[1] M. Muench, D. Nisi, A. Francillon, and D. Balzarotti, “Avatar2: A multi-target orchestration platform,” in Proc. Workshop Binary Anal. Res., vol. 18, pp. 1–11, 2018.
[2] Statista, “Number of IoT connected devices worldwide 2019-2030.” https://www.statista.com/
statistics/1183457/iot-connected-devices-worldwide/, May 2022.
[3] W. H. Hassan et al., “Current research on internet of things (IoT) security: A survey,” Computer
networks, vol. 148, pp. 283–294, 2019.
[4] J. Teel, “Introduction-to-microcontrollers.” https://predictabledesigns.com/
introduction-to-microcontrollers/, Jun 2021.
[5] F. Guan, L. Peng, L. Perneel, and M. Timmerman, “Open source freertos as a case study in real-time
operating system evolution,” Journal of Systems and Software, vol. 118, pp. 19–35, 2016.
[6] M. Eskandari, Z. H. Janjua, M. Vecchio, and F. Antonelli, “Passban IDS: An intelligent anomaly-based
intrusion detection system for IoT edge devices,” IEEE Internet of Things Journal, vol. 7, pp. 6882–
6897, Jan 2020.
[7] B. M. Calatayud and L. Meany, “A comparative analysis of buffer overflow vulnerabilities in highend IoT devices,” in Proc. Computing and Communication Workshop and Conference, pp. 0694–0701,
2022.
[8] G. Mullen and L. Meany, “Assessment of buffer overflow based attacks on an IoT operating system,”
in Proc. Global IoT Summit, pp. 1–6, 2019.
[9] “OWASP top10.” https://owasp.org/www-project-top-ten/.
[10] J. J. Olthuis, R. Jordx00E3;o, F. Robino, and S. Borrami, “Vrfy: Verification of formal requirements
using generic traces,” in Proc. IEEE 21st International Conference on Software Quality, Reliability
and Security Companion, pp. 177–183, 2021.
[11] C. Wright, W. A. Moeglein, S. Bagchi, M. Kulkarni, and A. A. Clements, “Challenges in firmware
re-hosting, emulation, and analysis,” ACM Computing Surveys, vol. 54, no. 1, pp. 1–36, 2021.
[12] C. Cao, L. Guan, J. Ming, and P. Liu, “Device-agnostic firmware execution is possible: A concolic
execution approach for peripheral emulation,” in Proc. Annual Computer Security Applications Conference, pp. 746–759, Dec 2020.
[13] R. Baldoni, E. Coppa, D. C. D’elia, C. Demetrescu, and I. Finocchi, “A survey of symbolic execution
techniques,” ACM Computing Surveys, vol. 51, no. 3, pp. 1–39, 2018.
[14] M. Desnoyers and M. R. Dagenais, “The LTTng tracer: A low impact performance and behavior
monitor for GNU/Linux,” in Proc. Ottawa Linux Symposium, pp. 209–224, 2006.
[15] M. Conti, D. Donadel, and F. Turrin, “A survey on industrial control system testbeds and datasets for
security research,” IEEE Communications Communications Surveys And Tutorials, vol. 23, pp. 2248–
2294, 2021.
[16] M. O. Ojo, S. Giordano, G. Procissi, and I. N. Seitanidis, “A review of low-end, middle-end, and
high-end IoT devices,” IEEE Access, vol. 6, pp. 70528–70554, Nov. 2018.
[17] P. Hambarde, R. Varma, and S. Jha, “The survey of real time operating system: RTOS,” in Proc. International Conference on Electronic Systems, Signal Processing and Computing Technologies, pp. 34–
39, IEEE, 2014.
[18] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, “A survey on iot security: Application areas, security threats, and solution architectures,” IEEE Access, vol. 7, pp. 82721–82743,
2019.
[19] L. Luo, Y. Zhang, C. White, B. Keating, B. Pearson, X. Shao, Z. Ling, H. Yu, C. Zou, and X. Fu, “On
security of trustzone-m-based iot systems,” IEEE Internet of Things Journal, vol. 9, pp. 9683–9699,
Jan. 2022.
[20] “Welcome to the barectf 3.0 documentation!.” https://barectf.org/docs/barectf/3.0/
index.html.
[21] F. Giraldeau, J. Desfossez, D. Goulet, M. Dagenais, and M. Desnoyers, “Recovering system metrics
from kernel trace,” in Proc. Linux Symposium, vol. 109, 2011.
[22] A. A. Clements, E. Gustafson, T. Scharnowski, P. Grosen, D. Fritz, C. Kruegel, G. Vigna, S. Bagchi,
and M. Payer, “HALucinator: Firmware re-hosting through abstraction layer emulation,” in Proc.
USENIX Security Symposium, pp. 1201–1218, Aug. 2020.
[23] N. S. Agency, “Ghidra software reverse engineering framework.” https://github.com/
NationalSecurityAgency/ghidra.
[24] O. Levi, “Pin.” https://www.intel.com/content/www/us/en/developer/articles/tool/
pin-a-dynamic-binary-instrumentation-tool.html.
[25] D. Bruening and S. Amarasinghe, Efficient, transparent, and comprehensive runtime code manipulation. PhD thesis, 2004.
[26] M. Zalewski, “Afl.” https://github.com/google/AFL.
[27] K. T. K. David Weinstein, “frida.” https://github.com/frida.
[28] “Technical whitepaper for afl-fuzz.” https://github.com/mrash/afl-cov.
[29] F. Bellard, “QEMU, a fast and portable dynamic translator,” in Proc. USENIX ATC, pp. 41–46, Apr.
2005.
[30] B. Feng, A. Mera, and L. Lu, “P2IM: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling,” in Proc. USENIX Security 2020, Aug. 2020.
[31] D. D. Chen, M. Woo, D. Brumley, and M. Egele, “Towards automated dynamic analysis for linuxbased embedded firmware.,” in Proc. NDSS, vol. 1, pp. 1–1, 2016.
[32] M. Kim, D. Kim, E. Kim, S. Kim, Y. Jang, and Y. Kim, “FirmAE: Towards large-scale emulation
of IoT firmware for dynamic analysis,” in Proc. Annual Computer Security Applications Conference,
pp. 733–745, 2020.
[33] R. Rohleder, “Hands-on ghidra-a tutorial about the software reverse engineering framework,” in Proc.
Proceedings of the 3rd ACM Workshop on Software Protection, pp. 77–78, 2019.
[34] J. Zaddach, L. Bruno, A. Francillon, D. Balzarotti, et al., “Avatar: A framework to support dynamic
security analysis of embedded systems’ firmwares.,” in Proc. NDSS, vol. 14, pp. 1–16, 2014.