {http://arxiv.org/abs/1703.09809}, archivePrefix = {arXiv}, eprint = {1703.09809}, timestamp = {Sat, 23 Jan 2021 01:11:26 +0100}, biburl = {https://dblp.org/rec/journals/corr/ZhangDMDYZQW0TG17.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @ARTICLE{fuzzsurvey, author={Manès, Valentin Jean Marie and Han, HyungSeok and Han, Choongwoo and Cha, Sang Kil and Egele, Manuel and Schwartz, Edward J. and Woo, Maverick}, journal={IEEE Transactions on Software Engineering}, title={The Art, Science, and Engineering of Fuzzing: A Survey}, year={2019}, volume={}, number={}, pages={1-1}, doi={10.1109/TSE.2019.2946563} } @techreport{fuzzart, title={Fuzzing: the state of the art}, author={McNally, Richard and Yiu, Ken and Grove, Duncan and Gerhardy, Damien}, year={2012}, institution={DEFENCE SCIENCE AND TECHNOLOGY ORGANISATION EDINBURGH (AUSTRALIA)} } @inproceedings{towardsautodyn, title={Towards Automated Dynamic Analysis for Linux-based Embedded Firmware.}, author={Chen, Daming D and Woo, Maverick and Brumley, David and Egele, Manuel}, booktitle={NDSS}, volume={1}, pages={1--1}, year={2016} }