Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Filters
























5 Hits in 1.1 sec

FirmHunter: State-Aware and Introspection-Driven Grey-Box Fuzzing towards IoT Firmware

Qidi Yin, Xu Zhou, Hangwei Zhang
2021 Applied Sciences  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.6 MB)
https://web.archive.org/web/20210929195822/https://mdpi-res.com/d_attachment/applsci/applsci-11-09094/article_deploy/applsci-11-09094.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

In this work, we present FirmHunter, an automated state-aware and introspection-driven grey-box fuzzer towards Linux-based firmware images on the basis of emulation.  ...  We evaluate FirmHunter by emulating and fuzzing eight firmware images including seven routers and one IP camera with a state-of-the-art IoT fuzzer FirmFuzz and a web application scanner ZAP.  ...  Acknowledgments: We thank our shepherd Xu Zhou for his care and the anonymous reviewers for their insightful comments on our work. Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/app11199094 fatcat:64gki4wf3fhfre4llx2grqpxqe
DOAJ
Citation

Qidi Yin, Xu Zhou, Hangwei Zhang. "FirmHunter: State-Aware and Introspection-Driven Grey-Box Fuzzing towards IoT Firmware." Applied Sciences 11.19 (2021) 9094

PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State

Xiaoyi Li, Xiaojun Pan, Yanbin Sun
2021 Journal on Artificial Intelligence  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.5 MB)
https://web.archive.org/web/20220223105428/https://www.techscience.com/uploads/attached/file/20210402/20210402025128_18769.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

The rise of the Internet of Things (IoT) exposes more and more important embedded devices to the network, which poses a serious threat to people's lives and property.  ...  More importantly, the tool utilizes the synchronous execution of the firmware simulator and the firmware program, which can collect and record system information in the event of a crash from multiple dimensions  ...  FirmFuzz [16] provides a device-independent automated simulation and dynamic analysis framework for Linux-based firmware images.  ... 
doi:10.32604/jai.2021.017328 fatcat:xgjdvwef7bgc7obggxepr6d76a
Citation

Xiaoyi Li, Xiaojun Pan, Yanbin Sun. "PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State." Journal on Artificial Intelligence (2021) 21-31

Game of Hide-and-Seek: Exposing Hidden Interfaces in Embedded Web Applications of IoT Devices

Wei Xie, Jiongyi Chen, Zhenhua Wang, Chao Feng, Enze Wang, Yifei Gao, Baosheng Wang, Kai Lu
2022 Proceedings of the ACM Web Conference 2022  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.4 MB)
https://web.archive.org/web/20220504011115/https://dl.acm.org/doi/pdf/10.1145/3485447.3512213

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Specifically, IoTScope constructs probing requests through firmware analysis to test physical devices, and narrows down the scope of identification by filtering out irrelevant requests and interfaces through  ...  differential analysis.  ...  [32] proposed Firmfuzz, an automated device-independent emulation and dynamic analysis framework for Linux-based firmware images.  ... 
doi:10.1145/3485447.3512213 fatcat:smvdkjtfmza6ximtxnlr3ysqye
Citation

Wei Xie, Jiongyi Chen, Zhenhua Wang, Chao Feng, Enze Wang, Yifei Gao, Baosheng Wang, Kai Lu. "Game of Hide-and-Seek: Exposing Hidden Interfaces in Embedded Web Applications of IoT Devices." Proceedings of the ACM Web Conference 2022 (2022)

Embedded fuzzing: a review of challenges, tools, and solutions

Max Eisele, Marcello Maugeri, Rachna Shriwas, Christopher Huth, Giampaolo Bella
2022 Cybersecurity  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.7 MB)
https://web.archive.org/web/20220905120120/https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-022-00123-y.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Embedded systems also benefit from fuzzing, but the innumerable existing architectures and hardware peripherals complicate the development of general and usable approaches, hence a plethora of tools have  ...  Meanwhile, the market of embedded systems, which binds the software execution tightly to the very hardware architecture, has grown at a steady pace, and that pace is anticipated to become yet more sustained  ...  FirmFuzz (Srivastava et al. 2019 ) is an automated introspection and analysis framework for IoT firmware.  ... 
doi:10.1186/s42400-022-00123-y fatcat:svxasogdcverrkoq2x7igehoo4
DOAJ
Citation

Max Eisele, Marcello Maugeri, Rachna Shriwas, Christopher Huth, Giampaolo Bella. "Embedded fuzzing: a review of challenges, tools, and solutions." Cybersecurity 5.1 (2022)

A Survey on Recent Advanced Research of CPS Security

Zhenhua Wang, Wei Xie, Baosheng Wang, Jing Tao, Enze Wang
2021 Applied Sciences  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (701.6 kB)
https://web.archive.org/web/20210423004031/https://res.mdpi.com/d_attachment/applsci/applsci-11-03751/article_deploy/applsci-11-03751.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Finally, we also perform a statistical analysis in terms of paper publication times, author institutes, countries, and sponsors to show the current worldwide CPS security research situation.  ...  , smart transportation, smart homes, and general grids); and (3) MADC (Measure, Attack, Defense, and Control) types.  ...  FIRMADYNE [140] is an open-source automated dynamic analysis framework for identifying vulnerabilities in Linux-based embedded firmware.  ... 
doi:10.3390/app11093751 fatcat:fxby2wjzpnchrfshvilxalmptm
DOAJ
Citation

Zhenhua Wang, Wei Xie, Baosheng Wang, Jing Tao, Enze Wang. "A Survey on Recent Advanced Research of CPS Security." Applied Sciences (2021) 3751