> For the complete documentation index, see [llms.txt](https://wokough.gitbook.io/iot-firmware-aio/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wokough.gitbook.io/iot-firmware-aio/appendix/fu-lu-6-lun-wen.md).

# 附录6： 论文

\[1] [SoK: Enabling Security Analyses of Embedded Systems via Rehosting](https://dspace.mit.edu/bitstream/handle/1721.1/130505/asiafp242-fasanoA-CC-BY.pdf?sequence=1\&isAllowed=y)

\[2] [Towards Automated Dynamic Analysis for Linux-based Embedded Firmware](https://www.ndss-symposium.org/wp-content/uploads/2017/09/towards-automated-dynamic-analysis-linux-based-embedded-firmware.pdf)

\[3] [FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis](https://syssec.kaist.ac.kr/pub/2020/kim_acsac2020.pdf)

\[4] [FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation](https://www.cs.ucr.edu/~heng/pubs/FirmAFL.pdf)

\[5] [FirmFuzz: Automated IoT Firmware Introspection and Analysis](https://nebelwelt.net/files/19IOTSP.pdf)

\[6] [Avatar: A Framework to Support Dynamic Security Analysis of EmbeddedSystems’ Firmwares](https://www.ndss-symposium.org/wp-content/uploads/2017/09/02_3_1.pdf)

\[7] [Avatar2: A Multi-target Orchestration Platform](https://www.ndss-symposium.org/wp-content/uploads/2018/07/bar2018_1_Muench_paper.pdf)

\[8] [Jetset: Targeted Firmware Rehosting for Embedded Systems](https://www.usenix.org/system/files/sec21fall-johnson.pdf)

\[9] [HALucinator: Firmware Re-hostingThrough Abstraction Layer Emulation](https://www.usenix.org/system/files/sec20summer_clements_prepub.pdf)

\[10] [P²IM: Scalable and Hardware-independent Firmware Testing viaAutomatic Peripheral Interface Modeling](https://www.usenix.org/system/files/sec20-feng.pdf)

\[11] [DICE: Automatic Emulation of DMA InputChannels for Dynamic Firmware Analysis](https://seclab.nu/static/publications/ieeesp21dice.pdf)

\[12] [From Library Portability to Para-rehosting:Natively Executing Microcontroller Softwareon Commodity Hardware](https://www.ndss-symposium.org/wp-content/uploads/ndss2021_6B-3_24308_paper.pdf)

\[13] [FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware](https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf)

\[14] [Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing](https://www.usenix.org/system/files/sec22summer_scharnowski.pdf)

\[15] [PeriScope: An Effective Probing and FuzzingFramework for the Hardware-OS Boundary](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04A-1_Song_paper.pdf)

\[16] [Toward the Analysis of Embedded Firmware through Automated Re-hosting](https://www.usenix.org/system/files/raid2019-gustafson.pdf)

\[17] [Device-agnostic Firmware Execution is Possible: A ConcolicExecution Approach for Peripheral Emulation](https://openreview.net/pdf?id=rylaZ6iIDr)

\[18] [Automatic Firmware Emulation through Invalidity-guided Knowledge Inference](https://www.usenix.org/system/files/sec21fall-zhou.pdf)

\[19] [Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets](https://www.usenix.org/system/files/sec20-ruge.pdf)

\[20] [Hybrid Firmware Analysis for KnownMobile and IoT Security Vulnerabilities](https://par.nsf.gov/servlets/purl/10211514)

\[21] [KARONTE: Detecting InsecureMulti-binary Interactions in Embedded Firmware](https://sefcom.asu.edu/publications/karonte-oakland2020.pdf)

\[22] [Sharing More and Checking Less:Leveraging Common Input Keywords to Detect Bugs in Embedded Systems](https://www.usenix.org/system/files/sec21fall-chen-libo.pdf)

\[23] [Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware](https://www.ndss-symposium.org/wp-content/uploads/2017/09/11_1_2.pdf)

\[24] [FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution](https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_davidson.pdf)

\[25] [PASAN: Detecting Peripheral Access Concurrency Bugs with Bare-Metal Embedded Applications](https://www.usenix.org/system/files/sec21-kim.pdf)

\[26] [BASESPEC: Comparative Analysis of BasebandSoftware and Cellular Specifications for L3 Protocols](https://www.ndss-symposium.org/wp-content/uploads/ndss2021_6B-4_24365_paper.pdf)

\[27] [LightBLue: Automatic Profile-Aware Debloating of Bluetooth Stacks](https://hexhive.epfl.ch/publications/files/21SEC.pdf)

\[28] [FirmXRay: Detecting Bluetooth Link Layer VulnerabilitiesFrom Bare-Metal Firmware](http://web.cse.ohio-state.edu/~wen.423/papers/ccs20_FirmXRay)

\[29] [嵌入式设备固件安全分析技术研究综述](https://cjc.ict.ac.cn/online/bfpub/yyc-2020818141436.pdf)

\[30] [A Large-Scale Analysis of the Security of Embedded Firmwares](http://people.cs.georgetown.edu/~clay/classes/fall2014/papers/A_Large-Scale_Analysis_of_the_Security_of_Embedded_Firmwares.pdf)

\[31] [基于同源性分析的嵌入式设备固件漏洞检测](http://www.ecice06.com/CN/article/downloadArticleFile.do?attachType=PDF\&id=27498)

\[32] [Cross-Architecture Bug Search in Binary Executables](https://christian-rossow.de/publications/crossarch-ieee2015.pdf)

\[33] [discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code](https://www.ndss-symposium.org/wp-content/uploads/2017/09/discovre-efficient-cross-architecture-identification-bugs-binary-code.pdf)

\[34] [VDNS:一种跨平台的固件漏洞关联算法](https://crad.ict.ac.cn/CN/10.7544/issn1000-1239.2016.20160442)

\[35] [BinArm: Scalable and Ecient Detection of Vulnerabilities in Firmware Images of Intelligent Electronic Devices](https://users.encs.concordia.ca/~wang/papers/dimva18paria.pdf)

\[36] [FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware](https://yanivmd.github.io/files/FirmUP-Paper.pdf)

\[37] [Scalable Graph-based Bug Search for Firmware Images](https://www.cs.ucr.edu/~heng/pubs/genius-ccs16.pdf)

\[38] [Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection](https://acmccs.github.io/papers/p363-xuAemb.pdf)

\[39] [Semantic Learning Based Cross-Platform Binary Vulnerability Search For IoT Devices](http://wingtecher.com/themes/WingTecherResearch/assets/papers/TII19.pdf)

\[40] [VulSeeker: A Semantic Learning Based Vulnerability Seeker for Cross-Platform Binary](http://www.wingtecher.com/themes/WingTecherResearch/assets/papers/ase18-vulseeker.pdf)

\[41] [VulSeeker-Pro: Enhanced Semantic Learning Based Binary Vulnerability Seeker with Emulation](http://www.wingtecher.com/themes/WingTecherResearch/assets/papers/fse18-vulseeker-pro.pdf)

\[42] [Extracting Conditional Formulas for Cross-Platform Bug Search](https://www.cs.ucr.edu/~heng/pubs/asiaccs2017.pdf)

\[43] [物联网固件安全缺陷检测研究进展](http://jcs.iie.ac.cn/xxaqxb/ch/reader/create_pdf.aspx?file_no=20210309\&year_id=2021\&quarter_id=3\&falg=1)

\[44] [物联网设备漏洞挖掘技术研究综述](http://jcs.iie.ac.cn/xxaqxb/ch/reader/create_pdf.aspx?file_no=20190506\&flag=1\&year_id=2019\&quarter_id=5)
