附录6： 论文

[1] SoK: Enabling Security Analyses of Embedded Systems via Rehosting

[2] Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

[3] FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

[4] FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation

[5] FirmFuzz: Automated IoT Firmware Introspection and Analysis

[6] Avatar: A Framework to Support Dynamic Security Analysis of EmbeddedSystems’ Firmwares

[7] Avatar2: A Multi-target Orchestration Platform

[8] Jetset: Targeted Firmware Rehosting for Embedded Systems

[9] HALucinator: Firmware Re-hostingThrough Abstraction Layer Emulation

[10] P²IM: Scalable and Hardware-independent Firmware Testing viaAutomatic Peripheral Interface Modeling

[11] DICE: Automatic Emulation of DMA InputChannels for Dynamic Firmware Analysis

[12] From Library Portability to Para-rehosting:Natively Executing Microcontroller Softwareon Commodity Hardware

[13] FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware

[14] Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing

[15] PeriScope: An Effective Probing and FuzzingFramework for the Hardware-OS Boundary

[16] Toward the Analysis of Embedded Firmware through Automated Re-hosting

[17] Device-agnostic Firmware Execution is Possible: A ConcolicExecution Approach for Peripheral Emulation

[18] Automatic Firmware Emulation through Invalidity-guided Knowledge Inference

[19] Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets

[20] Hybrid Firmware Analysis for KnownMobile and IoT Security Vulnerabilities

[21] KARONTE: Detecting InsecureMulti-binary Interactions in Embedded Firmware

[22] Sharing More and Checking Less:Leveraging Common Input Keywords to Detect Bugs in Embedded Systems

[23] Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware

[24] FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution

[25] PASAN: Detecting Peripheral Access Concurrency Bugs with Bare-Metal Embedded Applications

[26] BASESPEC: Comparative Analysis of BasebandSoftware and Cellular Specifications for L3 Protocols

[27] LightBLue: Automatic Profile-Aware Debloating of Bluetooth Stacks

[28] FirmXRay: Detecting Bluetooth Link Layer VulnerabilitiesFrom Bare-Metal Firmware

[29] 嵌入式设备固件安全分析技术研究综述

[30] A Large-Scale Analysis of the Security of Embedded Firmwares

[31] 基于同源性分析的嵌入式设备固件漏洞检测

[32] Cross-Architecture Bug Search in Binary Executables

[33] discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code

[34] VDNS:一种跨平台的固件漏洞关联算法

[35] BinArm: Scalable and Ecient Detection of Vulnerabilities in Firmware Images of Intelligent Electronic Devices

[36] FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware

[37] Scalable Graph-based Bug Search for Firmware Images

[38] Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection

[39] Semantic Learning Based Cross-Platform Binary Vulnerability Search For IoT Devices

[40] VulSeeker: A Semantic Learning Based Vulnerability Seeker for Cross-Platform Binary

[41] VulSeeker-Pro: Enhanced Semantic Learning Based Binary Vulnerability Seeker with Emulation

[42] Extracting Conditional Formulas for Cross-Platform Bug Search

[43] 物联网固件安全缺陷检测研究进展

[44] 物联网设备漏洞挖掘技术研究综述