266 lines
10 KiB
BibTeX
266 lines
10 KiB
BibTeX
@article{hung2017leading,
|
|
title={Leading the IoT Gartner Insight on How to Lead in a Cnnected World},
|
|
author={Hung, Mark},
|
|
journal={Gartner Research},
|
|
volume={1},
|
|
pages={1--5},
|
|
year={2017}
|
|
}
|
|
|
|
@incollection{mcmillen2015security,
|
|
title={Security attacks on industrial control systems},
|
|
author={McMillen, David},
|
|
booktitle={Technical Report},
|
|
year={2015},
|
|
publisher={IBM}
|
|
}
|
|
|
|
@online{posey2021iot,
|
|
author = {Posey, Brien},
|
|
title = {IoT devices},
|
|
year = 2021,
|
|
url = {https://web.archive.org/web/20210520072243/https://internetofthingsagenda.techtarget.com/definition/IoT-device},
|
|
urldate = {2021-05-20}
|
|
}
|
|
|
|
@online{OWASP2021Fuzzing,
|
|
author = {The OWASP Foundation},
|
|
title = {Fuzzing | OWASP},
|
|
year = 2021,
|
|
url = {https://web.archive.org/web/20210414111843/https://owasp.org/www-community/Fuzzing},
|
|
urldate = {2021-04-14}
|
|
}
|
|
|
|
@article{lowendos,
|
|
author = {Oliver Hahm and
|
|
Emmanuel Baccelli and
|
|
Hauke Petersen and
|
|
Nicolas Tsiftes},
|
|
title = {Operating Systems for Low-End Devices in the Internet of Things: {A}
|
|
Survey},
|
|
journal = {{IEEE} Internet Things J.},
|
|
volume = {3},
|
|
number = {5},
|
|
pages = {720--734},
|
|
year = {2016},
|
|
url = {https://doi.org/10.1109/JIOT.2015.2505901},
|
|
doi = {10.1109/JIOT.2015.2505901},
|
|
timestamp = {Mon, 08 Jun 2020 22:23:02 +0200},
|
|
biburl = {https://dblp.org/rec/journals/iotj/HahmBPT16.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@article{snipuzz,
|
|
author = {Xiaotao Feng and
|
|
Ruoxi Sun and
|
|
Xiaogang Zhu and
|
|
Minhui Xue and
|
|
Sheng Wen and
|
|
Dongxi Liu and
|
|
Surya Nepal and
|
|
Yang Xiang},
|
|
title = {Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference},
|
|
journal = {CoRR},
|
|
volume = {abs/2105.05445},
|
|
year = {2021},
|
|
url = {https://arxiv.org/abs/2105.05445},
|
|
archivePrefix = {arXiv},
|
|
eprint = {2105.05445},
|
|
timestamp = {Mon, 31 May 2021 08:26:46 +0200},
|
|
biburl = {https://dblp.org/rec/journals/corr/abs-2105-05445.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@inproceedings{firmafl,
|
|
author = {Yaowen Zheng and
|
|
Ali Davanian and
|
|
Heng Yin and
|
|
Chengyu Song and
|
|
Hongsong Zhu and
|
|
Limin Sun},
|
|
editor = {Nadia Heninger and
|
|
Patrick Traynor},
|
|
title = {{FIRM-AFL:} High-Throughput Greybox Fuzzing of IoT Firmware via Augmented
|
|
Process Emulation},
|
|
booktitle = {28th {USENIX} Security Symposium, {USENIX} Security 2019, Santa Clara,
|
|
CA, USA, August 14-16, 2019},
|
|
pages = {1099--1114},
|
|
publisher = {{USENIX} Association},
|
|
year = {2019},
|
|
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/zheng},
|
|
timestamp = {Mon, 01 Feb 2021 08:43:20 +0100},
|
|
biburl = {https://dblp.org/rec/conf/uss/ZhengDYSZS19.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@inproceedings{largeanal,
|
|
author = {Andrei Costin and
|
|
Jonas Zaddach and
|
|
Aur{\'{e}}lien Francillon and
|
|
Davide Balzarotti},
|
|
editor = {Kevin Fu and
|
|
Jaeyeon Jung},
|
|
title = {A Large-Scale Analysis of the Security of Embedded Firmwares},
|
|
booktitle = {Proceedings of the 23rd {USENIX} Security Symposium, San Diego, CA,
|
|
USA, August 20-22, 2014},
|
|
pages = {95--110},
|
|
publisher = {{USENIX} Association},
|
|
year = {2014},
|
|
url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin},
|
|
timestamp = {Mon, 01 Feb 2021 08:43:17 +0100},
|
|
biburl = {https://dblp.org/rec/conf/uss/CostinZFB14.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@inproceedings{autodyn,
|
|
author = {Andrei Costin and
|
|
Apostolis Zarras and
|
|
Aur{\'{e}}lien Francillon},
|
|
editor = {Xiaofeng Chen and
|
|
XiaoFeng Wang and
|
|
Xinyi Huang},
|
|
title = {Automated Dynamic Firmware Analysis at Scale: {A} Case Study on Embedded
|
|
Web Interfaces},
|
|
booktitle = {Proceedings of the 11th {ACM} on Asia Conference on Computer and Communications
|
|
Security, AsiaCCS 2016, Xi'an, China, May 30 - June 3, 2016},
|
|
pages = {437--448},
|
|
publisher = {{ACM}},
|
|
year = {2016},
|
|
url = {https://doi.org/10.1145/2897845.2897900},
|
|
doi = {10.1145/2897845.2897900},
|
|
timestamp = {Tue, 10 Nov 2020 16:06:16 +0100},
|
|
biburl = {https://dblp.org/rec/conf/ccs/CostinZF16.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@inproceedings{avatar,
|
|
author = {Jonas Zaddach and
|
|
Luca Bruno and
|
|
Aur{\'{e}}lien Francillon and
|
|
Davide Balzarotti},
|
|
title = {{AVATAR:} {A} Framework to Support Dynamic Security Analysis of Embedded
|
|
Systems' Firmwares},
|
|
booktitle = {21st Annual Network and Distributed System Security Symposium, {NDSS}
|
|
2014, San Diego, California, USA, February 23-26, 2014},
|
|
publisher = {The Internet Society},
|
|
year = {2014},
|
|
url = {https://www.ndss-symposium.org/ndss2014/avatar-framework-support-dynamic-security-analysis-embedded-systems-firmwares},
|
|
timestamp = {Mon, 01 Feb 2021 08:42:18 +0100},
|
|
biburl = {https://dblp.org/rec/conf/ndss/ZaddachBFB14.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@article{firmcorn,
|
|
author = {Zhijie Gui and
|
|
Hui Shu and
|
|
Fei Kang and
|
|
Xiaobing Xiong},
|
|
title = {{FIRMCORN:} Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized
|
|
Virtual Execution},
|
|
journal = {{IEEE} Access},
|
|
volume = {8},
|
|
pages = {29826--29841},
|
|
year = {2020},
|
|
url = {https://doi.org/10.1109/ACCESS.2020.2973043},
|
|
doi = {10.1109/ACCESS.2020.2973043},
|
|
timestamp = {Tue, 03 Mar 2020 09:38:04 +0100},
|
|
biburl = {https://dblp.org/rec/journals/access/GuiSKX20.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@inproceedings{iotfuzzer,
|
|
author = {Jiongyi Chen and
|
|
Wenrui Diao and
|
|
Qingchuan Zhao and
|
|
Chaoshun Zuo and
|
|
Zhiqiang Lin and
|
|
XiaoFeng Wang and
|
|
Wing Cheong Lau and
|
|
Menghan Sun and
|
|
Ronghai Yang and
|
|
Kehuan Zhang},
|
|
title = {IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based
|
|
Fuzzing},
|
|
booktitle = {25th Annual Network and Distributed System Security Symposium, {NDSS}
|
|
2018, San Diego, California, USA, February 18-21, 2018},
|
|
publisher = {The Internet Society},
|
|
year = {2018},
|
|
url = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018\_01A-1\_Chen\_paper.pdf},
|
|
timestamp = {Thu, 09 Aug 2018 10:57:16 +0200},
|
|
biburl = {https://dblp.org/rec/conf/ndss/ChenDZZL0LSYZ18.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@article{wmifuzzer,
|
|
author = {Dong Wang and
|
|
Xiaosong Zhang and
|
|
Ting Chen and
|
|
Jingwei Li},
|
|
title = {Discovering Vulnerabilities in {COTS} IoT Devices through Blackbox
|
|
Fuzzing Web Management Interface},
|
|
journal = {Secur. Commun. Networks},
|
|
volume = {2019},
|
|
pages = {5076324:1--5076324:19},
|
|
year = {2019},
|
|
url = {https://doi.org/10.1155/2019/5076324},
|
|
doi = {10.1155/2019/5076324},
|
|
timestamp = {Thu, 10 Sep 2020 14:41:04 +0200},
|
|
biburl = {https://dblp.org/rec/journals/scn/WangZCL19.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@Misc{binwalk,
|
|
title = {Binwalk},
|
|
howpublished = {\url{https://github.com/ReFirmLabs/binwalk}},
|
|
}
|
|
|
|
@Misc{IDA,
|
|
title = {IDA Pro},
|
|
howpublished = {\url{https://hex-rays.com/ida-pro/}},
|
|
}
|
|
|
|
@Misc{boofuzz,
|
|
title = {boofuzz},
|
|
howpublished = {\url{https://github.com/jtpereyda/boofuzz}},
|
|
}
|
|
|
|
@inproceedings{firmup,
|
|
author = {Yaniv David and
|
|
Nimrod Partush and
|
|
Eran Yahav},
|
|
editor = {Xipeng Shen and
|
|
James Tuck and
|
|
Ricardo Bianchini and
|
|
Vivek Sarkar},
|
|
title = {FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware},
|
|
booktitle = {Proceedings of the Twenty-Third International Conference on Architectural
|
|
Support for Programming Languages and Operating Systems, {ASPLOS}
|
|
2018, Williamsburg, VA, USA, March 24-28, 2018},
|
|
pages = {392--404},
|
|
publisher = {{ACM}},
|
|
year = {2018},
|
|
url = {https://doi.org/10.1145/3173162.3177157},
|
|
doi = {10.1145/3173162.3177157},
|
|
timestamp = {Mon, 22 Mar 2021 16:55:03 +0100},
|
|
biburl = {https://dblp.org/rec/conf/asplos/DavidPY18.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|
|
|
|
@inproceedings{crash,
|
|
author = {Marius Muench and
|
|
Jan Stijohann and
|
|
Frank Kargl and
|
|
Aur{\'{e}}lien Francillon and
|
|
Davide Balzarotti},
|
|
title = {What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded
|
|
Devices},
|
|
booktitle = {25th Annual Network and Distributed System Security Symposium, {NDSS}
|
|
2018, San Diego, California, USA, February 18-21, 2018},
|
|
publisher = {The Internet Society},
|
|
year = {2018},
|
|
url = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018\_01A-4\_Muench\_paper.pdf},
|
|
timestamp = {Thu, 09 Aug 2018 10:57:16 +0200},
|
|
biburl = {https://dblp.org/rec/conf/ndss/MuenchSKFB18.bib},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|
}
|