var bibbase_data = {"data":"<img src=\"//bibbase.org/img/ajax-loader.gif\" id=\"spinner\"\n  style=\"display: none;\" alt=\"Loading..\" />\n\n<div id=\"bibbase\">\n\n  <script type=\"text/javascript\">\n    var bibbase = {\n      params: {\"bib\":\"https://api.zotero.org/users/6116615/collections/XWUT27F7/items?key=0ZHiBUimDTHZQMp41D9CdXim&format=bibtex&limit=100\",\"jsonp\":\"1\",\"host\":\"bibbase.org\"},\n      data: [{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"Let Me Unwind That For You: Exceptions to Backward-Edge Protection\",\"booktitle\":\"NDSS\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Duta\"],\"firstnames\":[\"Victor\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Freyer\"],\"firstnames\":[\"Fabian\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Pagani\"],\"firstnames\":[\"Fabio\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Muench\"],\"firstnames\":[\"Marius\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Giuffrida\"],\"firstnames\":[\"Cristiano\"],\"suffixes\":[]}],\"month\":\"February\",\"year\":\"2023\",\"note\":\"Intel Bounty Reward\",\"keywords\":\"class_binary, proj_intersect, proj_memo, proj_offcore, proj_theseus, proj_tropics, type_award, type_bounty, type_conf, type_paper, type_tier1, type_top\",\"bibtex\":\"@inproceedings{duta_let_2023,\\n\\ttitle = {Let {Me} {Unwind} {That} {For} {You}: {Exceptions} to {Backward}-{Edge} {Protection}},\\n\\turl = {Paper=https://download.vusec.net/papers/chop_ndss23.pdf Code=https://github.com/chop-project/chop},\\n\\tbooktitle = {{NDSS}},\\n\\tauthor = {Duta, Victor and Freyer, Fabian and Pagani, Fabio and Muench, Marius and Giuffrida, Cristiano},\\n\\tmonth = feb,\\n\\tyear = {2023},\\n\\tnote = {Intel Bounty Reward},\\n\\tkeywords = {class\\\\_binary, proj\\\\_intersect, proj\\\\_memo, proj\\\\_offcore, proj\\\\_theseus, proj\\\\_tropics, type\\\\_award, type\\\\_bounty, type\\\\_conf, type\\\\_paper, type\\\\_tier1, type\\\\_top},\\n}\\n\\n\",\"author_short\":[\"Duta, V.\",\"Freyer, F.\",\"Pagani, F.\",\"Muench, M.\",\"Giuffrida, C.\"],\"urlPaper\":\"https://download.vusec.net/papers/chop_ndss23.pdf\",\"urlCode\":\"https://github.com/chop-project/chop\",\"key\":\"duta_let_2023\",\"id\":\"duta_let_2023\",\"bibbaseid\":\"duta-freyer-pagani-muench-giuffrida-letmeunwindthatforyouexceptionstobackwardedgeprotection-2023\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://download.vusec.net/papers/chop_ndss23.pdf\",\"Code\":\"https://github.com/chop-project/chop\"},\"keyword\":[\"class_binary\",\"proj_intersect\",\"proj_memo\",\"proj_offcore\",\"proj_theseus\",\"proj_tropics\",\"type_award\",\"type_bounty\",\"type_conf\",\"type_paper\",\"type_tier1\",\"type_top\"],\"metadata\":{\"authorlinks\":{}},\"downloads\":100,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware\",\"booktitle\":\"NDSS\",\"author\":[{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Grant Hernandez\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Marius Muench\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Dominik Maier\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Alyssa Milburn\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Shinjo Park\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Tobias Scharnowski\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Tyler Tucker\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Patrick Traynor\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Kevin R. B. Butler\"],\"suffixes\":[]}],\"month\":\"February\",\"year\":\"2022\",\"keywords\":\"class_binary, proj_intersect, proj_tropics, type_conf, type_paper, type_tier1, type_top\",\"bibtex\":\"@inproceedings{grant_hernandez_firmwire_2022,\\n\\ttitle = {{FirmWire}: {Transparent} {Dynamic} {Analysis} for {Cellular} {Baseband} {Firmware}},\\n\\turl = {Paper=https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf Code=https://github.com/FirmWire/FirmWire},\\n\\tbooktitle = {{NDSS}},\\n\\tauthor = {{Grant Hernandez} and {Marius Muench} and {Dominik Maier} and {Alyssa Milburn} and {Shinjo Park} and {Tobias Scharnowski} and {Tyler Tucker} and {Patrick Traynor} and {Kevin R. B. Butler}},\\n\\tmonth = feb,\\n\\tyear = {2022},\\n\\tkeywords = {class\\\\_binary, proj\\\\_intersect, proj\\\\_tropics, type\\\\_conf, type\\\\_paper, type\\\\_tier1, type\\\\_top},\\n}\\n\\n\",\"author_short\":[\"Grant Hernandez\",\"Marius Muench\",\"Dominik Maier\",\"Alyssa Milburn\",\"Shinjo Park\",\"Tobias Scharnowski\",\"Tyler Tucker\",\"Patrick Traynor\",\"Kevin R. B. Butler\"],\"urlPaper\":\"https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf\",\"urlCode\":\"https://github.com/FirmWire/FirmWire\",\"key\":\"grant_hernandez_firmwire_2022\",\"id\":\"grant_hernandez_firmwire_2022\",\"bibbaseid\":\"granthernandez-mariusmuench-dominikmaier-alyssamilburn-shinjopark-tobiasscharnowski-tylertucker-patricktraynor-etal-firmwiretransparentdynamicanalysisforcellularbasebandfirmware-2022\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf\",\"Code\":\"https://github.com/FirmWire/FirmWire\"},\"keyword\":[\"class_binary\",\"proj_intersect\",\"proj_tropics\",\"type_conf\",\"type_paper\",\"type_tier1\",\"type_top\"],\"metadata\":{\"authorlinks\":{}},\"downloads\":31,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks\",\"booktitle\":\"USENIX Security\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Barberis\"],\"firstnames\":[\"Enrico\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Frigo\"],\"firstnames\":[\"Pietro\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Muench\"],\"firstnames\":[\"Marius\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Bos\"],\"firstnames\":[\"Herbert\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Giuffrida\"],\"firstnames\":[\"Cristiano\"],\"suffixes\":[]}],\"month\":\"August\",\"year\":\"2022\",\"note\":\"Intel Bounty Reward\",\"keywords\":\"class_sidechannels, proj_intersect, proj_offcore, proj_theseus, proj_tropics, proj_unicore, type_award, type_conf, type_paper, type_press, type_tier1, type_top\",\"bibtex\":\"@inproceedings{barberis_branch_2022,\\n\\ttitle = {Branch {History} {Injection}: {On} the {Effectiveness} of {Hardware} {Mitigations} {Against} {Cross}-{Privilege} {Spectre}-v2 {Attacks}},\\n\\turl = {Paper=http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf Web=https://www.vusec.net/projects/bhi-spectre-bhb Code=https://github.com/vusec/bhi-spectre-bhb},\\n\\tbooktitle = {{USENIX} {Security}},\\n\\tauthor = {Barberis, Enrico and Frigo, Pietro and Muench, Marius and Bos, Herbert and Giuffrida, Cristiano},\\n\\tmonth = aug,\\n\\tyear = {2022},\\n\\tnote = {Intel Bounty Reward},\\n\\tkeywords = {class\\\\_sidechannels, proj\\\\_intersect, proj\\\\_offcore, proj\\\\_theseus, proj\\\\_tropics, proj\\\\_unicore, type\\\\_award, type\\\\_conf, type\\\\_paper, type\\\\_press, type\\\\_tier1, type\\\\_top},\\n}\\n\\n\",\"author_short\":[\"Barberis, E.\",\"Frigo, P.\",\"Muench, M.\",\"Bos, H.\",\"Giuffrida, C.\"],\"urlPaper\":\"http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf\",\"urlWeb\":\"https://www.vusec.net/projects/bhi-spectre-bhb\",\"urlCode\":\"https://github.com/vusec/bhi-spectre-bhb\",\"key\":\"barberis_branch_2022\",\"id\":\"barberis_branch_2022\",\"bibbaseid\":\"barberis-frigo-muench-bos-giuffrida-branchhistoryinjectionontheeffectivenessofhardwaremitigationsagainstcrossprivilegespectrev2attacks-2022\",\"role\":\"author\",\"urls\":{\"Paper\":\"http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf\",\"Web\":\"https://www.vusec.net/projects/bhi-spectre-bhb\",\"Code\":\"https://github.com/vusec/bhi-spectre-bhb\"},\"keyword\":[\"class_sidechannels\",\"proj_intersect\",\"proj_offcore\",\"proj_theseus\",\"proj_tropics\",\"proj_unicore\",\"type_award\",\"type_conf\",\"type_paper\",\"type_press\",\"type_tier1\",\"type_top\"],\"metadata\":{\"authorlinks\":{}},\"downloads\":573,\"html\":\"\"},{\"bibtype\":\"article\",\"type\":\"article\",\"title\":\"SoC Security Evaluation: Reflections on Methodology and Tooling\",\"volume\":\"38\",\"issn\":\"2168-2356, 2168-2364\",\"shorttitle\":\"SoC Security Evaluation\",\"url\":\"https://www.eurecom.fr/publication/6307/download/sec-publi-6307.pdf\",\"doi\":\"10.1109/MDAT.2020.3013827\",\"number\":\"1\",\"urldate\":\"2021-08-19\",\"journal\":\"IEEE Design & Test\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Corteggiani\"],\"firstnames\":[\"Nassim\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Camurati\"],\"firstnames\":[\"Giovanni\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Muench\"],\"firstnames\":[\"Marius\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Poeplau\"],\"firstnames\":[\"Sebastian\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Francillon\"],\"firstnames\":[\"Aurelien\"],\"suffixes\":[]}],\"month\":\"February\",\"year\":\"2021\",\"keywords\":\"class_binary, type_journal, type_paper\",\"pages\":\"7–13\",\"bibtex\":\"@article{corteggiani_soc_2021,\\n\\ttitle = {{SoC} {Security} {Evaluation}: {Reflections} on {Methodology} and {Tooling}},\\n\\tvolume = {38},\\n\\tissn = {2168-2356, 2168-2364},\\n\\tshorttitle = {{SoC} {Security} {Evaluation}},\\n\\turl = {https://www.eurecom.fr/publication/6307/download/sec-publi-6307.pdf},\\n\\tdoi = {10.1109/MDAT.2020.3013827},\\n\\tnumber = {1},\\n\\turldate = {2021-08-19},\\n\\tjournal = {IEEE Design \\\\& Test},\\n\\tauthor = {Corteggiani, Nassim and Camurati, Giovanni and Muench, Marius and Poeplau, Sebastian and Francillon, Aurelien},\\n\\tmonth = feb,\\n\\tyear = {2021},\\n\\tkeywords = {class\\\\_binary, type\\\\_journal, type\\\\_paper},\\n\\tpages = {7--13},\\n}\\n\\n\",\"author_short\":[\"Corteggiani, N.\",\"Camurati, G.\",\"Muench, M.\",\"Poeplau, S.\",\"Francillon, A.\"],\"key\":\"corteggiani_soc_2021\",\"id\":\"corteggiani_soc_2021\",\"bibbaseid\":\"corteggiani-camurati-muench-poeplau-francillon-socsecurityevaluationreflectionsonmethodologyandtooling-2021\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://www.eurecom.fr/publication/6307/download/sec-publi-6307.pdf\"},\"keyword\":[\"class_binary\",\"type_journal\",\"type_paper\"],\"metadata\":{\"authorlinks\":{\"muench, m\":\"https://www.vusec.net/\"}},\"downloads\":14,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing\",\"url\":\"https://www.usenix.org/system/files/sec22summer_scharnowski.pdf\",\"abstract\":\"As embedded devices are becoming more pervasive in our everyday lives, they turn into an attractive target for adversaries. Despite their high value and large attack surface, applying automated testing techniques such as fuzzing is not straightforward for such devices. As fuzz testing firmware on constrained embedded devices is inefficient, state-of-the-art approaches instead opt to run the firmware in an emulator (through a process called re-hosting). However, existing approaches either use coarse-grained static models of hardware behavior or require manual effort to re-host the firmware. We propose a novel combination of lightweight program analysis, re-hosting, and fuzz testing to tackle these challenges. We present the design and implementation of Fuzzware, a software-only system to fuzz test unmodified monolithic firmware in a scalable way. By determining how hardware-generated values are actually used by the firmware logic, Fuzzware can automatically generate models that help focusing the fuzzing process on mutating the inputs that matter, which drastically improves its effectiveness. We evaluate our approach on synthetic and real-world targets comprising a total of 19 hardware platforms and 77 firmware images. Compared to state-of-the-art work, Fuzzware achieves up to 3.25 times the code coverage and our modeling approach reduces the size of the input space by up to 95.5%. The synthetic samples contain 66 unit tests for various hardware interactions, and we find that our approach is the first generic re-hosting solution to automatically pass all of them. Fuzzware discovered 15 completely new bugs including bugs in targets which were previously analyzed by other works; a total of 12 CVEs were assigned.\",\"booktitle\":\"USENIX Security\",\"author\":[{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Tobias Scharnowski\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Nils Bars\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Moritz Schloegel\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Eric Gustafson\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Marius Muench\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Giovanni Vigna\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Christopher Kruegel\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Thorsten Holz\"],\"suffixes\":[]},{\"firstnames\":[],\"propositions\":[],\"lastnames\":[\"Ali Abbasi\"],\"suffixes\":[]}],\"month\":\"August\",\"year\":\"2022\",\"keywords\":\"class_binary, proj_intersect, proj_tropics, type_conf, type_paper, type_tier1, type_top\",\"bibtex\":\"@inproceedings{tobias_scharnowski_fuzzware_2022,\\n\\ttitle = {Fuzzware: {Using} {Precise} {MMIO} {Modeling} for {Effective} {Firmware} {Fuzzing}},\\n\\turl = {https://www.usenix.org/system/files/sec22summer_scharnowski.pdf},\\n\\tabstract = {As embedded devices are becoming more pervasive in our everyday lives, they turn into an attractive target for adversaries. Despite their high value and large attack surface, applying automated testing techniques such as fuzzing is not straightforward for such devices. As fuzz testing firmware on constrained embedded devices is inefficient, state-of-the-art approaches instead opt to run the firmware in an emulator (through a process called re-hosting). However, existing approaches either use coarse-grained static models of hardware behavior or require manual effort to re-host the firmware.\\n\\nWe propose a novel combination of lightweight program analysis, re-hosting, and fuzz testing to tackle these challenges. We present the design and implementation of Fuzzware, a software-only system to fuzz test unmodified monolithic firmware in a scalable way. By determining how hardware-generated values are actually used by the firmware logic, Fuzzware can automatically generate models that help focusing the fuzzing process on mutating the inputs that matter, which drastically improves its effectiveness.\\n\\nWe evaluate our approach on synthetic and real-world targets comprising a total of 19 hardware platforms and 77 firmware images. Compared to state-of-the-art work, Fuzzware achieves up to 3.25 times the code coverage and our modeling approach reduces the size of the input space by up to 95.5\\\\%. The synthetic samples contain 66 unit tests for various hardware interactions, and we find that our approach is the first generic re-hosting solution to automatically pass all of them. Fuzzware discovered 15 completely new bugs including bugs in targets which were previously analyzed by other works; a total of 12 CVEs were assigned.},\\n\\tbooktitle = {{USENIX} {Security}},\\n\\tauthor = {{Tobias Scharnowski} and {Nils Bars} and {Moritz Schloegel} and {Eric Gustafson} and {Marius Muench} and {Giovanni Vigna} and {Christopher Kruegel} and {Thorsten Holz} and {Ali Abbasi}},\\n\\tmonth = aug,\\n\\tyear = {2022},\\n\\tkeywords = {class\\\\_binary, proj\\\\_intersect, proj\\\\_tropics, type\\\\_conf, type\\\\_paper, type\\\\_tier1, type\\\\_top},\\n}\\n\\n\",\"author_short\":[\"Tobias Scharnowski\",\"Nils Bars\",\"Moritz Schloegel\",\"Eric Gustafson\",\"Marius Muench\",\"Giovanni Vigna\",\"Christopher Kruegel\",\"Thorsten Holz\",\"Ali Abbasi\"],\"key\":\"tobias_scharnowski_fuzzware_2022\",\"id\":\"tobias_scharnowski_fuzzware_2022\",\"bibbaseid\":\"tobiasscharnowski-nilsbars-moritzschloegel-ericgustafson-mariusmuench-giovannivigna-christopherkruegel-thorstenholz-etal-fuzzwareusingprecisemmiomodelingforeffectivefirmwarefuzzing-2022\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://www.usenix.org/system/files/sec22summer_scharnowski.pdf\"},\"keyword\":[\"class_binary\",\"proj_intersect\",\"proj_tropics\",\"type_conf\",\"type_paper\",\"type_tier1\",\"type_top\"],\"metadata\":{\"authorlinks\":{}},\"downloads\":67,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"SoK: Enabling Security Analyses of Embedded Systems via Rehosting\",\"url\":\"https://dl.acm.org/doi/pdf/10.1145/3433210.3453093\",\"doi\":\"10.1145/3433210.3453093\",\"abstract\":\"Closely monitoring the behavior of a software system during its execution enables developers and analysts to observe, and ultimately understand, how it works. This kind of dynamic analysis can be instrumental to reverse engineering, vulnerability discovery, exploit development, and debugging. While these analyses are typically well-supported for homogeneous desktop platforms (e.g., x86 desktop PCs), they can rarely be applied in the heterogeneous world of embedded systems. One approach to enable dynamic analyses of embedded systems is to move software stacks from physical systems into virtual environments that sufficiently model hardware behavior. This process which we call \\\"rehosting\\\" poses a significant research challenge with major implications for security analyses. Although rehosting has traditionally been an unscientific and ad-hoc endeavor undertaken by domain experts with varying time and resources at their disposal, researchers are beginning to address rehosting challenges systematically and in earnest. In this paper, we establish that emulation is insufficient to conduct large-scale dynamic analysis of real-world hardware systems and present rehosting as a firmware-centric alternative. Furthermore, we taxonomize preliminary rehosting efforts, identify the fundamental components of the rehosting process, and propose directions for future research.\",\"booktitle\":\"ASIACCS\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Fasano\"],\"firstnames\":[\"Andrew\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Ballo\"],\"firstnames\":[\"Tiemoko\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Muench\"],\"firstnames\":[\"Marius\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Leek\"],\"firstnames\":[\"Tim\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Bulekov\"],\"firstnames\":[\"Alexander\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Dolan-Gavitt\"],\"firstnames\":[\"Brendan\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Egele\"],\"firstnames\":[\"Manuel\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Francillon\"],\"firstnames\":[\"Aurélien\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Lu\"],\"firstnames\":[\"Long\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Gregory\"],\"firstnames\":[\"Nick\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Balzarotti\"],\"firstnames\":[\"Davide\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Robertson\"],\"firstnames\":[\"William\"],\"suffixes\":[]}],\"month\":\"May\",\"year\":\"2021\",\"keywords\":\"class_binary, dynamic program analysis, embedded systems, emulation, firmware security, internet of things, proj_intersect, proj_tropics, rehosting, type_conf, type_paper, type_top, virtualization\",\"bibtex\":\"@inproceedings{fasano_sok_2021,\\n\\ttitle = {{SoK}: {Enabling} {Security} {Analyses} of {Embedded} {Systems} via {Rehosting}},\\n\\turl = {https://dl.acm.org/doi/pdf/10.1145/3433210.3453093},\\n\\tdoi = {10.1145/3433210.3453093},\\n\\tabstract = {Closely monitoring the behavior of a software system during its execution enables developers and analysts to observe, and ultimately understand, how it works. This kind of dynamic analysis can be instrumental to reverse engineering, vulnerability discovery, exploit development, and debugging. While these analyses are typically well-supported for homogeneous desktop platforms (e.g., x86 desktop PCs), they can rarely be applied in the heterogeneous world of embedded systems. One approach to enable dynamic analyses of embedded systems is to move software stacks from physical systems into virtual environments that sufficiently model hardware behavior. This process which we call \\\"rehosting\\\" poses a significant research challenge with major implications for security analyses. Although rehosting has traditionally been an unscientific and ad-hoc endeavor undertaken by domain experts with varying time and resources at their disposal, researchers are beginning to address rehosting challenges systematically and in earnest. In this paper, we establish that emulation is insufficient to conduct large-scale dynamic analysis of real-world hardware systems and present rehosting as a firmware-centric alternative. Furthermore, we taxonomize preliminary rehosting efforts, identify the fundamental components of the rehosting process, and propose directions for future research.},\\n\\tbooktitle = {{ASIACCS}},\\n\\tauthor = {Fasano, Andrew and Ballo, Tiemoko and Muench, Marius and Leek, Tim and Bulekov, Alexander and Dolan-Gavitt, Brendan and Egele, Manuel and Francillon, Aurélien and Lu, Long and Gregory, Nick and Balzarotti, Davide and Robertson, William},\\n\\tmonth = may,\\n\\tyear = {2021},\\n\\tkeywords = {class\\\\_binary, dynamic program analysis, embedded systems, emulation, firmware security, internet of things, proj\\\\_intersect, proj\\\\_tropics, rehosting, type\\\\_conf, type\\\\_paper, type\\\\_top, virtualization},\\n}\\n\\n\",\"author_short\":[\"Fasano, A.\",\"Ballo, T.\",\"Muench, M.\",\"Leek, T.\",\"Bulekov, A.\",\"Dolan-Gavitt, B.\",\"Egele, M.\",\"Francillon, A.\",\"Lu, L.\",\"Gregory, N.\",\"Balzarotti, D.\",\"Robertson, W.\"],\"key\":\"fasano_sok_2021\",\"id\":\"fasano_sok_2021\",\"bibbaseid\":\"fasano-ballo-muench-leek-bulekov-dolangavitt-egele-francillon-etal-sokenablingsecurityanalysesofembeddedsystemsviarehosting-2021\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://dl.acm.org/doi/pdf/10.1145/3433210.3453093\"},\"keyword\":[\"class_binary\",\"dynamic program analysis\",\"embedded systems\",\"emulation\",\"firmware security\",\"internet of things\",\"proj_intersect\",\"proj_tropics\",\"rehosting\",\"type_conf\",\"type_paper\",\"type_top\",\"virtualization\"],\"metadata\":{\"authorlinks\":{}},\"downloads\":21,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices\",\"copyright\":\"All rights reserved\",\"url\":\"http://s3.eurecom.fr/docs/ndss18_muench.pdf\",\"booktitle\":\"NDSS\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Muench\"],\"firstnames\":[\"Marius\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Stijohann\"],\"firstnames\":[\"Jan\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Kargl\"],\"firstnames\":[\"Frank\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Francillon\"],\"firstnames\":[\"Aurelien\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Balzarotti\"],\"firstnames\":[\"Davide\"],\"suffixes\":[]}],\"month\":\"February\",\"year\":\"2018\",\"bibtex\":\"@inproceedings{muench_what_2018,\\n\\ttitle = {What {You} {Corrupt} {Is} {Not} {What} {You} {Crash}: {Challenges} in {Fuzzing} {Embedded} {Devices}},\\n\\tcopyright = {All rights reserved},\\n\\turl = {http://s3.eurecom.fr/docs/ndss18_muench.pdf},\\n\\tbooktitle = {{NDSS}},\\n\\tauthor = {Muench, Marius and Stijohann, Jan and Kargl, Frank and Francillon, Aurelien and Balzarotti, Davide},\\n\\tmonth = feb,\\n\\tyear = {2018},\\n}\\n\\n\",\"author_short\":[\"Muench, M.\",\"Stijohann, J.\",\"Kargl, F.\",\"Francillon, A.\",\"Balzarotti, D.\"],\"key\":\"muench_what_2018\",\"id\":\"muench_what_2018\",\"bibbaseid\":\"muench-stijohann-kargl-francillon-balzarotti-whatyoucorruptisnotwhatyoucrashchallengesinfuzzingembeddeddevices-2018\",\"role\":\"author\",\"urls\":{\"Paper\":\"http://s3.eurecom.fr/docs/ndss18_muench.pdf\"},\"metadata\":{\"authorlinks\":{\"muench, m\":\"https://www.vusec.net/\"}},\"downloads\":4,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"Toward the Analysis of Embedded Firmware through Automated Re-hosting\",\"url\":\"https://www.usenix.org/system/files/raid2019-gustafson.pdf\",\"booktitle\":\"RAID\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Gustafson\"],\"firstnames\":[\"Eric\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Muench\"],\"firstnames\":[\"Marius\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Spensky\"],\"firstnames\":[\"Chad\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Redini\"],\"firstnames\":[\"Nilo\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Machiry\"],\"firstnames\":[\"Aravind\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Fratantonio\"],\"firstnames\":[\"Yanick\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Balzarotti\"],\"firstnames\":[\"Davide\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Francillon\"],\"firstnames\":[\"Aurelien\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Choe\"],\"firstnames\":[\"Yung\",\"Ryn\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Kruegel\"],\"firstnames\":[\"Christopher\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Vigna\"],\"firstnames\":[\"Giovanni\"],\"suffixes\":[]}],\"month\":\"September\",\"year\":\"2019\",\"bibtex\":\"@inproceedings{gustafson_toward_2019,\\n\\ttitle = {Toward the {Analysis} of {Embedded} {Firmware} through {Automated} {Re}-hosting},\\n\\turl = {https://www.usenix.org/system/files/raid2019-gustafson.pdf},\\n\\tbooktitle = {{RAID}},\\n\\tauthor = {Gustafson, Eric and Muench, Marius and Spensky, Chad and Redini, Nilo and Machiry, Aravind and Fratantonio, Yanick and Balzarotti, Davide and Francillon, Aurelien and Choe, Yung Ryn and Kruegel, Christopher and Vigna, Giovanni},\\n\\tmonth = sep,\\n\\tyear = {2019},\\n}\\n\\n\",\"author_short\":[\"Gustafson, E.\",\"Muench, M.\",\"Spensky, C.\",\"Redini, N.\",\"Machiry, A.\",\"Fratantonio, Y.\",\"Balzarotti, D.\",\"Francillon, A.\",\"Choe, Y. R.\",\"Kruegel, C.\",\"Vigna, G.\"],\"key\":\"gustafson_toward_2019\",\"id\":\"gustafson_toward_2019\",\"bibbaseid\":\"gustafson-muench-spensky-redini-machiry-fratantonio-balzarotti-francillon-etal-towardtheanalysisofembeddedfirmwarethroughautomatedrehosting-2019\",\"role\":\"author\",\"urls\":{\"Paper\":\"https://www.usenix.org/system/files/raid2019-gustafson.pdf\"},\"metadata\":{\"authorlinks\":{\"muench, m\":\"https://www.vusec.net/\"}},\"downloads\":0,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory\",\"url\":\"http://s3.eurecom.fr/docs/raid16_muench.pdf\",\"booktitle\":\"RAID\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Muench\"],\"firstnames\":[\"Marius\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Pagani\"],\"firstnames\":[\"Fabio\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Shoshitaishvili\"],\"firstnames\":[\"Yan\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Kruegel\"],\"firstnames\":[\"Christopher\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Vigna\"],\"firstnames\":[\"Giovanni\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Balzarotti\"],\"firstnames\":[\"Davide\"],\"suffixes\":[]}],\"month\":\"September\",\"year\":\"2016\",\"bibtex\":\"@inproceedings{muench_taming_2016,\\n\\ttitle = {Taming {Transactions}: {Towards} {Hardware}-{Assisted} {Control} {Flow} {Integrity} {Using} {Transactional} {Memory}},\\n\\turl = {http://s3.eurecom.fr/docs/raid16_muench.pdf},\\n\\tbooktitle = {{RAID}},\\n\\tauthor = {Muench, Marius and Pagani, Fabio and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni and Balzarotti, Davide},\\n\\tmonth = sep,\\n\\tyear = {2016},\\n}\\n\\n\",\"author_short\":[\"Muench, M.\",\"Pagani, F.\",\"Shoshitaishvili, Y.\",\"Kruegel, C.\",\"Vigna, G.\",\"Balzarotti, D.\"],\"key\":\"muench_taming_2016\",\"id\":\"muench_taming_2016\",\"bibbaseid\":\"muench-pagani-shoshitaishvili-kruegel-vigna-balzarotti-tamingtransactionstowardshardwareassistedcontrolflowintegrityusingtransactionalmemory-2016\",\"role\":\"author\",\"urls\":{\"Paper\":\"http://s3.eurecom.fr/docs/raid16_muench.pdf\"},\"metadata\":{\"authorlinks\":{\"muench, m\":\"https://www.vusec.net/\"}},\"downloads\":1,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers\",\"url\":\"http://s3.eurecom.fr/docs/ccs18_camurati.pdf\",\"booktitle\":\"CCS\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Camurati\"],\"firstnames\":[\"Giovanni\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Poeplau\"],\"firstnames\":[\"Sebastian\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Muench\"],\"firstnames\":[\"Marius\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Hayes\"],\"firstnames\":[\"Tom\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Francillon\"],\"firstnames\":[\"Aurelien\"],\"suffixes\":[]}],\"month\":\"October\",\"year\":\"2018\",\"bibtex\":\"@inproceedings{camurati_screaming_2018,\\n\\ttitle = {Screaming {Channels}: {When} {Electromagnetic} {Side} {Channels} {Meet} {Radio} {Transceivers}},\\n\\turl = {http://s3.eurecom.fr/docs/ccs18_camurati.pdf},\\n\\tbooktitle = {{CCS}},\\n\\tauthor = {Camurati, Giovanni and Poeplau, Sebastian and Muench, Marius and Hayes, Tom and Francillon, Aurelien},\\n\\tmonth = oct,\\n\\tyear = {2018},\\n}\\n\\n\",\"author_short\":[\"Camurati, G.\",\"Poeplau, S.\",\"Muench, M.\",\"Hayes, T.\",\"Francillon, A.\"],\"key\":\"camurati_screaming_2018\",\"id\":\"camurati_screaming_2018\",\"bibbaseid\":\"camurati-poeplau-muench-hayes-francillon-screamingchannelswhenelectromagneticsidechannelsmeetradiotransceivers-2018\",\"role\":\"author\",\"urls\":{\"Paper\":\"http://s3.eurecom.fr/docs/ccs18_camurati.pdf\"},\"metadata\":{\"authorlinks\":{\"muench, m\":\"https://www.vusec.net/\"}},\"downloads\":3,\"html\":\"\"},{\"bibtype\":\"inproceedings\",\"type\":\"inproceedings\",\"title\":\"Avatar²: A Multi-target Orchestration Platform\",\"url\":\"http://s3.eurecom.fr/docs/bar18_muench.pdf\",\"booktitle\":\"Workshop on Binary Analysis Research (BAR)\",\"author\":[{\"propositions\":[],\"lastnames\":[\"Muench\"],\"firstnames\":[\"Marius\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Nisi\"],\"firstnames\":[\"Dario\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Francillon\"],\"firstnames\":[\"Aurelien\"],\"suffixes\":[]},{\"propositions\":[],\"lastnames\":[\"Balzarotti\"],\"firstnames\":[\"Davide\"],\"suffixes\":[]}],\"month\":\"February\",\"year\":\"2018\",\"bibtex\":\"@inproceedings{muench_avatar_2018,\\n\\ttitle = {Avatar²: {A} {Multi}-target {Orchestration} {Platform}},\\n\\turl = {http://s3.eurecom.fr/docs/bar18_muench.pdf},\\n\\tbooktitle = {Workshop on {Binary} {Analysis} {Research} ({BAR})},\\n\\tauthor = {Muench, Marius and Nisi, Dario and Francillon, Aurelien and Balzarotti, Davide},\\n\\tmonth = feb,\\n\\tyear = {2018},\\n}\\n\",\"author_short\":[\"Muench, M.\",\"Nisi, D.\",\"Francillon, A.\",\"Balzarotti, D.\"],\"key\":\"muench_avatar_2018\",\"id\":\"muench_avatar_2018\",\"bibbaseid\":\"muench-nisi-francillon-balzarotti-avataramultitargetorchestrationplatform-2018\",\"role\":\"author\",\"urls\":{\"Paper\":\"http://s3.eurecom.fr/docs/bar18_muench.pdf\"},\"metadata\":{\"authorlinks\":{\"muench, m\":\"https://www.vusec.net/\"}},\"downloads\":1,\"html\":\"\"}],\n      metadata: {\"authorlinks\":{}},\n      ownerID: undefined\n    };\n  </script>\n\n  <script type=\"text/javascript\">\n  var site$;\n  if (typeof $ != 'undefined') {\n    console.log('existing jquery: storing and then restoring');\n    site$ = $;\n    $ = null;\n  }\n  </script>\n\n  <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js\">\n  </script>\n  <script type=\"text/javascript\">\n  if (site$) {\n    console.log('existing jquery: avoiding conflict and restoring');\n    bb$ = $.noConflict(true);\n    $ = site$;\n  } else {\n    bb$ = $;\n  }\n  </script>\n\n  <script src=\"//bibbase.org/js/bibbase.min.js\"\n          type=\"text/javascript\">\n  </script>\n\n  <script type=\"text/javascript\"\n          src=\"https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML\">\n  </script>\n  <script type=\"text/x-mathjax-config\">\n    MathJax.Hub.Config({tex2jax: {inlineMath: [['$','$'], ['\\\\(','\\\\)']]},\n                        skipTags: [\"body\"],\n                        processClass: \"bibbase_paper\"});\n  </script>\n\n  <style>\n  @media print {\n    .dontprint {\n        display: none !important;\n    }\n\n  .bibbase_group {\n    background-color: #E0E0E0;\n    font-style: italic;\n    font-size: larger;\n    text-shadow: 0px 0px 3px #FFFFFF;\n    border-radius: 4px 4px 4px 4px;\n    -moz-border-radius: 4px 4px 4px 4px;\n    -webkit-border-radius: 4px;\n    padding: 5px 40px 5px;\n    margin-top: 10px;\n    margin-bottom: 5px;\n    cursor: pointer;\n  }\n\n  .bibbase_paper {\n    margin-bottom: 5px;\n  }\n\n  }\n  </style>\n\n  \n  <div style=\"float: right; margin-right: 10px; margin-top: 10px; text-align: right; font-size: 12px\">\n    generated by\n    <a href=\"//bibbase.org\"\n       onclick=\"trackOutboundLink('bibbase', 'logo clicked', window.location.href, '//bibbase.org'); return false;\">\n      <img src=\"//bibbase.org/img/logo.svg\"\n           style=\"vertical-align: middle; margin-left: 3px; height: 16px;\"/\n           alt=\"bibbase.org\"\n           title=\"BibBase – The easiest way to maintain your publications page.\"\n        ></a>\n    \n  </div>\n  \n\n  <div id=\"bibbase_header\" class=\"dontprint\" style=\"\">\n\n    <ul class=\"nav nav-pills\" style=\"margin: 0px;\">\n\n      <li class=\"dropdown\" id=\"groupby_dropdown\">\n      <a class=\"dropdown-toggle\"\n         data-toggle=\"dropdown\"\n         href=\"#\">\n          Group by\n          <b class=\"caret\"></b>\n      </a>\n      <ul class=\"dropdown-menu\">\n        <li class=\"groupby year\"><a onclick=\"groupby('year')\">\n            Year</a>\n        </li>\n        <li class=\"groupby author\"><a onclick=\"groupby('author_short')\">\n            Author</a>\n        </li>\n        <li class=\"groupby type\"><a onclick=\"groupby('type')\">\n            Type</a>\n        </li>\n        <li class=\"groupby keyword\"><a onclick=\"groupby('keyword')\">\n            Keyword</a>\n        </li>\n        <li class=\"groupby downloads\"><a onclick=\"groupby('downloads')\">\n            Downloads</a>\n        </li>\n      </ul>\n      </li>\n\n\n      <li class=\"dropdown\" id=\"menu_dropdown\">\n      <a class=\"dropdown-toggle\"\n         data-toggle=\"dropdown\"\n         href=\"#\" alt=\"controls\">\n          <i class=\"fa fa-reorder\" alt=\"controls\"></i>\n          <b class=\"caret\"></b>\n      </a>\n      <ul class=\"dropdown-menu\">\n        <li>\n          <a onclick=\"toggleAll()\">\n            <i class=\"fa fa-chevron-down fa-fw\"></i> Expand/Collapse All\n          </a>\n        </li>\n        <li>\n          <a download=\"items\" href=\"data:text/bibtex;base64,QGlucHJvY2VlZGluZ3N7ZHV0YV9sZXRfMjAyMywKCXRpdGxlID0ge0xldCB7TWV9IHtVbndpbmR9IHtUaGF0fSB7Rm9yfSB7WW91fToge0V4Y2VwdGlvbnN9IHRvIHtCYWNrd2FyZH0te0VkZ2V9IHtQcm90ZWN0aW9ufX0sCgl1cmwgPSB7UGFwZXI9aHR0cHM6Ly9kb3dubG9hZC52dXNlYy5uZXQvcGFwZXJzL2Nob3BfbmRzczIzLnBkZiBDb2RlPWh0dHBzOi8vZ2l0aHViLmNvbS9jaG9wLXByb2plY3QvY2hvcH0sCglib29rdGl0bGUgPSB7e05EU1N9fSwKCWF1dGhvciA9IHtEdXRhLCBWaWN0b3IgYW5kIEZyZXllciwgRmFiaWFuIGFuZCBQYWdhbmksIEZhYmlvIGFuZCBNdWVuY2gsIE1hcml1cyBhbmQgR2l1ZmZyaWRhLCBDcmlzdGlhbm99LAoJbW9udGggPSBmZWIsCgl5ZWFyID0gezIwMjN9LAoJbm90ZSA9IHtJbnRlbCBCb3VudHkgUmV3YXJkfSwKCWtleXdvcmRzID0ge2NsYXNzXF9iaW5hcnksIHByb2pcX2ludGVyc2VjdCwgcHJvalxfbWVtbywgcHJvalxfb2ZmY29yZSwgcHJvalxfdGhlc2V1cywgcHJvalxfdHJvcGljcywgdHlwZVxfYXdhcmQsIHR5cGVcX2JvdW50eSwgdHlwZVxfY29uZiwgdHlwZVxfcGFwZXIsIHR5cGVcX3RpZXIxLCB0eXBlXF90b3B9LAp9CgoKCkBpbnByb2NlZWRpbmdze2dyYW50X2hlcm5hbmRlel9maXJtd2lyZV8yMDIyLAoJdGl0bGUgPSB7e0Zpcm1XaXJlfToge1RyYW5zcGFyZW50fSB7RHluYW1pY30ge0FuYWx5c2lzfSBmb3Ige0NlbGx1bGFyfSB7QmFzZWJhbmR9IHtGaXJtd2FyZX19LAoJdXJsID0ge1BhcGVyPWh0dHBzOi8vaGVybmFuLmRlL3Jlc2VhcmNoL3BhcGVycy9maXJtd2lyZS1uZHNzMjItaGVybmFuZGV6LnBkZiBDb2RlPWh0dHBzOi8vZ2l0aHViLmNvbS9GaXJtV2lyZS9GaXJtV2lyZX0sCglib29rdGl0bGUgPSB7e05EU1N9fSwKCWF1dGhvciA9IHt7R3JhbnQgSGVybmFuZGV6fSBhbmQge01hcml1cyBNdWVuY2h9IGFuZCB7RG9taW5payBNYWllcn0gYW5kIHtBbHlzc2EgTWlsYnVybn0gYW5kIHtTaGluam8gUGFya30gYW5kIHtUb2JpYXMgU2NoYXJub3dza2l9IGFuZCB7VHlsZXIgVHVja2VyfSBhbmQge1BhdHJpY2sgVHJheW5vcn0gYW5kIHtLZXZpbiBSLiBCLiBCdXRsZXJ9fSwKCW1vbnRoID0gZmViLAoJeWVhciA9IHsyMDIyfSwKCWtleXdvcmRzID0ge2NsYXNzXF9iaW5hcnksIHByb2pcX2ludGVyc2VjdCwgcHJvalxfdHJvcGljcywgdHlwZVxfY29uZiwgdHlwZVxfcGFwZXIsIHR5cGVcX3RpZXIxLCB0eXBlXF90b3B9LAp9CgoKCkBpbnByb2NlZWRpbmdze2JhcmJlcmlzX2JyYW5jaF8yMDIyLAoJdGl0bGUgPSB7QnJhbmNoIHtIaXN0b3J5fSB7SW5qZWN0aW9ufToge09ufSB0aGUge0VmZmVjdGl2ZW5lc3N9IG9mIHtIYXJkd2FyZX0ge01pdGlnYXRpb25zfSB7QWdhaW5zdH0ge0Nyb3NzfS17UHJpdmlsZWdlfSB7U3BlY3RyZX0tdjIge0F0dGFja3N9fSwKCXVybCA9IHtQYXBlcj1odHRwOi8vZG93bmxvYWQudnVzZWMubmV0L3BhcGVycy9iaGktc3BlY3RyZS1iaGJfc2VjMjIucGRmIFdlYj1odHRwczovL3d3dy52dXNlYy5uZXQvcHJvamVjdHMvYmhpLXNwZWN0cmUtYmhiIENvZGU9aHR0cHM6Ly9naXRodWIuY29tL3Z1c2VjL2JoaS1zcGVjdHJlLWJoYn0sCglib29rdGl0bGUgPSB7e1VTRU5JWH0ge1NlY3VyaXR5fX0sCglhdXRob3IgPSB7QmFyYmVyaXMsIEVucmljbyBhbmQgRnJpZ28sIFBpZXRybyBhbmQgTXVlbmNoLCBNYXJpdXMgYW5kIEJvcywgSGVyYmVydCBhbmQgR2l1ZmZyaWRhLCBDcmlzdGlhbm99LAoJbW9udGggPSBhdWcsCgl5ZWFyID0gezIwMjJ9LAoJbm90ZSA9IHtJbnRlbCBCb3VudHkgUmV3YXJkfSwKCWtleXdvcmRzID0ge2NsYXNzXF9zaWRlY2hhbm5lbHMsIHByb2pcX2ludGVyc2VjdCwgcHJvalxfb2ZmY29yZSwgcHJvalxfdGhlc2V1cywgcHJvalxfdHJvcGljcywgcHJvalxfdW5pY29yZSwgdHlwZVxfYXdhcmQsIHR5cGVcX2NvbmYsIHR5cGVcX3BhcGVyLCB0eXBlXF9wcmVzcywgdHlwZVxfdGllcjEsIHR5cGVcX3RvcH0sCn0KCgoKQGFydGljbGV7Y29ydGVnZ2lhbmlfc29jXzIwMjEsCgl0aXRsZSA9IHt7U29DfSB7U2VjdXJpdHl9IHtFdmFsdWF0aW9ufToge1JlZmxlY3Rpb25zfSBvbiB7TWV0aG9kb2xvZ3l9IGFuZCB7VG9vbGluZ319LAoJdm9sdW1lID0gezM4fSwKCWlzc24gPSB7MjE2OC0yMzU2LCAyMTY4LTIzNjR9LAoJc2hvcnR0aXRsZSA9IHt7U29DfSB7U2VjdXJpdHl9IHtFdmFsdWF0aW9ufX0sCgl1cmwgPSB7aHR0cHM6Ly93d3cuZXVyZWNvbS5mci9wdWJsaWNhdGlvbi82MzA3L2Rvd25sb2FkL3NlYy1wdWJsaS02MzA3LnBkZn0sCglkb2kgPSB7MTAuMTEwOS9NREFULjIwMjAuMzAxMzgyN30sCgludW1iZXIgPSB7MX0sCgl1cmxkYXRlID0gezIwMjEtMDgtMTl9LAoJam91cm5hbCA9IHtJRUVFIERlc2lnbiBcJiBUZXN0fSwKCWF1dGhvciA9IHtDb3J0ZWdnaWFuaSwgTmFzc2ltIGFuZCBDYW11cmF0aSwgR2lvdmFubmkgYW5kIE11ZW5jaCwgTWFyaXVzIGFuZCBQb2VwbGF1LCBTZWJhc3RpYW4gYW5kIEZyYW5jaWxsb24sIEF1cmVsaWVufSwKCW1vbnRoID0gZmViLAoJeWVhciA9IHsyMDIxfSwKCWtleXdvcmRzID0ge2NsYXNzXF9iaW5hcnksIHR5cGVcX2pvdXJuYWwsIHR5cGVcX3BhcGVyfSwKCXBhZ2VzID0gezctLTEzfSwKfQoKCgpAaW5wcm9jZWVkaW5nc3t0b2JpYXNfc2NoYXJub3dza2lfZnV6endhcmVfMjAyMiwKCXRpdGxlID0ge0Z1enp3YXJlOiB7VXNpbmd9IHtQcmVjaXNlfSB7TU1JT30ge01vZGVsaW5nfSBmb3Ige0VmZmVjdGl2ZX0ge0Zpcm13YXJlfSB7RnV6emluZ319LAoJdXJsID0ge2h0dHBzOi8vd3d3LnVzZW5peC5vcmcvc3lzdGVtL2ZpbGVzL3NlYzIyc3VtbWVyX3NjaGFybm93c2tpLnBkZn0sCglhYnN0cmFjdCA9IHtBcyBlbWJlZGRlZCBkZXZpY2VzIGFyZSBiZWNvbWluZyBtb3JlIHBlcnZhc2l2ZSBpbiBvdXIgZXZlcnlkYXkgbGl2ZXMsIHRoZXkgdHVybiBpbnRvIGFuIGF0dHJhY3RpdmUgdGFyZ2V0IGZvciBhZHZlcnNhcmllcy4gRGVzcGl0ZSB0aGVpciBoaWdoIHZhbHVlIGFuZCBsYXJnZSBhdHRhY2sgc3VyZmFjZSwgYXBwbHlpbmcgYXV0b21hdGVkIHRlc3RpbmcgdGVjaG5pcXVlcyBzdWNoIGFzIGZ1enppbmcgaXMgbm90IHN0cmFpZ2h0Zm9yd2FyZCBmb3Igc3VjaCBkZXZpY2VzLiBBcyBmdXp6IHRlc3RpbmcgZmlybXdhcmUgb24gY29uc3RyYWluZWQgZW1iZWRkZWQgZGV2aWNlcyBpcyBpbmVmZmljaWVudCwgc3RhdGUtb2YtdGhlLWFydCBhcHByb2FjaGVzIGluc3RlYWQgb3B0IHRvIHJ1biB0aGUgZmlybXdhcmUgaW4gYW4gZW11bGF0b3IgKHRocm91Z2ggYSBwcm9jZXNzIGNhbGxlZCByZS1ob3N0aW5nKS4gSG93ZXZlciwgZXhpc3RpbmcgYXBwcm9hY2hlcyBlaXRoZXIgdXNlIGNvYXJzZS1ncmFpbmVkIHN0YXRpYyBtb2RlbHMgb2YgaGFyZHdhcmUgYmVoYXZpb3Igb3IgcmVxdWlyZSBtYW51YWwgZWZmb3J0IHRvIHJlLWhvc3QgdGhlIGZpcm13YXJlLgoKV2UgcHJvcG9zZSBhIG5vdmVsIGNvbWJpbmF0aW9uIG9mIGxpZ2h0d2VpZ2h0IHByb2dyYW0gYW5hbHlzaXMsIHJlLWhvc3RpbmcsIGFuZCBmdXp6IHRlc3RpbmcgdG8gdGFja2xlIHRoZXNlIGNoYWxsZW5nZXMuIFdlIHByZXNlbnQgdGhlIGRlc2lnbiBhbmQgaW1wbGVtZW50YXRpb24gb2YgRnV6endhcmUsIGEgc29mdHdhcmUtb25seSBzeXN0ZW0gdG8gZnV6eiB0ZXN0IHVubW9kaWZpZWQgbW9ub2xpdGhpYyBmaXJtd2FyZSBpbiBhIHNjYWxhYmxlIHdheS4gQnkgZGV0ZXJtaW5pbmcgaG93IGhhcmR3YXJlLWdlbmVyYXRlZCB2YWx1ZXMgYXJlIGFjdHVhbGx5IHVzZWQgYnkgdGhlIGZpcm13YXJlIGxvZ2ljLCBGdXp6d2FyZSBjYW4gYXV0b21hdGljYWxseSBnZW5lcmF0ZSBtb2RlbHMgdGhhdCBoZWxwIGZvY3VzaW5nIHRoZSBmdXp6aW5nIHByb2Nlc3Mgb24gbXV0YXRpbmcgdGhlIGlucHV0cyB0aGF0IG1hdHRlciwgd2hpY2ggZHJhc3RpY2FsbHkgaW1wcm92ZXMgaXRzIGVmZmVjdGl2ZW5lc3MuCgpXZSBldmFsdWF0ZSBvdXIgYXBwcm9hY2ggb24gc3ludGhldGljIGFuZCByZWFsLXdvcmxkIHRhcmdldHMgY29tcHJpc2luZyBhIHRvdGFsIG9mIDE5IGhhcmR3YXJlIHBsYXRmb3JtcyBhbmQgNzcgZmlybXdhcmUgaW1hZ2VzLiBDb21wYXJlZCB0byBzdGF0ZS1vZi10aGUtYXJ0IHdvcmssIEZ1enp3YXJlIGFjaGlldmVzIHVwIHRvIDMuMjUgdGltZXMgdGhlIGNvZGUgY292ZXJhZ2UgYW5kIG91ciBtb2RlbGluZyBhcHByb2FjaCByZWR1Y2VzIHRoZSBzaXplIG9mIHRoZSBpbnB1dCBzcGFjZSBieSB1cCB0byA5NS41XCUuIFRoZSBzeW50aGV0aWMgc2FtcGxlcyBjb250YWluIDY2IHVuaXQgdGVzdHMgZm9yIHZhcmlvdXMgaGFyZHdhcmUgaW50ZXJhY3Rpb25zLCBhbmQgd2UgZmluZCB0aGF0IG91ciBhcHByb2FjaCBpcyB0aGUgZmlyc3QgZ2VuZXJpYyByZS1ob3N0aW5nIHNvbHV0aW9uIHRvIGF1dG9tYXRpY2FsbHkgcGFzcyBhbGwgb2YgdGhlbS4gRnV6endhcmUgZGlzY292ZXJlZCAxNSBjb21wbGV0ZWx5IG5ldyBidWdzIGluY2x1ZGluZyBidWdzIGluIHRhcmdldHMgd2hpY2ggd2VyZSBwcmV2aW91c2x5IGFuYWx5emVkIGJ5IG90aGVyIHdvcmtzOyBhIHRvdGFsIG9mIDEyIENWRXMgd2VyZSBhc3NpZ25lZC59LAoJYm9va3RpdGxlID0ge3tVU0VOSVh9IHtTZWN1cml0eX19LAoJYXV0aG9yID0ge3tUb2JpYXMgU2NoYXJub3dza2l9IGFuZCB7TmlscyBCYXJzfSBhbmQge01vcml0eiBTY2hsb2VnZWx9IGFuZCB7RXJpYyBHdXN0YWZzb259IGFuZCB7TWFyaXVzIE11ZW5jaH0gYW5kIHtHaW92YW5uaSBWaWduYX0gYW5kIHtDaHJpc3RvcGhlciBLcnVlZ2VsfSBhbmQge1Rob3JzdGVuIEhvbHp9IGFuZCB7QWxpIEFiYmFzaX19LAoJbW9udGggPSBhdWcsCgl5ZWFyID0gezIwMjJ9LAoJa2V5d29yZHMgPSB7Y2xhc3NcX2JpbmFyeSwgcHJvalxfaW50ZXJzZWN0LCBwcm9qXF90cm9waWNzLCB0eXBlXF9jb25mLCB0eXBlXF9wYXBlciwgdHlwZVxfdGllcjEsIHR5cGVcX3RvcH0sCn0KCgoKQGlucHJvY2VlZGluZ3N7ZmFzYW5vX3Nva18yMDIxLAoJdGl0bGUgPSB7e1NvS306IHtFbmFibGluZ30ge1NlY3VyaXR5fSB7QW5hbHlzZXN9IG9mIHtFbWJlZGRlZH0ge1N5c3RlbXN9IHZpYSB7UmVob3N0aW5nfX0sCgl1cmwgPSB7aHR0cHM6Ly9kbC5hY20ub3JnL2RvaS9wZGYvMTAuMTE0NS8zNDMzMjEwLjM0NTMwOTN9LAoJZG9pID0gezEwLjExNDUvMzQzMzIxMC4zNDUzMDkzfSwKCWFic3RyYWN0ID0ge0Nsb3NlbHkgbW9uaXRvcmluZyB0aGUgYmVoYXZpb3Igb2YgYSBzb2Z0d2FyZSBzeXN0ZW0gZHVyaW5nIGl0cyBleGVjdXRpb24gZW5hYmxlcyBkZXZlbG9wZXJzIGFuZCBhbmFseXN0cyB0byBvYnNlcnZlLCBhbmQgdWx0aW1hdGVseSB1bmRlcnN0YW5kLCBob3cgaXQgd29ya3MuIFRoaXMga2luZCBvZiBkeW5hbWljIGFuYWx5c2lzIGNhbiBiZSBpbnN0cnVtZW50YWwgdG8gcmV2ZXJzZSBlbmdpbmVlcmluZywgdnVsbmVyYWJpbGl0eSBkaXNjb3ZlcnksIGV4cGxvaXQgZGV2ZWxvcG1lbnQsIGFuZCBkZWJ1Z2dpbmcuIFdoaWxlIHRoZXNlIGFuYWx5c2VzIGFyZSB0eXBpY2FsbHkgd2VsbC1zdXBwb3J0ZWQgZm9yIGhvbW9nZW5lb3VzIGRlc2t0b3AgcGxhdGZvcm1zIChlLmcuLCB4ODYgZGVza3RvcCBQQ3MpLCB0aGV5IGNhbiByYXJlbHkgYmUgYXBwbGllZCBpbiB0aGUgaGV0ZXJvZ2VuZW91cyB3b3JsZCBvZiBlbWJlZGRlZCBzeXN0ZW1zLiBPbmUgYXBwcm9hY2ggdG8gZW5hYmxlIGR5bmFtaWMgYW5hbHlzZXMgb2YgZW1iZWRkZWQgc3lzdGVtcyBpcyB0byBtb3ZlIHNvZnR3YXJlIHN0YWNrcyBmcm9tIHBoeXNpY2FsIHN5c3RlbXMgaW50byB2aXJ0dWFsIGVudmlyb25tZW50cyB0aGF0IHN1ZmZpY2llbnRseSBtb2RlbCBoYXJkd2FyZSBiZWhhdmlvci4gVGhpcyBwcm9jZXNzIHdoaWNoIHdlIGNhbGwgInJlaG9zdGluZyIgcG9zZXMgYSBzaWduaWZpY2FudCByZXNlYXJjaCBjaGFsbGVuZ2Ugd2l0aCBtYWpvciBpbXBsaWNhdGlvbnMgZm9yIHNlY3VyaXR5IGFuYWx5c2VzLiBBbHRob3VnaCByZWhvc3RpbmcgaGFzIHRyYWRpdGlvbmFsbHkgYmVlbiBhbiB1bnNjaWVudGlmaWMgYW5kIGFkLWhvYyBlbmRlYXZvciB1bmRlcnRha2VuIGJ5IGRvbWFpbiBleHBlcnRzIHdpdGggdmFyeWluZyB0aW1lIGFuZCByZXNvdXJjZXMgYXQgdGhlaXIgZGlzcG9zYWwsIHJlc2VhcmNoZXJzIGFyZSBiZWdpbm5pbmcgdG8gYWRkcmVzcyByZWhvc3RpbmcgY2hhbGxlbmdlcyBzeXN0ZW1hdGljYWxseSBhbmQgaW4gZWFybmVzdC4gSW4gdGhpcyBwYXBlciwgd2UgZXN0YWJsaXNoIHRoYXQgZW11bGF0aW9uIGlzIGluc3VmZmljaWVudCB0byBjb25kdWN0IGxhcmdlLXNjYWxlIGR5bmFtaWMgYW5hbHlzaXMgb2YgcmVhbC13b3JsZCBoYXJkd2FyZSBzeXN0ZW1zIGFuZCBwcmVzZW50IHJlaG9zdGluZyBhcyBhIGZpcm13YXJlLWNlbnRyaWMgYWx0ZXJuYXRpdmUuIEZ1cnRoZXJtb3JlLCB3ZSB0YXhvbm9taXplIHByZWxpbWluYXJ5IHJlaG9zdGluZyBlZmZvcnRzLCBpZGVudGlmeSB0aGUgZnVuZGFtZW50YWwgY29tcG9uZW50cyBvZiB0aGUgcmVob3N0aW5nIHByb2Nlc3MsIGFuZCBwcm9wb3NlIGRpcmVjdGlvbnMgZm9yIGZ1dHVyZSByZXNlYXJjaC59LAoJYm9va3RpdGxlID0ge3tBU0lBQ0NTfX0sCglhdXRob3IgPSB7RmFzYW5vLCBBbmRyZXcgYW5kIEJhbGxvLCBUaWVtb2tvIGFuZCBNdWVuY2gsIE1hcml1cyBhbmQgTGVlaywgVGltIGFuZCBCdWxla292LCBBbGV4YW5kZXIgYW5kIERvbGFuLUdhdml0dCwgQnJlbmRhbiBhbmQgRWdlbGUsIE1hbnVlbCBhbmQgRnJhbmNpbGxvbiwgQXVyw6lsaWVuIGFuZCBMdSwgTG9uZyBhbmQgR3JlZ29yeSwgTmljayBhbmQgQmFsemFyb3R0aSwgRGF2aWRlIGFuZCBSb2JlcnRzb24sIFdpbGxpYW19LAoJbW9udGggPSBtYXksCgl5ZWFyID0gezIwMjF9LAoJa2V5d29yZHMgPSB7Y2xhc3NcX2JpbmFyeSwgZHluYW1pYyBwcm9ncmFtIGFuYWx5c2lzLCBlbWJlZGRlZCBzeXN0ZW1zLCBlbXVsYXRpb24sIGZpcm13YXJlIHNlY3VyaXR5LCBpbnRlcm5ldCBvZiB0aGluZ3MsIHByb2pcX2ludGVyc2VjdCwgcHJvalxfdHJvcGljcywgcmVob3N0aW5nLCB0eXBlXF9jb25mLCB0eXBlXF9wYXBlciwgdHlwZVxfdG9wLCB2aXJ0dWFsaXphdGlvbn0sCn0KCgoKQGlucHJvY2VlZGluZ3N7bXVlbmNoX3doYXRfMjAxOCwKCXRpdGxlID0ge1doYXQge1lvdX0ge0NvcnJ1cHR9IHtJc30ge05vdH0ge1doYXR9IHtZb3V9IHtDcmFzaH06IHtDaGFsbGVuZ2VzfSBpbiB7RnV6emluZ30ge0VtYmVkZGVkfSB7RGV2aWNlc319LAoJY29weXJpZ2h0ID0ge0FsbCByaWdodHMgcmVzZXJ2ZWR9LAoJdXJsID0ge2h0dHA6Ly9zMy5ldXJlY29tLmZyL2RvY3MvbmRzczE4X211ZW5jaC5wZGZ9LAoJYm9va3RpdGxlID0ge3tORFNTfX0sCglhdXRob3IgPSB7TXVlbmNoLCBNYXJpdXMgYW5kIFN0aWpvaGFubiwgSmFuIGFuZCBLYXJnbCwgRnJhbmsgYW5kIEZyYW5jaWxsb24sIEF1cmVsaWVuIGFuZCBCYWx6YXJvdHRpLCBEYXZpZGV9LAoJbW9udGggPSBmZWIsCgl5ZWFyID0gezIwMTh9LAp9CgoKCkBpbnByb2NlZWRpbmdze2d1c3RhZnNvbl90b3dhcmRfMjAxOSwKCXRpdGxlID0ge1Rvd2FyZCB0aGUge0FuYWx5c2lzfSBvZiB7RW1iZWRkZWR9IHtGaXJtd2FyZX0gdGhyb3VnaCB7QXV0b21hdGVkfSB7UmV9LWhvc3Rpbmd9LAoJdXJsID0ge2h0dHBzOi8vd3d3LnVzZW5peC5vcmcvc3lzdGVtL2ZpbGVzL3JhaWQyMDE5LWd1c3RhZnNvbi5wZGZ9LAoJYm9va3RpdGxlID0ge3tSQUlEfX0sCglhdXRob3IgPSB7R3VzdGFmc29uLCBFcmljIGFuZCBNdWVuY2gsIE1hcml1cyBhbmQgU3BlbnNreSwgQ2hhZCBhbmQgUmVkaW5pLCBOaWxvIGFuZCBNYWNoaXJ5LCBBcmF2aW5kIGFuZCBGcmF0YW50b25pbywgWWFuaWNrIGFuZCBCYWx6YXJvdHRpLCBEYXZpZGUgYW5kIEZyYW5jaWxsb24sIEF1cmVsaWVuIGFuZCBDaG9lLCBZdW5nIFJ5biBhbmQgS3J1ZWdlbCwgQ2hyaXN0b3BoZXIgYW5kIFZpZ25hLCBHaW92YW5uaX0sCgltb250aCA9IHNlcCwKCXllYXIgPSB7MjAxOX0sCn0KCgoKQGlucHJvY2VlZGluZ3N7bXVlbmNoX3RhbWluZ18yMDE2LAoJdGl0bGUgPSB7VGFtaW5nIHtUcmFuc2FjdGlvbnN9OiB7VG93YXJkc30ge0hhcmR3YXJlfS17QXNzaXN0ZWR9IHtDb250cm9sfSB7Rmxvd30ge0ludGVncml0eX0ge1VzaW5nfSB7VHJhbnNhY3Rpb25hbH0ge01lbW9yeX19LAoJdXJsID0ge2h0dHA6Ly9zMy5ldXJlY29tLmZyL2RvY3MvcmFpZDE2X211ZW5jaC5wZGZ9LAoJYm9va3RpdGxlID0ge3tSQUlEfX0sCglhdXRob3IgPSB7TXVlbmNoLCBNYXJpdXMgYW5kIFBhZ2FuaSwgRmFiaW8gYW5kIFNob3NoaXRhaXNodmlsaSwgWWFuIGFuZCBLcnVlZ2VsLCBDaHJpc3RvcGhlciBhbmQgVmlnbmEsIEdpb3Zhbm5pIGFuZCBCYWx6YXJvdHRpLCBEYXZpZGV9LAoJbW9udGggPSBzZXAsCgl5ZWFyID0gezIwMTZ9LAp9CgoKCkBpbnByb2NlZWRpbmdze2NhbXVyYXRpX3NjcmVhbWluZ18yMDE4LAoJdGl0bGUgPSB7U2NyZWFtaW5nIHtDaGFubmVsc306IHtXaGVufSB7RWxlY3Ryb21hZ25ldGljfSB7U2lkZX0ge0NoYW5uZWxzfSB7TWVldH0ge1JhZGlvfSB7VHJhbnNjZWl2ZXJzfX0sCgl1cmwgPSB7aHR0cDovL3MzLmV1cmVjb20uZnIvZG9jcy9jY3MxOF9jYW11cmF0aS5wZGZ9LAoJYm9va3RpdGxlID0ge3tDQ1N9fSwKCWF1dGhvciA9IHtDYW11cmF0aSwgR2lvdmFubmkgYW5kIFBvZXBsYXUsIFNlYmFzdGlhbiBhbmQgTXVlbmNoLCBNYXJpdXMgYW5kIEhheWVzLCBUb20gYW5kIEZyYW5jaWxsb24sIEF1cmVsaWVufSwKCW1vbnRoID0gb2N0LAoJeWVhciA9IHsyMDE4fSwKfQoKCgpAaW5wcm9jZWVkaW5nc3ttdWVuY2hfYXZhdGFyXzIwMTgsCgl0aXRsZSA9IHtBdmF0YXLCsjoge0F9IHtNdWx0aX0tdGFyZ2V0IHtPcmNoZXN0cmF0aW9ufSB7UGxhdGZvcm19fSwKCXVybCA9IHtodHRwOi8vczMuZXVyZWNvbS5mci9kb2NzL2JhcjE4X211ZW5jaC5wZGZ9LAoJYm9va3RpdGxlID0ge1dvcmtzaG9wIG9uIHtCaW5hcnl9IHtBbmFseXNpc30ge1Jlc2VhcmNofSAoe0JBUn0pfSwKCWF1dGhvciA9IHtNdWVuY2gsIE1hcml1cyBhbmQgTmlzaSwgRGFyaW8gYW5kIEZyYW5jaWxsb24sIEF1cmVsaWVuIGFuZCBCYWx6YXJvdHRpLCBEYXZpZGV9LAoJbW9udGggPSBmZWIsCgl5ZWFyID0gezIwMTh9LAp9Cg==\">\n            <i class=\"fa fa-download fa-fw\"></i> Download BibTeX\n          </a>\n        </li>\n        <li>\n          <a href=\"//bibbase.org/rss?bib=https://api.zotero.org/users/6116615/collections/XWUT27F7/items?key=0ZHiBUimDTHZQMp41D9CdXim&amp;format=bibtex&amp;limit=100\">\n            <i class=\"fa fa-rss fa-fw\"></i> RSS Feed\n          </a>\n          </li>\n      </ul>\n      </li>\n\n      \n\n\n      \n    </ul>\n\n\n    <div class=\"alert alert-success bibbase_msg\" id=\"bibbase_msg_embed\"\n         style=\"display: none;\">\n\n      Excellent! Next you can\n      <a href=\"/network/register?next=/network/newSiteFromTemplate%3Fbiburl=https://api.zotero.org/users/6116615/collections/XWUT27F7/items?key=0ZHiBUimDTHZQMp41D9CdXim&amp;format=bibtex&amp;limit=100\"\n      >create a new website with this list</a>, or\n      embed it in an existing web page by copying &amp; pasting\n      any of the following snippets.\n\n      <div style=\"text-align: left; margin-top: 1em;\">\n        <strong>JavaScript</strong>\n        <span class=\"comment recommended\">(easiest)</span>\n        <div class=\"well well-small\">\n          <code>\n            &lt;script src=\"https://bibbase.org/show?bib=https%3A%2F%2Fapi.zotero.org%2Fusers%2F6116615%2Fcollections%2FXWUT27F7%2Fitems%3Fkey%3D0ZHiBUimDTHZQMp41D9CdXim%26format%3Dbibtex%26limit%3D100&amp;jsonp=1&amp;jsonp=1\"&gt;&lt;/script&gt;\n          </code>\n        </div>\n\n        <strong>PHP</strong>\n        <div class=\"well well-small\">\n          <code>\n            &lt;?php\n            $contents = file_get_contents(\"https://bibbase.org/show?bib=https%3A%2F%2Fapi.zotero.org%2Fusers%2F6116615%2Fcollections%2FXWUT27F7%2Fitems%3Fkey%3D0ZHiBUimDTHZQMp41D9CdXim%26format%3Dbibtex%26limit%3D100&amp;jsonp=1\");\n            print_r($contents);\n            ?&gt;\n          </code>\n        </div>\n\n        <strong>iFrame</strong>\n        <span class=\"comment\">(not recommended)</span>\n        <div class=\"well well-small\">\n          <code>\n            &lt;iframe src=\"https://bibbase.org/show?bib=https%3A%2F%2Fapi.zotero.org%2Fusers%2F6116615%2Fcollections%2FXWUT27F7%2Fitems%3Fkey%3D0ZHiBUimDTHZQMp41D9CdXim%26format%3Dbibtex%26limit%3D100&amp;jsonp=1\"&gt;&lt;/iframe&gt;\n          </code>\n        </div>\n\n        <p>\n          For more details see the <a href=\"//bibbase.org/help\">documention</a>.\n        </p>\n      </div>\n    </div>\n\n    <div class=\"alert alert-success bibbase_msg\" id=\"bibbase_msg_preview\"\n         style=\"display: none;\">\n\n      This is a preview! To use this list on your own web site\n      or create a new web site from it,\n      <a href=\"/network/register?next=/network/newAccountWithFile%3FfileId=\"\n      >create a free account</a>. The file will be added\n      and you will be able to edit it in the File Manager.\n      We will show you instructions once you've created your account.\n    </div>\n\n    <div class=\"alert alert-warning bibbase_msg\" id=\"bibbase_msg_mendeley1\"\n         style=\"display: none;\">\n\n      <p>To the site owner:</p>\n\n      <p><strong>Action required!</strong> Mendeley is changing its\n        API. In order to keep using Mendeley with BibBase past April\n        14th, you need to:\n        <ol>\n          <li>renew the authorization for BibBase on Mendeley, and</li>\n          <li>update the BibBase URL\n            in your page the same way you did when you initially set up\n            this page.\n          </li>\n        </ol>\n      </p>\n\n      <p>\n        <a href=\"http://bibbase.org/cgi-bin/mendeley2/get.py\">\n          <i class=\"fa fa-angle-double-right\"></i>\n          Fix it now</a>\n      </p>\n    </div>\n\n  </div>\n\n\n  <div id=\"bibbase_body\">\n    \n  \n  <div class=\"bibbase_group_whole\" id=\"group_2023\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2023')\"\n      onkeypress=\"toggleGroup('group_2023')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2023</span>\n      <span class=\"bibbase_group_count\">\n        \n        (1)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"duta-freyer-pagani-muench-giuffrida-letmeunwindthatforyouexceptionstobackwardedgeprotection-2023\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://download.vusec.net/papers/chop_ndss23.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'duta-freyer-pagani-muench-giuffrida-letmeunwindthatforyouexceptionstobackwardedgeprotection-2023', 'https://download.vusec.net/papers/chop_ndss23.pdf', event);\">\n    Let Me Unwind That For You: Exceptions to Backward-Edge Protection.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Duta, V.; Freyer, F.; Pagani, F.; Muench, M.;  and Giuffrida, C.\n</span>\n\n  \n\n</span>\n\n  In <i>NDSS</i>, February 2023. \n  <span class=\"note\">Intel Bounty Reward</span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://download.vusec.net/papers/chop_ndss23.pdf\"\n     onclick=\"log_download('duta-freyer-pagani-muench-giuffrida-letmeunwindthatforyouexceptionstobackwardedgeprotection-2023', 'https://download.vusec.net/papers/chop_ndss23.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Let Me Unwind That For You: Exceptions to Backward-Edge Protection [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n  <a href=\"https://github.com/chop-project/chop\"\n     onclick=\"log_download('duta-freyer-pagani-muench-giuffrida-letmeunwindthatforyouexceptionstobackwardedgeprotection-2023', 'https://github.com/chop-project/chop', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"Let Me Unwind That For You: Exceptions to Backward-Edge Protection [link]\"\n       title=\"Code\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Code</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/duta-freyer-pagani-muench-giuffrida-letmeunwindthatforyouexceptionstobackwardedgeprotection-2023\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>100 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('duta-freyer-pagani-muench-giuffrida-letmeunwindthatforyouexceptionstobackwardedgeprotection-2023')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{duta_let_2023,\n\ttitle = {Let {Me} {Unwind} {That} {For} {You}: {Exceptions} to {Backward}-{Edge} {Protection}},\n\turl = {Paper=https://download.vusec.net/papers/chop_ndss23.pdf Code=https://github.com/chop-project/chop},\n\tbooktitle = {{NDSS}},\n\tauthor = {Duta, Victor and Freyer, Fabian and Pagani, Fabio and Muench, Marius and Giuffrida, Cristiano},\n\tmonth = feb,\n\tyear = {2023},\n\tnote = {Intel Bounty Reward},\n\tkeywords = {class\\_binary, proj\\_intersect, proj\\_memo, proj\\_offcore, proj\\_theseus, proj\\_tropics, type\\_award, type\\_bounty, type\\_conf, type\\_paper, type\\_tier1, type\\_top},\n}\n\n</pre>\n</div>\n\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2022\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2022')\"\n      onkeypress=\"toggleGroup('group_2022')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2022</span>\n      <span class=\"bibbase_group_count\">\n        \n        (3)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"granthernandez-mariusmuench-dominikmaier-alyssamilburn-shinjopark-tobiasscharnowski-tylertucker-patricktraynor-etal-firmwiretransparentdynamicanalysisforcellularbasebandfirmware-2022\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'granthernandez-mariusmuench-dominikmaier-alyssamilburn-shinjopark-tobiasscharnowski-tylertucker-patricktraynor-etal-firmwiretransparentdynamicanalysisforcellularbasebandfirmware-2022', 'https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf', event);\">\n    FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Grant Hernandez; Marius Muench; Dominik Maier; Alyssa Milburn; Shinjo Park; Tobias Scharnowski; Tyler Tucker; Patrick Traynor;  and Kevin R. B. Butler\n</span>\n\n  \n\n</span>\n\n  In <i>NDSS</i>, February 2022. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf\"\n     onclick=\"log_download('granthernandez-mariusmuench-dominikmaier-alyssamilburn-shinjopark-tobiasscharnowski-tylertucker-patricktraynor-etal-firmwiretransparentdynamicanalysisforcellularbasebandfirmware-2022', 'https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n  <a href=\"https://github.com/FirmWire/FirmWire\"\n     onclick=\"log_download('granthernandez-mariusmuench-dominikmaier-alyssamilburn-shinjopark-tobiasscharnowski-tylertucker-patricktraynor-etal-firmwiretransparentdynamicanalysisforcellularbasebandfirmware-2022', 'https://github.com/FirmWire/FirmWire', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware [link]\"\n       title=\"Code\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Code</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/granthernandez-mariusmuench-dominikmaier-alyssamilburn-shinjopark-tobiasscharnowski-tylertucker-patricktraynor-etal-firmwiretransparentdynamicanalysisforcellularbasebandfirmware-2022\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>31 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('granthernandez-mariusmuench-dominikmaier-alyssamilburn-shinjopark-tobiasscharnowski-tylertucker-patricktraynor-etal-firmwiretransparentdynamicanalysisforcellularbasebandfirmware-2022')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{grant_hernandez_firmwire_2022,\n\ttitle = {{FirmWire}: {Transparent} {Dynamic} {Analysis} for {Cellular} {Baseband} {Firmware}},\n\turl = {Paper=https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf Code=https://github.com/FirmWire/FirmWire},\n\tbooktitle = {{NDSS}},\n\tauthor = {{Grant Hernandez} and {Marius Muench} and {Dominik Maier} and {Alyssa Milburn} and {Shinjo Park} and {Tobias Scharnowski} and {Tyler Tucker} and {Patrick Traynor} and {Kevin R. B. Butler}},\n\tmonth = feb,\n\tyear = {2022},\n\tkeywords = {class\\_binary, proj\\_intersect, proj\\_tropics, type\\_conf, type\\_paper, type\\_tier1, type\\_top},\n}\n\n</pre>\n</div>\n\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"barberis-frigo-muench-bos-giuffrida-branchhistoryinjectionontheeffectivenessofhardwaremitigationsagainstcrossprivilegespectrev2attacks-2022\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'barberis-frigo-muench-bos-giuffrida-branchhistoryinjectionontheeffectivenessofhardwaremitigationsagainstcrossprivilegespectrev2attacks-2022', 'http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf', event);\">\n    Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Barberis, E.; Frigo, P.; Muench, M.; Bos, H.;  and Giuffrida, C.\n</span>\n\n  \n\n</span>\n\n  In <i>USENIX Security</i>, August 2022. \n  <span class=\"note\">Intel Bounty Reward</span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf\"\n     onclick=\"log_download('barberis-frigo-muench-bos-giuffrida-branchhistoryinjectionontheeffectivenessofhardwaremitigationsagainstcrossprivilegespectrev2attacks-2022', 'http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n  <a href=\"https://www.vusec.net/projects/bhi-spectre-bhb\"\n     onclick=\"log_download('barberis-frigo-muench-bos-giuffrida-branchhistoryinjectionontheeffectivenessofhardwaremitigationsagainstcrossprivilegespectrev2attacks-2022', 'https://www.vusec.net/projects/bhi-spectre-bhb', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks [link]\"\n       title=\"Web\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Web</span></a>\n  &nbsp;\n  \n  <a href=\"https://github.com/vusec/bhi-spectre-bhb\"\n     onclick=\"log_download('barberis-frigo-muench-bos-giuffrida-branchhistoryinjectionontheeffectivenessofhardwaremitigationsagainstcrossprivilegespectrev2attacks-2022', 'https://github.com/vusec/bhi-spectre-bhb', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks [link]\"\n       title=\"Code\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Code</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/barberis-frigo-muench-bos-giuffrida-branchhistoryinjectionontheeffectivenessofhardwaremitigationsagainstcrossprivilegespectrev2attacks-2022\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>573 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('barberis-frigo-muench-bos-giuffrida-branchhistoryinjectionontheeffectivenessofhardwaremitigationsagainstcrossprivilegespectrev2attacks-2022')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{barberis_branch_2022,\n\ttitle = {Branch {History} {Injection}: {On} the {Effectiveness} of {Hardware} {Mitigations} {Against} {Cross}-{Privilege} {Spectre}-v2 {Attacks}},\n\turl = {Paper=http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf Web=https://www.vusec.net/projects/bhi-spectre-bhb Code=https://github.com/vusec/bhi-spectre-bhb},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {Barberis, Enrico and Frigo, Pietro and Muench, Marius and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = aug,\n\tyear = {2022},\n\tnote = {Intel Bounty Reward},\n\tkeywords = {class\\_sidechannels, proj\\_intersect, proj\\_offcore, proj\\_theseus, proj\\_tropics, proj\\_unicore, type\\_award, type\\_conf, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n</pre>\n</div>\n\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"tobiasscharnowski-nilsbars-moritzschloegel-ericgustafson-mariusmuench-giovannivigna-christopherkruegel-thorstenholz-etal-fuzzwareusingprecisemmiomodelingforeffectivefirmwarefuzzing-2022\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://www.usenix.org/system/files/sec22summer_scharnowski.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'tobiasscharnowski-nilsbars-moritzschloegel-ericgustafson-mariusmuench-giovannivigna-christopherkruegel-thorstenholz-etal-fuzzwareusingprecisemmiomodelingforeffectivefirmwarefuzzing-2022', 'https://www.usenix.org/system/files/sec22summer_scharnowski.pdf', event);\">\n    Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Tobias Scharnowski; Nils Bars; Moritz Schloegel; Eric Gustafson; Marius Muench; Giovanni Vigna; Christopher Kruegel; Thorsten Holz;  and Ali Abbasi\n</span>\n\n  \n\n</span>\n\n  In <i>USENIX Security</i>, August 2022. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://www.usenix.org/system/files/sec22summer_scharnowski.pdf\"\n     onclick=\"log_download('tobiasscharnowski-nilsbars-moritzschloegel-ericgustafson-mariusmuench-giovannivigna-christopherkruegel-thorstenholz-etal-fuzzwareusingprecisemmiomodelingforeffectivefirmwarefuzzing-2022', 'https://www.usenix.org/system/files/sec22summer_scharnowski.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/tobiasscharnowski-nilsbars-moritzschloegel-ericgustafson-mariusmuench-giovannivigna-christopherkruegel-thorstenholz-etal-fuzzwareusingprecisemmiomodelingforeffectivefirmwarefuzzing-2022\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>67 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('tobiasscharnowski-nilsbars-moritzschloegel-ericgustafson-mariusmuench-giovannivigna-christopherkruegel-thorstenholz-etal-fuzzwareusingprecisemmiomodelingforeffectivefirmwarefuzzing-2022')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{tobias_scharnowski_fuzzware_2022,\n\ttitle = {Fuzzware: {Using} {Precise} {MMIO} {Modeling} for {Effective} {Firmware} {Fuzzing}},\n\turl = {https://www.usenix.org/system/files/sec22summer_scharnowski.pdf},\n\tabstract = {As embedded devices are becoming more pervasive in our everyday lives, they turn into an attractive target for adversaries. Despite their high value and large attack surface, applying automated testing techniques such as fuzzing is not straightforward for such devices. As fuzz testing firmware on constrained embedded devices is inefficient, state-of-the-art approaches instead opt to run the firmware in an emulator (through a process called re-hosting). However, existing approaches either use coarse-grained static models of hardware behavior or require manual effort to re-host the firmware.\n\nWe propose a novel combination of lightweight program analysis, re-hosting, and fuzz testing to tackle these challenges. We present the design and implementation of Fuzzware, a software-only system to fuzz test unmodified monolithic firmware in a scalable way. By determining how hardware-generated values are actually used by the firmware logic, Fuzzware can automatically generate models that help focusing the fuzzing process on mutating the inputs that matter, which drastically improves its effectiveness.\n\nWe evaluate our approach on synthetic and real-world targets comprising a total of 19 hardware platforms and 77 firmware images. Compared to state-of-the-art work, Fuzzware achieves up to 3.25 times the code coverage and our modeling approach reduces the size of the input space by up to 95.5\\%. The synthetic samples contain 66 unit tests for various hardware interactions, and we find that our approach is the first generic re-hosting solution to automatically pass all of them. Fuzzware discovered 15 completely new bugs including bugs in targets which were previously analyzed by other works; a total of 12 CVEs were assigned.},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {{Tobias Scharnowski} and {Nils Bars} and {Moritz Schloegel} and {Eric Gustafson} and {Marius Muench} and {Giovanni Vigna} and {Christopher Kruegel} and {Thorsten Holz} and {Ali Abbasi}},\n\tmonth = aug,\n\tyear = {2022},\n\tkeywords = {class\\_binary, proj\\_intersect, proj\\_tropics, type\\_conf, type\\_paper, type\\_tier1, type\\_top},\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  As embedded devices are becoming more pervasive in our everyday lives, they turn into an attractive target for adversaries. Despite their high value and large attack surface, applying automated testing techniques such as fuzzing is not straightforward for such devices. As fuzz testing firmware on constrained embedded devices is inefficient, state-of-the-art approaches instead opt to run the firmware in an emulator (through a process called re-hosting). However, existing approaches either use coarse-grained static models of hardware behavior or require manual effort to re-host the firmware. We propose a novel combination of lightweight program analysis, re-hosting, and fuzz testing to tackle these challenges. We present the design and implementation of Fuzzware, a software-only system to fuzz test unmodified monolithic firmware in a scalable way. By determining how hardware-generated values are actually used by the firmware logic, Fuzzware can automatically generate models that help focusing the fuzzing process on mutating the inputs that matter, which drastically improves its effectiveness. We evaluate our approach on synthetic and real-world targets comprising a total of 19 hardware platforms and 77 firmware images. Compared to state-of-the-art work, Fuzzware achieves up to 3.25 times the code coverage and our modeling approach reduces the size of the input space by up to 95.5%. The synthetic samples contain 66 unit tests for various hardware interactions, and we find that our approach is the first generic re-hosting solution to automatically pass all of them. Fuzzware discovered 15 completely new bugs including bugs in targets which were previously analyzed by other works; a total of 12 CVEs were assigned.\n</div>\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2021\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2021')\"\n      onkeypress=\"toggleGroup('group_2021')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2021</span>\n      <span class=\"bibbase_group_count\">\n        \n        (2)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"corteggiani-camurati-muench-poeplau-francillon-socsecurityevaluationreflectionsonmethodologyandtooling-2021\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://www.eurecom.fr/publication/6307/download/sec-publi-6307.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'corteggiani-camurati-muench-poeplau-francillon-socsecurityevaluationreflectionsonmethodologyandtooling-2021', 'https://www.eurecom.fr/publication/6307/download/sec-publi-6307.pdf', event);\">\n    SoC Security Evaluation: Reflections on Methodology and Tooling.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Corteggiani, N.; Camurati, G.; <a class=\"bibbase author link\" href=\"https://www.vusec.net/\">Muench, M.</a>; Poeplau, S.;  and Francillon, A.\n</span>\n\n  \n\n</span>\n\n  <i>IEEE Design & Test</i>, 38(1): 7–13. February 2021.\n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://www.eurecom.fr/publication/6307/download/sec-publi-6307.pdf\"\n     onclick=\"log_download('corteggiani-camurati-muench-poeplau-francillon-socsecurityevaluationreflectionsonmethodologyandtooling-2021', 'https://www.eurecom.fr/publication/6307/download/sec-publi-6307.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"SoC Security Evaluation: Reflections on Methodology and Tooling [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1109/MDAT.2020.3013827\"\n     onclick=\"log_download('corteggiani-camurati-muench-poeplau-francillon-socsecurityevaluationreflectionsonmethodologyandtooling-2021', 'http://doi.org/10.1109/MDAT.2020.3013827', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/corteggiani-camurati-muench-poeplau-francillon-socsecurityevaluationreflectionsonmethodologyandtooling-2021\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>14 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('corteggiani-camurati-muench-poeplau-francillon-socsecurityevaluationreflectionsonmethodologyandtooling-2021')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@article{corteggiani_soc_2021,\n\ttitle = {{SoC} {Security} {Evaluation}: {Reflections} on {Methodology} and {Tooling}},\n\tvolume = {38},\n\tissn = {2168-2356, 2168-2364},\n\tshorttitle = {{SoC} {Security} {Evaluation}},\n\turl = {https://www.eurecom.fr/publication/6307/download/sec-publi-6307.pdf},\n\tdoi = {10.1109/MDAT.2020.3013827},\n\tnumber = {1},\n\turldate = {2021-08-19},\n\tjournal = {IEEE Design \\&amp; Test},\n\tauthor = {Corteggiani, Nassim and Camurati, Giovanni and Muench, Marius and Poeplau, Sebastian and Francillon, Aurelien},\n\tmonth = feb,\n\tyear = {2021},\n\tkeywords = {class\\_binary, type\\_journal, type\\_paper},\n\tpages = {7--13},\n}\n\n</pre>\n</div>\n\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"fasano-ballo-muench-leek-bulekov-dolangavitt-egele-francillon-etal-sokenablingsecurityanalysesofembeddedsystemsviarehosting-2021\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://dl.acm.org/doi/pdf/10.1145/3433210.3453093\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'fasano-ballo-muench-leek-bulekov-dolangavitt-egele-francillon-etal-sokenablingsecurityanalysesofembeddedsystemsviarehosting-2021', 'https://dl.acm.org/doi/pdf/10.1145/3433210.3453093', event);\">\n    SoK: Enabling Security Analyses of Embedded Systems via Rehosting.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Fasano, A.; Ballo, T.; Muench, M.; Leek, T.; Bulekov, A.; Dolan-Gavitt, B.; Egele, M.; Francillon, A.; Lu, L.; Gregory, N.; Balzarotti, D.;  and Robertson, W.\n</span>\n\n  \n\n</span>\n\n  In <i>ASIACCS</i>, May 2021. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://dl.acm.org/doi/pdf/10.1145/3433210.3453093\"\n     onclick=\"log_download('fasano-ballo-muench-leek-bulekov-dolangavitt-egele-francillon-etal-sokenablingsecurityanalysesofembeddedsystemsviarehosting-2021', 'https://dl.acm.org/doi/pdf/10.1145/3433210.3453093', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/link.svg\"\n\t     alt=\"SoK: Enabling Security Analyses of Embedded Systems via Rehosting [link]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"http://doi.org/10.1145/3433210.3453093\"\n     onclick=\"log_download('fasano-ballo-muench-leek-bulekov-dolangavitt-egele-francillon-etal-sokenablingsecurityanalysesofembeddedsystemsviarehosting-2021', 'http://doi.org/10.1145/3433210.3453093', event.ctrlKey)\"\n     class=\"bibbase doi link\">\n    <span>doi</span></a>\n  &nbsp;\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/fasano-ballo-muench-leek-bulekov-dolangavitt-egele-francillon-etal-sokenablingsecurityanalysesofembeddedsystemsviarehosting-2021\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n  &nbsp;\n  <a class=\"bibbase_abstract_link bibbase link\"\n     href=\"#\"\n     onclick=\"showAbstract(event); return false;\">\n    abstract <i class=\"fa fa-caret-down\"></i></a>\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>21 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('fasano-ballo-muench-leek-bulekov-dolangavitt-egele-francillon-etal-sokenablingsecurityanalysesofembeddedsystemsviarehosting-2021')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{fasano_sok_2021,\n\ttitle = {{SoK}: {Enabling} {Security} {Analyses} of {Embedded} {Systems} via {Rehosting}},\n\turl = {https://dl.acm.org/doi/pdf/10.1145/3433210.3453093},\n\tdoi = {10.1145/3433210.3453093},\n\tabstract = {Closely monitoring the behavior of a software system during its execution enables developers and analysts to observe, and ultimately understand, how it works. This kind of dynamic analysis can be instrumental to reverse engineering, vulnerability discovery, exploit development, and debugging. While these analyses are typically well-supported for homogeneous desktop platforms (e.g., x86 desktop PCs), they can rarely be applied in the heterogeneous world of embedded systems. One approach to enable dynamic analyses of embedded systems is to move software stacks from physical systems into virtual environments that sufficiently model hardware behavior. This process which we call &quot;rehosting&quot; poses a significant research challenge with major implications for security analyses. Although rehosting has traditionally been an unscientific and ad-hoc endeavor undertaken by domain experts with varying time and resources at their disposal, researchers are beginning to address rehosting challenges systematically and in earnest. In this paper, we establish that emulation is insufficient to conduct large-scale dynamic analysis of real-world hardware systems and present rehosting as a firmware-centric alternative. Furthermore, we taxonomize preliminary rehosting efforts, identify the fundamental components of the rehosting process, and propose directions for future research.},\n\tbooktitle = {{ASIACCS}},\n\tauthor = {Fasano, Andrew and Ballo, Tiemoko and Muench, Marius and Leek, Tim and Bulekov, Alexander and Dolan-Gavitt, Brendan and Egele, Manuel and Francillon, Aurélien and Lu, Long and Gregory, Nick and Balzarotti, Davide and Robertson, William},\n\tmonth = may,\n\tyear = {2021},\n\tkeywords = {class\\_binary, dynamic program analysis, embedded systems, emulation, firmware security, internet of things, proj\\_intersect, proj\\_tropics, rehosting, type\\_conf, type\\_paper, type\\_top, virtualization},\n}\n\n</pre>\n</div>\n\n\n<div class=\"well well-small bibbase\" data-type=\"abstract\"\n     style=\"display:none\">\n  Closely monitoring the behavior of a software system during its execution enables developers and analysts to observe, and ultimately understand, how it works. This kind of dynamic analysis can be instrumental to reverse engineering, vulnerability discovery, exploit development, and debugging. While these analyses are typically well-supported for homogeneous desktop platforms (e.g., x86 desktop PCs), they can rarely be applied in the heterogeneous world of embedded systems. One approach to enable dynamic analyses of embedded systems is to move software stacks from physical systems into virtual environments that sufficiently model hardware behavior. This process which we call \"rehosting\" poses a significant research challenge with major implications for security analyses. Although rehosting has traditionally been an unscientific and ad-hoc endeavor undertaken by domain experts with varying time and resources at their disposal, researchers are beginning to address rehosting challenges systematically and in earnest. In this paper, we establish that emulation is insufficient to conduct large-scale dynamic analysis of real-world hardware systems and present rehosting as a firmware-centric alternative. Furthermore, we taxonomize preliminary rehosting efforts, identify the fundamental components of the rehosting process, and propose directions for future research.\n</div>\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2019\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2019')\"\n      onkeypress=\"toggleGroup('group_2019')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2019</span>\n      <span class=\"bibbase_group_count\">\n        \n        (1)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"gustafson-muench-spensky-redini-machiry-fratantonio-balzarotti-francillon-etal-towardtheanalysisofembeddedfirmwarethroughautomatedrehosting-2019\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"https://www.usenix.org/system/files/raid2019-gustafson.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'gustafson-muench-spensky-redini-machiry-fratantonio-balzarotti-francillon-etal-towardtheanalysisofembeddedfirmwarethroughautomatedrehosting-2019', 'https://www.usenix.org/system/files/raid2019-gustafson.pdf', event);\">\n    Toward the Analysis of Embedded Firmware through Automated Re-hosting.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Gustafson, E.; <a class=\"bibbase author link\" href=\"https://www.vusec.net/\">Muench, M.</a>; Spensky, C.; Redini, N.; Machiry, A.; Fratantonio, Y.; Balzarotti, D.; Francillon, A.; Choe, Y. R.; Kruegel, C.;  and Vigna, G.\n</span>\n\n  \n\n</span>\n\n  In <i>RAID</i>, September 2019. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"https://www.usenix.org/system/files/raid2019-gustafson.pdf\"\n     onclick=\"log_download('gustafson-muench-spensky-redini-machiry-fratantonio-balzarotti-francillon-etal-towardtheanalysisofembeddedfirmwarethroughautomatedrehosting-2019', 'https://www.usenix.org/system/files/raid2019-gustafson.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Toward the Analysis of Embedded Firmware through Automated Re-hosting [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/gustafson-muench-spensky-redini-machiry-fratantonio-balzarotti-francillon-etal-towardtheanalysisofembeddedfirmwarethroughautomatedrehosting-2019\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('gustafson-muench-spensky-redini-machiry-fratantonio-balzarotti-francillon-etal-towardtheanalysisofembeddedfirmwarethroughautomatedrehosting-2019')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{gustafson_toward_2019,\n\ttitle = {Toward the {Analysis} of {Embedded} {Firmware} through {Automated} {Re}-hosting},\n\turl = {https://www.usenix.org/system/files/raid2019-gustafson.pdf},\n\tbooktitle = {{RAID}},\n\tauthor = {Gustafson, Eric and Muench, Marius and Spensky, Chad and Redini, Nilo and Machiry, Aravind and Fratantonio, Yanick and Balzarotti, Davide and Francillon, Aurelien and Choe, Yung Ryn and Kruegel, Christopher and Vigna, Giovanni},\n\tmonth = sep,\n\tyear = {2019},\n}\n\n</pre>\n</div>\n\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2018\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2018')\"\n      onkeypress=\"toggleGroup('group_2018')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2018</span>\n      <span class=\"bibbase_group_count\">\n        \n        (3)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"muench-stijohann-kargl-francillon-balzarotti-whatyoucorruptisnotwhatyoucrashchallengesinfuzzingembeddeddevices-2018\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"http://s3.eurecom.fr/docs/ndss18_muench.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'muench-stijohann-kargl-francillon-balzarotti-whatyoucorruptisnotwhatyoucrashchallengesinfuzzingembeddeddevices-2018', 'http://s3.eurecom.fr/docs/ndss18_muench.pdf', event);\">\n    What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://www.vusec.net/\">Muench, M.</a>; Stijohann, J.; Kargl, F.; Francillon, A.;  and Balzarotti, D.\n</span>\n\n  \n\n</span>\n\n  In <i>NDSS</i>, February 2018. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"http://s3.eurecom.fr/docs/ndss18_muench.pdf\"\n     onclick=\"log_download('muench-stijohann-kargl-francillon-balzarotti-whatyoucorruptisnotwhatyoucrashchallengesinfuzzingembeddeddevices-2018', 'http://s3.eurecom.fr/docs/ndss18_muench.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/muench-stijohann-kargl-francillon-balzarotti-whatyoucorruptisnotwhatyoucrashchallengesinfuzzingembeddeddevices-2018\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>4 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('muench-stijohann-kargl-francillon-balzarotti-whatyoucorruptisnotwhatyoucrashchallengesinfuzzingembeddeddevices-2018')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{muench_what_2018,\n\ttitle = {What {You} {Corrupt} {Is} {Not} {What} {You} {Crash}: {Challenges} in {Fuzzing} {Embedded} {Devices}},\n\tcopyright = {All rights reserved},\n\turl = {http://s3.eurecom.fr/docs/ndss18_muench.pdf},\n\tbooktitle = {{NDSS}},\n\tauthor = {Muench, Marius and Stijohann, Jan and Kargl, Frank and Francillon, Aurelien and Balzarotti, Davide},\n\tmonth = feb,\n\tyear = {2018},\n}\n\n</pre>\n</div>\n\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"camurati-poeplau-muench-hayes-francillon-screamingchannelswhenelectromagneticsidechannelsmeetradiotransceivers-2018\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"http://s3.eurecom.fr/docs/ccs18_camurati.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'camurati-poeplau-muench-hayes-francillon-screamingchannelswhenelectromagneticsidechannelsmeetradiotransceivers-2018', 'http://s3.eurecom.fr/docs/ccs18_camurati.pdf', event);\">\n    Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  Camurati, G.; Poeplau, S.; <a class=\"bibbase author link\" href=\"https://www.vusec.net/\">Muench, M.</a>; Hayes, T.;  and Francillon, A.\n</span>\n\n  \n\n</span>\n\n  In <i>CCS</i>, October 2018. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"http://s3.eurecom.fr/docs/ccs18_camurati.pdf\"\n     onclick=\"log_download('camurati-poeplau-muench-hayes-francillon-screamingchannelswhenelectromagneticsidechannelsmeetradiotransceivers-2018', 'http://s3.eurecom.fr/docs/ccs18_camurati.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/camurati-poeplau-muench-hayes-francillon-screamingchannelswhenelectromagneticsidechannelsmeetradiotransceivers-2018\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>3 downloads</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('camurati-poeplau-muench-hayes-francillon-screamingchannelswhenelectromagneticsidechannelsmeetradiotransceivers-2018')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{camurati_screaming_2018,\n\ttitle = {Screaming {Channels}: {When} {Electromagnetic} {Side} {Channels} {Meet} {Radio} {Transceivers}},\n\turl = {http://s3.eurecom.fr/docs/ccs18_camurati.pdf},\n\tbooktitle = {{CCS}},\n\tauthor = {Camurati, Giovanni and Poeplau, Sebastian and Muench, Marius and Hayes, Tom and Francillon, Aurelien},\n\tmonth = oct,\n\tyear = {2018},\n}\n\n</pre>\n</div>\n\n\n\n</div>\n\n\n  <div class=\"bibbase_paper\" id=\"muench-nisi-francillon-balzarotti-avataramultitargetorchestrationplatform-2018\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"http://s3.eurecom.fr/docs/bar18_muench.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'muench-nisi-francillon-balzarotti-avataramultitargetorchestrationplatform-2018', 'http://s3.eurecom.fr/docs/bar18_muench.pdf', event);\">\n    Avatar²: A Multi-target Orchestration Platform.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://www.vusec.net/\">Muench, M.</a>; Nisi, D.; Francillon, A.;  and Balzarotti, D.\n</span>\n\n  \n\n</span>\n\n  In <i>Workshop on Binary Analysis Research (BAR)</i>, February 2018. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"http://s3.eurecom.fr/docs/bar18_muench.pdf\"\n     onclick=\"log_download('muench-nisi-francillon-balzarotti-avataramultitargetorchestrationplatform-2018', 'http://s3.eurecom.fr/docs/bar18_muench.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Avatar²: A Multi-target Orchestration Platform [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/muench-nisi-francillon-balzarotti-avataramultitargetorchestrationplatform-2018\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>1 download</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('muench-nisi-francillon-balzarotti-avataramultitargetorchestrationplatform-2018')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{muench_avatar_2018,\n\ttitle = {Avatar²: {A} {Multi}-target {Orchestration} {Platform}},\n\turl = {http://s3.eurecom.fr/docs/bar18_muench.pdf},\n\tbooktitle = {Workshop on {Binary} {Analysis} {Research} ({BAR})},\n\tauthor = {Muench, Marius and Nisi, Dario and Francillon, Aurelien and Balzarotti, Davide},\n\tmonth = feb,\n\tyear = {2018},\n}\n</pre>\n</div>\n\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n  <div class=\"bibbase_group_whole\" id=\"group_2016\">\n    <div class=\"bibbase_group\"\n      onclick=\"toggleGroup('group_2016')\"\n      onkeypress=\"toggleGroup('group_2016')\"\n      tabindex=\"0\">\n      <i class=\"fa fa-angle-down bibbase_group_head_icon\"></i>&nbsp;\n      <span>2016</span>\n      <span class=\"bibbase_group_count\">\n        \n        (1)\n        \n      </span>\n    </div>\n    <div class=\"bibbase_group_body\">\n      \n  \n  <div class=\"bibbase_paper\" id=\"muench-pagani-shoshitaishvili-kruegel-vigna-balzarotti-tamingtransactionstowardshardwareassistedcontrolflowintegrityusingtransactionalmemory-2016\">\n  <span class=\"bibbase_paper_titleauthoryear\">\n\n  \n  <span class=\"bibbase_paper_title\">\n  \n  \n  \n  <a href=\"http://s3.eurecom.fr/docs/raid16_muench.pdf\"\n     onclick=\"return trackOutboundLink('publications', 'click', 'muench-pagani-shoshitaishvili-kruegel-vigna-balzarotti-tamingtransactionstowardshardwareassistedcontrolflowintegrityusingtransactionalmemory-2016', 'http://s3.eurecom.fr/docs/raid16_muench.pdf', event);\">\n    Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory.\n  </a>\n  \n  \n  \n</span>\n\n  <span class=\"bibbase_paper_author\">\n  <a class=\"bibbase author link\" href=\"https://www.vusec.net/\">Muench, M.</a>; Pagani, F.; Shoshitaishvili, Y.; Kruegel, C.; Vigna, G.;  and Balzarotti, D.\n</span>\n\n  \n\n</span>\n\n  In <i>RAID</i>, September 2016. \n  <span class=\"note\"></span>\n\n<span class=\"bibbase_note\"></span>\n\n<br class=\"bibbase_paper_content\"/>\n\n<span class=\"bibbase_paper_content dontprint\">\n\n  \n  <a href=\"http://s3.eurecom.fr/docs/raid16_muench.pdf\"\n     onclick=\"log_download('muench-pagani-shoshitaishvili-kruegel-vigna-balzarotti-tamingtransactionstowardshardwareassistedcontrolflowintegrityusingtransactionalmemory-2016', 'http://s3.eurecom.fr/docs/raid16_muench.pdf', event.ctrlKey, event)\">\n    <img src=\"//bibbase.org/img/filetypes/pdf.svg\"\n\t     alt=\"Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory [pdf]\"\n       title=\"Paper\"\n\t     class=\"bibbase_icon\"\n         ><span class=\"bibbase_icon_text\">Paper</span></a>\n  &nbsp;\n  \n\n  \n\n  \n  <a href=\"//bibbase.org/network/publication/muench-pagani-shoshitaishvili-kruegel-vigna-balzarotti-tamingtransactionstowardshardwareassistedcontrolflowintegrityusingtransactionalmemory-2016\"\n     class=\"bibbase bibbase_page link\">link</a>\n  &nbsp;\n  \n\n  <a href=\"#\"\n     onclick=\"showBib(event); return false;\"\n     class=\"bibbase bibtex link\">bibtex\n    <i class=\"fa fa-caret-down\"></i></a>\n\n  \n\n  \n  &nbsp;\n  <span class=\"bibbase_stats_paper\" style=\"color: #777;\">\n    <span>1 download</span>\n  </span>\n  \n\n  <!-- <a class=\"bibbase read link hidden\" -->\n  <!--    href=\"javascript:toggleRead('muench-pagani-shoshitaishvili-kruegel-vigna-balzarotti-tamingtransactionstowardshardwareassistedcontrolflowintegrityusingtransactionalmemory-2016')\" -->\n  <!--    title=\"Marking this paper as read adds it to your library on BibBase.\" -->\n  <!--    > -->\n  <!--   <i class=\"fa fa-check\"></i>&nbsp; -->\n  <!--   <span>mark as read</span> -->\n  <!-- </a> -->\n\n  &nbsp;\n  \n  \n\n</span>\n\n<div class=\"well well-small bibbase\" data-type=\"bibtex\"\n     style=\"display:none\">\n  <pre style=\"white-space: pre-wrap;\">@inproceedings{muench_taming_2016,\n\ttitle = {Taming {Transactions}: {Towards} {Hardware}-{Assisted} {Control} {Flow} {Integrity} {Using} {Transactional} {Memory}},\n\turl = {http://s3.eurecom.fr/docs/raid16_muench.pdf},\n\tbooktitle = {{RAID}},\n\tauthor = {Muench, Marius and Pagani, Fabio and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni and Balzarotti, Davide},\n\tmonth = sep,\n\tyear = {2016},\n}\n\n</pre>\n</div>\n\n\n\n</div>\n\n\n\n\n\n    </div>\n  </div>\n\n\n\n\n  </div>\n\n\n  <!-- Modal -->\n\n  <!-- <iframe id=\"bibbase_network_frame\" -->\n  <!--         src=\"//bibbase.org/network/control\" -->\n  <!--         style=\"display: none;\"> -->\n  <!-- </iframe> -->\n\n</div>\n"}; document.write(bibbase_data.data);