seminar/bibliography.bib

621 lines
23 KiB
BibTeX
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

@inproceedings{grammarinator,
author = {Ren{\'{a}}ta Hodov{\'{a}}n and
{\'{A}}kos Kiss and
Tibor Gyim{\'{o}}thy},
editor = {Wishnu Prasetya and
Tanja E. J. Vos and
Sinem Getir},
title = {Grammarinator: a grammar-based open source fuzzer},
booktitle = {Proceedings of the 9th {ACM} {SIGSOFT} International Workshop on Automating
{TEST} Case Design, Selection, and Evaluation, A-TEST@ESEC/SIGSOFT
{FSE} 2018, Lake Buena Vista, FL, USA, November 05, 2018},
pages = {45--48},
publisher = {{ACM}},
year = {2018},
url = {https://doi.org/10.1145/3278186.3278193},
doi = {10.1145/3278186.3278193},
timestamp = {Wed, 09 Jan 2019 17:56:06 +0100},
biburl = {https://dblp.org/rec/conf/sigsoft/Hodovan0G18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{modelfuzz,
author = {Pham, Van-Thuan and B\"{o}hme, Marcel and Roychoudhury, Abhik},
title = {Model-Based Whitebox Fuzzing for Program Binaries},
year = {2016},
isbn = {9781450338455},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/2970276.2970316},
doi = {10.1145/2970276.2970316},
booktitle = {Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering},
pages = {543553},
numpages = {11},
keywords = {Program Binaries, Symbolic Execution},
location = {Singapore, Singapore},
series = {ASE 2016}
}
@article{hung2017leading,
title={Leading the IoT Gartner Insight on How to Lead in a Cnnected World},
author={Hung, Mark},
journal={Gartner Research},
volume={1},
pages={1--5},
year={2017}
}
@incollection{mcmillen2015security,
title={Security attacks on industrial control systems},
author={McMillen, David},
booktitle={Technical Report},
year={2015},
publisher={IBM}
}
@online{posey2021iot,
author = {Posey, Brien},
title = {IoT devices},
year = 2021,
url = {https://web.archive.org/web/20210520072243/https://internetofthingsagenda.techtarget.com/definition/IoT-device},
urldate = {2021-05-20}
}
@online{miraisec,
author = {Eduard Kovacs},
title = {Over 500,000 IoT Devices Vulnerable to Mirai Botnet},
year = 2016,
url = {https://web.archive.org/web/20210507170030/https://www.securityweek.com/over-500000-iot-devices-vulnerable-mirai-botnet},
urldate = {2021-05-07}
}
@online{xss,
author = {The OWASP Foundation},
title = {Cross Site Scripting (XSS) Software Attack | OWASP},
year = 2021,
url = {https://web.archive.org/web/20210615012447/https://owasp.org/www-community/attacks/xss/},
urldate = {2021-06-15}
}
@online{OWASP2021Fuzzing,
author = {The OWASP Foundation},
title = {Fuzzing | OWASP},
year = 2021,
url = {https://web.archive.org/web/20210414111843/https://owasp.org/www-community/Fuzzing},
urldate = {2021-04-14}
}
@inproceedings{iothunter,
author = {Bo Yu and
Pengfei Wang and
Tai Yue and
Yong Tang},
editor = {Lorenzo Cavallaro and
Johannes Kinder and
XiaoFeng Wang and
Jonathan Katz},
title = {Poster: Fuzzing IoT Firmware via Multi-stage Message Generation},
booktitle = {Proceedings of the 2019 {ACM} {SIGSAC} Conference on Computer and
Communications Security, {CCS} 2019, London, UK, November 11-15, 2019},
pages = {2525--2527},
publisher = {{ACM}},
year = {2019},
url = {https://doi.org/10.1145/3319535.3363247},
doi = {10.1145/3319535.3363247},
timestamp = {Tue, 10 Nov 2020 20:00:54 +0100},
biburl = {https://dblp.org/rec/conf/ccs/YuWYT19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article{hfuzz,
author = {Xinyao Liu and
Baojiang Cui and
Junsong Fu and
Jinxin Ma},
title = {HFuzz: Towards automatic fuzzing testing of NB-IoT core network protocols
implementations},
journal = {Future Gener. Comput. Syst.},
volume = {108},
pages = {390--400},
year = {2020},
url = {https://doi.org/10.1016/j.future.2019.12.032},
doi = {10.1016/j.future.2019.12.032},
timestamp = {Mon, 18 May 2020 17:42:49 +0200},
biburl = {https://dblp.org/rec/journals/fgcs/LiuCFM20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article{siotfuzzer,
title={SIoTFuzzer: Fuzzing Web Interface in IoT Firmware via Stateful Message Generation},
author={Zhang, Hangwei and Lu, Kai and Zhou, Xu and Yin, Qidi and Wang, Pengfei and Yue, Tai},
journal={Applied Sciences},
volume={11},
number={7},
pages={3120},
year={2021},
publisher={Multidisciplinary Digital Publishing Institute}
}
@inproceedings{diane,
title={DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices},
author={Redini, Nilo and Continella, Andrea and Das, Dipanjan and De Pasquale, Giulio and Spahn, Noah and Machiry, Aravind and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni},
booktitle={42nd IEEE Symposium on Security and Privacy 2021},
year={2021}
}
@inproceedings{firmfuzz,
author = {Prashast Srivastava and
Hui Peng and
Jiahao Li and
Hamed Okhravi and
Howard E. Shrobe and
Mathias Payer},
editor = {Peng Liu and
Yuqing Zhang},
title = {FirmFuzz: Automated IoT Firmware Introspection and Analysis},
booktitle = {Proceedings of the 2nd International {ACM} Workshop on Security and
Privacy for the Internet-of-Things, IoT S{\&}P@CCS 2019, London,
UK, November 15, 2019},
pages = {15--21},
publisher = {{ACM}},
year = {2019},
url = {https://doi.org/10.1145/3338507.3358616},
doi = {10.1145/3338507.3358616},
timestamp = {Tue, 10 Nov 2020 16:06:16 +0100},
biburl = {https://dblp.org/rec/conf/ccs/SrivastavaPLOSP19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{mulbin,
author = {Nilo Redini and
Aravind Machiry and
Ruoyu Wang and
Chad Spensky and
Andrea Continella and
Yan Shoshitaishvili and
Christopher Kruegel and
Giovanni Vigna},
title = {Karonte: Detecting Insecure Multi-binary Interactions in Embedded
Firmware},
booktitle = {2020 {IEEE} Symposium on Security and Privacy, {SP} 2020, San Francisco,
CA, USA, May 18-21, 2020},
pages = {1544--1561},
publisher = {{IEEE}},
year = {2020},
url = {https://doi.org/10.1109/SP40000.2020.00036},
doi = {10.1109/SP40000.2020.00036},
timestamp = {Thu, 20 Aug 2020 17:04:50 +0200},
biburl = {https://dblp.org/rec/conf/sp/RediniM0SCSKV20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article{lowendos,
author = {Oliver Hahm and
Emmanuel Baccelli and
Hauke Petersen and
Nicolas Tsiftes},
title = {Operating Systems for Low-End Devices in the Internet of Things: {A}
Survey},
journal = {{IEEE} Internet Things J.},
volume = {3},
number = {5},
pages = {720--734},
year = {2016},
url = {https://doi.org/10.1109/JIOT.2015.2505901},
doi = {10.1109/JIOT.2015.2505901},
timestamp = {Mon, 08 Jun 2020 22:23:02 +0200},
biburl = {https://dblp.org/rec/journals/iotj/HahmBPT16.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article{snipuzz,
author = {Xiaotao Feng and
Ruoxi Sun and
Xiaogang Zhu and
Minhui Xue and
Sheng Wen and
Dongxi Liu and
Surya Nepal and
Yang Xiang},
title = {Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference},
journal = {CoRR},
volume = {abs/2105.05445},
year = {2021},
url = {https://arxiv.org/abs/2105.05445},
archivePrefix = {arXiv},
eprint = {2105.05445},
timestamp = {Mon, 31 May 2021 08:26:46 +0200},
biburl = {https://dblp.org/rec/journals/corr/abs-2105-05445.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{firmafl,
author = {Yaowen Zheng and
Ali Davanian and
Heng Yin and
Chengyu Song and
Hongsong Zhu and
Limin Sun},
editor = {Nadia Heninger and
Patrick Traynor},
title = {{FIRM-AFL:} High-Throughput Greybox Fuzzing of IoT Firmware via Augmented
Process Emulation},
booktitle = {28th {USENIX} Security Symposium, {USENIX} Security 2019, Santa Clara,
CA, USA, August 14-16, 2019},
pages = {1099--1114},
publisher = {{USENIX} Association},
year = {2019},
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/zheng},
timestamp = {Mon, 01 Feb 2021 08:43:20 +0100},
biburl = {https://dblp.org/rec/conf/uss/ZhengDYSZS19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{largeanal,
author = {Andrei Costin and
Jonas Zaddach and
Aur{\'{e}}lien Francillon and
Davide Balzarotti},
editor = {Kevin Fu and
Jaeyeon Jung},
title = {A Large-Scale Analysis of the Security of Embedded Firmwares},
booktitle = {Proceedings of the 23rd {USENIX} Security Symposium, San Diego, CA,
USA, August 20-22, 2014},
pages = {95--110},
publisher = {{USENIX} Association},
year = {2014},
url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin},
timestamp = {Mon, 01 Feb 2021 08:43:17 +0100},
biburl = {https://dblp.org/rec/conf/uss/CostinZFB14.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{autodyn,
author = {Andrei Costin and
Apostolis Zarras and
Aur{\'{e}}lien Francillon},
editor = {Xiaofeng Chen and
XiaoFeng Wang and
Xinyi Huang},
title = {Automated Dynamic Firmware Analysis at Scale: {A} Case Study on Embedded
Web Interfaces},
booktitle = {Proceedings of the 11th {ACM} on Asia Conference on Computer and Communications
Security, AsiaCCS 2016, Xi'an, China, May 30 - June 3, 2016},
pages = {437--448},
publisher = {{ACM}},
year = {2016},
url = {https://doi.org/10.1145/2897845.2897900},
doi = {10.1145/2897845.2897900},
timestamp = {Tue, 10 Nov 2020 16:06:16 +0100},
biburl = {https://dblp.org/rec/conf/ccs/CostinZF16.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{avatar,
author = {Jonas Zaddach and
Luca Bruno and
Aur{\'{e}}lien Francillon and
Davide Balzarotti},
title = {{AVATAR:} {A} Framework to Support Dynamic Security Analysis of Embedded
Systems' Firmwares},
booktitle = {21st Annual Network and Distributed System Security Symposium, {NDSS}
2014, San Diego, California, USA, February 23-26, 2014},
publisher = {The Internet Society},
year = {2014},
url = {https://www.ndss-symposium.org/ndss2014/avatar-framework-support-dynamic-security-analysis-embedded-systems-firmwares},
timestamp = {Mon, 01 Feb 2021 08:42:18 +0100},
biburl = {https://dblp.org/rec/conf/ndss/ZaddachBFB14.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article{firmcorn,
author = {Zhijie Gui and
Hui Shu and
Fei Kang and
Xiaobing Xiong},
title = {{FIRMCORN:} Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized
Virtual Execution},
journal = {{IEEE} Access},
volume = {8},
pages = {29826--29841},
year = {2020},
url = {https://doi.org/10.1109/ACCESS.2020.2973043},
doi = {10.1109/ACCESS.2020.2973043},
timestamp = {Tue, 03 Mar 2020 09:38:04 +0100},
biburl = {https://dblp.org/rec/journals/access/GuiSKX20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{iotfuzzer,
author = {Jiongyi Chen and
Wenrui Diao and
Qingchuan Zhao and
Chaoshun Zuo and
Zhiqiang Lin and
XiaoFeng Wang and
Wing Cheong Lau and
Menghan Sun and
Ronghai Yang and
Kehuan Zhang},
title = {IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based
Fuzzing},
booktitle = {25th Annual Network and Distributed System Security Symposium, {NDSS}
2018, San Diego, California, USA, February 18-21, 2018},
publisher = {The Internet Society},
year = {2018},
url = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018\_01A-1\_Chen\_paper.pdf},
timestamp = {Thu, 09 Aug 2018 10:57:16 +0200},
biburl = {https://dblp.org/rec/conf/ndss/ChenDZZL0LSYZ18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article{wmifuzzer,
author = {Dong Wang and
Xiaosong Zhang and
Ting Chen and
Jingwei Li},
title = {Discovering Vulnerabilities in {COTS} IoT Devices through Blackbox
Fuzzing Web Management Interface},
journal = {Secur. Commun. Networks},
volume = {2019},
pages = {5076324:1--5076324:19},
year = {2019},
url = {https://doi.org/10.1155/2019/5076324},
doi = {10.1155/2019/5076324},
timestamp = {Thu, 10 Sep 2020 14:41:04 +0200},
biburl = {https://dblp.org/rec/journals/scn/WangZCL19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@Misc{aflpp,
title = {American Fuzzy Lop plus plus},
howpublished = {\url{https://github.com/AFLplusplus/AFLplusplus}},
}
@Misc{panda,
title = {Panda},
howpublished = {\url{https://github.com/panda-re/panda}},
}
@Misc{afl,
title = {american fuzzy lob},
howpublished = {\url{https://github.com/google/AFL}},
}
@Misc{xsstrike,
title = {XSStrike},
howpublished = {\url{https://github.com/s0md3v/XSStrike}},
}
@Misc{binwalk,
title = {Binwalk},
howpublished = {\url{https://github.com/ReFirmLabs/binwalk}},
}
@Misc{valgrind,
title = {Valgrind},
howpublished = {\url{https://www.valgrind.org/}},
}
@Misc{triforceafl,
title = {TriforceAFL},
howpublished = {\url{https://github.com/nccgroup/TriforceAFL}},
}
@Misc{fuzzdb,
title = {FuzzDB},
howpublished = {\url{https://github.com/fuzzdb-project/fuzzdb}},
}
@Misc{blons,
title = {Big List of Naughty Strings},
howpublished = {\url{https://github.com/minimaxir/big-list-of-naughty-strings}},
}
@Misc{radamsa,
title = {radamsa},
howpublished = {\url{https://gitlab.com/akihe/radamsa}},
}
@Misc{IDA,
title = {IDA Pro},
howpublished = {\url{https://hex-rays.com/ida-pro/}},
}
@Misc{boofuzz,
title = {boofuzz},
howpublished = {\url{https://github.com/jtpereyda/boofuzz}},
}
@inproceedings{firmup,
author = {Yaniv David and
Nimrod Partush and
Eran Yahav},
editor = {Xipeng Shen and
James Tuck and
Ricardo Bianchini and
Vivek Sarkar},
title = {FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware},
booktitle = {Proceedings of the Twenty-Third International Conference on Architectural
Support for Programming Languages and Operating Systems, {ASPLOS}
2018, Williamsburg, VA, USA, March 24-28, 2018},
pages = {392--404},
publisher = {{ACM}},
year = {2018},
url = {https://doi.org/10.1145/3173162.3177157},
doi = {10.1145/3173162.3177157},
timestamp = {Mon, 22 Mar 2021 16:55:03 +0100},
biburl = {https://dblp.org/rec/conf/asplos/DavidPY18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{crash,
author = {Marius Muench and
Jan Stijohann and
Frank Kargl and
Aur{\'{e}}lien Francillon and
Davide Balzarotti},
title = {What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded
Devices},
booktitle = {25th Annual Network and Distributed System Security Symposium, {NDSS}
2018, San Diego, California, USA, February 18-21, 2018},
publisher = {The Internet Society},
year = {2018},
url = {http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018\_01A-4\_Muench\_paper.pdf},
timestamp = {Thu, 09 Aug 2018 10:57:16 +0200},
biburl = {https://dblp.org/rec/conf/ndss/MuenchSKFB18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{tfuzz,
author = {Hui Peng and
Yan Shoshitaishvili and
Mathias Payer},
title = {T-Fuzz: Fuzzing by Program Transformation},
booktitle = {2018 {IEEE} Symposium on Security and Privacy, {SP} 2018, Proceedings,
21-23 May 2018, San Francisco, California, {USA}},
pages = {697--710},
publisher = {{IEEE} Computer Society},
year = {2018},
url = {https://doi.org/10.1109/SP.2018.00056},
doi = {10.1109/SP.2018.00056},
timestamp = {Wed, 16 Oct 2019 14:14:51 +0200},
biburl = {https://dblp.org/rec/conf/sp/PengSP18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{angora,
author = {Peng Chen and
Hao Chen},
title = {Angora: Efficient Fuzzing by Principled Search},
booktitle = {2018 {IEEE} Symposium on Security and Privacy, {SP} 2018, Proceedings,
21-23 May 2018, San Francisco, California, {USA}},
pages = {711--725},
publisher = {{IEEE} Computer Society},
year = {2018},
url = {https://doi.org/10.1109/SP.2018.00046},
doi = {10.1109/SP.2018.00046},
timestamp = {Wed, 16 Oct 2019 14:14:51 +0200},
biburl = {https://dblp.org/rec/conf/sp/ChenC18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{karonte,
author = {Nilo Redini and
Aravind Machiry and
Ruoyu Wang and
Chad Spensky and
Andrea Continella and
Yan Shoshitaishvili and
Christopher Kruegel and
Giovanni Vigna},
title = {Karonte: Detecting Insecure Multi-binary Interactions in Embedded
Firmware},
booktitle = {2020 {IEEE} Symposium on Security and Privacy, {SP} 2020, San Francisco,
CA, USA, May 18-21, 2020},
pages = {1544--1561},
publisher = {{IEEE}},
year = {2020},
url = {https://doi.org/10.1109/SP40000.2020.00036},
doi = {10.1109/SP40000.2020.00036},
timestamp = {Thu, 20 Aug 2020 17:04:50 +0200},
biburl = {https://dblp.org/rec/conf/sp/RediniM0SCSKV20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{vuzzer,
author = {Sanjay Rawat and
Vivek Jain and
Ashish Kumar and
Lucian Cojocar and
Cristiano Giuffrida and
Herbert Bos},
title = {VUzzer: Application-aware Evolutionary Fuzzing},
booktitle = {24th Annual Network and Distributed System Security Symposium, {NDSS}
2017, San Diego, California, USA, February 26 - March 1, 2017},
publisher = {The Internet Society},
year = {2017},
url = {https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/vuzzer-application-aware-evolutionary-fuzzing/},
timestamp = {Mon, 01 Feb 2021 08:42:22 +0100},
biburl = {https://dblp.org/rec/conf/ndss/0001JKCGB17.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@article{compwbgbox,
title={A comparative study of white box, black box and grey box testing techniques},
author={Khan, Mohd Ehmer and Khan, Farmeena and others},
journal={Int. J. Adv. Comput. Sci. Appl},
volume={3},
number={6},
year={2012},
publisher={Citeseer}
}
@inproceedings{mirai,
author = {Manos Antonakakis and Tim April and Michael Bailey and Matt Bernhard and Elie Bursztein and Jaime Cochran and Zakir Durumeric and J. Alex Halderman and Luca Invernizzi and Michalis Kallitsis and Deepak Kumar and Chaz Lever and Zane Ma and Joshua Mason and Damian Menscher and Chad Seaman and Nick Sullivan and Kurt Thomas and Yi Zhou},
title = {Understanding the Mirai Botnet},
booktitle = {26th {USENIX} Security Symposium ({USENIX} Security 17)},
year = 2017,
isbn = {978-1-931971-40-9},
address = {Vancouver, BC},
pages = {1093--1110},
url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis},
publisher = {{USENIX} Association},
month = aug,
}
@article{crystal,
author = {Nan Zhang and
Soteris Demetriou and
Xianghang Mi and
Wenrui Diao and
Kan Yuan and
Peiyuan Zong and
Feng Qian and
XiaoFeng Wang and
Kai Chen and
Yuan Tian and
Carl A. Gunter and
Kehuan Zhang and
Patrick Tague and
Yue-Hsun Lin},
title = {Understanding IoT Security Through the Data Crystal Ball: Where We
Are Now and Where We Are Going to Be},
journal = {CoRR},
volume = {abs/1703.09809},
year = {2017},
url = {http://arxiv.org/abs/1703.09809},
archivePrefix = {arXiv},
eprint = {1703.09809},
timestamp = {Sat, 23 Jan 2021 01:11:26 +0100},
biburl = {https://dblp.org/rec/journals/corr/ZhangDMDYZQW0TG17.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@ARTICLE{fuzzsurvey,
author={Manès, Valentin Jean Marie and Han, HyungSeok and Han, Choongwoo and Cha, Sang Kil and Egele, Manuel and Schwartz, Edward J. and Woo, Maverick},
journal={IEEE Transactions on Software Engineering},
title={The Art, Science, and Engineering of Fuzzing: A Survey},
year={2019},
volume={},
number={},
pages={1-1},
doi={10.1109/TSE.2019.2946563}
}
@techreport{fuzzart,
title={Fuzzing: the state of the art},
author={McNally, Richard and Yiu, Ken and Grove, Duncan and Gerhardy, Damien},
year={2012},
institution={DEFENCE SCIENCE AND TECHNOLOGY ORGANISATION EDINBURGH (AUSTRALIA)}
}
@inproceedings{towardsautodyn,
title={Towards Automated Dynamic Analysis for Linux-based Embedded Firmware.},
author={Chen, Daming D and Woo, Maverick and Brumley, David and Egele, Manuel},
booktitle={NDSS},
volume={1},
pages={1--1},
year={2016}
}