This repository collects recent papers related to firmware analysis (e.g., IoT and embedded devices, desktop binaries) published in academic security conferences (NDSS, CCS, USENIX Security, IEEE S&P, etc.). The list of papers is organized in chronological order.
LightBLue: Automatic Profile-Aware Debloating of Bluetooth Stacks (USENIX Security)
Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems(USENIX Security)
PASAn: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications (USENIX Security)
Jetset: Targeted Firmware Rehosting for Embedded Systems (USENIX Security)
Automatic Firmware Emulation through Invalidity-guided Knowledge Inference (USENIX Security)
SoK: Enabling Security Analyses of Embedded Systems via Rehosting (Asia CCS)
HERA: Hotpatching of Embedded Real-time Applications (NDSS )
BASESPEC: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols (NDSS)
DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis (IEEE S&P)
FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis (ACSAC)
FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities from Bare-Metal Firmware (CCS)
Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets (USENIX Security)
HALucinator: Firmware Re-hostingThrough Abstraction Layer Emulation (USENIX Security)
FirmScope: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Android Firmware (USENIX Security)
P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX Security)
KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware (IEEE S&P)
PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary (NDSS)
FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation (USENIX Security)
Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID)
ProXray: Protocol Model Learning and Guided Firmware Analysis (IEEE Transactions on Software Engineering)
IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing (NDSS)
AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares (NDSS 2014)
Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware (NDSS 2017)
Firmusb: Vetting USB device firmware using domain informed symbolic execution (CCS 2017)
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware (NDSS 2017)
FIE on Firmware:Finding Vulnerabilities in Embedded Systems using Symbolic Execution (USENIX Security 2013)
A large-scale analysis of the security of embedded firmwares (USENIX Security 2014)