This repository collects recent papers related to firmware analysis (e.g., IoT and embedded devices, desktop binaries) published in academic security conferences (NDSS, CCS, USENIX Security, IEEE S&P, etc.). The list of papers is organized in chronological order.

LightBLue: Automatic Profile-Aware Debloating of Bluetooth Stacks (USENIX Security)

Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems(USENIX Security)

PASAn: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications (USENIX Security)

Jetset: Targeted Firmware Rehosting for Embedded Systems (USENIX Security)

Automatic Firmware Emulation through Invalidity-guided Knowledge Inference (USENIX Security)

SoK: Enabling Security Analyses of Embedded Systems via Rehosting (Asia CCS)

HERA: Hotpatching of Embedded Real-time Applications (NDSS )

BASESPEC: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols (NDSS)

From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware (NDSS)

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis (IEEE S&P)

FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis (ACSAC)

FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities from Bare-Metal Firmware (CCS)

Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets (USENIX Security)

HALucinator: Firmware Re-hostingThrough Abstraction Layer Emulation (USENIX Security)

FirmScope: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Android Firmware (USENIX Security)

P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX Security)

KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware (IEEE S&P)

PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary (NDSS)

FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation (USENIX Security)

Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID)

ProXray: Protocol Model Learning and Guided Firmware Analysis (IEEE Transactions on Software Engineering)

IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing (NDSS)

AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares （NDSS 2014）

Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware (NDSS 2017)

Firmusb: Vetting USB device firmware using domain informed symbolic execution (CCS 2017)

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware (NDSS 2017)

FIE on Firmware:Finding Vulnerabilities in Embedded Systems using Symbolic Execution (USENIX Security 2013)

A large-scale analysis of the security of embedded firmwares (USENIX Security 2014)