{"id":"https://openalex.org/W4380854362","doi":"https://doi.org/10.1007/s41635-023-00133-3","title":"CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight","display_name":"CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight","publication_year":2023,"publication_date":"2023-06-15","ids":{"openalex":"https://openalex.org/W4380854362","doi":"https://doi.org/10.1007/s41635-023-00133-3"},"language":"en","primary_location":{"id":"doi:10.1007/s41635-023-00133-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s41635-023-00133-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s41635-023-00133-3.pdf","source":{"id":"https://openalex.org/S4210175245","display_name":"Journal of Hardware and Systems Security","issn_l":"2509-3428","issn":["2509-3428","2509-3436"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Hardware and Systems Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s41635-023-00133-3.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076364292","display_name":"Haoqi Shan","orcid":"https://orcid.org/0000-0003-1440-1828"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Haoqi Shan","raw_affiliation_strings":["CertiK, New York, USA","Department of Electrical and Computer Engineering, University of Florida, Gainesville, USA"],"affiliations":[{"raw_affiliation_string":"CertiK, New York, USA","institution_ids":[]},{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Florida, Gainesville, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111076410","display_name":"Moyao Huang","orcid":null},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Moyao Huang","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Florida, Gainesville, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Florida, Gainesville, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100393772","display_name":"Yujia Liu","orcid":"https://orcid.org/0000-0001-8840-9975"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yujia Liu","raw_affiliation_strings":["Li Auto Inc., Beijing, China"],"affiliations":[{"raw_affiliation_string":"Li Auto Inc., Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092179757","display_name":"Sravani Nissankararao","orcid":null},"institutions":[{"id":"https://openalex.org/I161057412","display_name":"University of New Hampshire","ror":"https://ror.org/01rmh9n78","country_code":"US","type":"education","lineage":["https://openalex.org/I161057412"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sravani Nissankararao","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of New Hampshire, Durham, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of New Hampshire, Durham, USA","institution_ids":["https://openalex.org/I161057412"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017464942","display_name":"Yier Jin","orcid":"https://orcid.org/0000-0002-8791-0597"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yier Jin","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Florida, Gainesville, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Florida, Gainesville, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100400144","display_name":"Shuo Wang","orcid":"https://orcid.org/0000-0002-1827-4355"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shuo Wang","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Florida, Gainesville, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Florida, Gainesville, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069563170","display_name":"Dean Sullivan","orcid":"https://orcid.org/0000-0002-7186-4346"},"institutions":[{"id":"https://openalex.org/I161057412","display_name":"University of New Hampshire","ror":"https://ror.org/01rmh9n78","country_code":"US","type":"education","lineage":["https://openalex.org/I161057412"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dean Sullivan","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of New Hampshire, Durham, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of New Hampshire, Durham, USA","institution_ids":["https://openalex.org/I161057412"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5076364292"],"corresponding_institution_ids":["https://openalex.org/I33213144"],"apc_list":{"value":2290,"currency":"EUR","value_usd":2890},"apc_paid":{"value":2290,"currency":"EUR","value_usd":2890},"fwci":1.0548,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.81047739,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"7","issue":"2-3","first_page":"44","last_page":"54"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.956246018409729},{"id":"https://openalex.org/keywords/crowbar","display_name":"Crowbar","score":0.7393799424171448},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7338534593582153},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5332711935043335},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5182914137840271},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.47323641180992126},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4284122884273529},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.39848142862319946},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13191679120063782},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.09414711594581604},{"id":"https://openalex.org/keywords/electrical-engineering","display_name":"Electrical engineering","score":0.0710926353931427}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.956246018409729},{"id":"https://openalex.org/C2780655974","wikidata":"https://www.wikidata.org/wiki/Q478637","display_name":"Crowbar","level":3,"score":0.7393799424171448},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7338534593582153},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5332711935043335},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5182914137840271},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.47323641180992126},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4284122884273529},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.39848142862319946},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13191679120063782},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.09414711594581604},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0710926353931427},{"id":"https://openalex.org/C165801399","wikidata":"https://www.wikidata.org/wiki/Q25428","display_name":"Voltage","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s41635-023-00133-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s41635-023-00133-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s41635-023-00133-3.pdf","source":{"id":"https://openalex.org/S4210175245","display_name":"Journal of Hardware and Systems Security","issn_l":"2509-3428","issn":["2509-3428","2509-3436"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Hardware and Systems Security","raw_type":"journal-article"},{"id":"pmh:oai:osti.gov:1985308","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1985308","pdf_url":null,"source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"doi:10.1007/s41635-023-00133-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s41635-023-00133-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s41635-023-00133-3.pdf","source":{"id":"https://openalex.org/S4210175245","display_name":"Journal of Hardware and Systems Security","issn_l":"2509-3428","issn":["2509-3428","2509-3436"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Hardware and Systems Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1476421224","display_name":null,"funder_award_id":"DE-SC0018430","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"}],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4380854362.pdf"},"referenced_works_count":9,"referenced_works":["https://openalex.org/W2180970301","https://openalex.org/W2806746626","https://openalex.org/W2913096406","https://openalex.org/W2914630606","https://openalex.org/W2934053005","https://openalex.org/W3164551084","https://openalex.org/W4214849872","https://openalex.org/W4289038676","https://openalex.org/W6922163157"],"related_works":["https://openalex.org/W4387497383","https://openalex.org/W3183948672","https://openalex.org/W3173606202","https://openalex.org/W3110381201","https://openalex.org/W2948807893","https://openalex.org/W2935909890","https://openalex.org/W2778153218","https://openalex.org/W2758277628","https://openalex.org/W1531601525","https://openalex.org/W2326197691"],"abstract_inverted_index":{"Abstract":[0],"Trusted":[1],"execution":[2],"environments":[3],"(TEE)":[4],"are":[5,126],"deployed":[6],"on":[7,79,91,106],"many":[8],"platforms":[9],"to":[10,49,73],"provide":[11],"both":[12],"confidentiality":[13],"and":[14,16,33,112],"integrity,":[15],"their":[17],"extensive":[18],"use":[19],"offers":[20],"a":[21,63,99],"secure":[22],"environment":[23],"for":[24],"privacy-sensitive":[25],"operations.":[26],"Despite":[27],"TEE":[28,39,71,100],"prevalence":[29],"in":[30,46,98,120,129],"the":[31,50,130],"smartphone":[32],"tablet":[34],"market,":[35],"vulnerability":[36],"research":[37],"into":[38],"security":[40],"is":[41],"relatively":[42],"rare.":[43],"This":[44],"is,":[45],"part,":[47],"due":[48],"strong":[51],"isolation":[52,72],"guarantees":[53],"provided":[54],"by":[55,82],"its":[56],"implementation.":[57],"In":[58],"this":[59],"paper,":[60],"we":[61],"propose":[62],"hardware":[64],"assisted":[65],"fuzzing":[66,90,132],"framework,":[67],"CROWBAR,":[68],"that":[69,125],"bypasses":[70],"natively":[74],"evaluate":[75],"trusted":[76],"applications":[77],"(TAs)":[78],"mobile":[80],"devices":[81],"leveraging":[83],"ARM":[84],"CoreSight":[85],"components.":[86],"CROWBAR":[87,105],"performs":[88],"feedback-driven":[89],"commercial,":[92],"closed":[93,122],"source":[94,123],"TAs":[95,124],"while":[96],"running":[97],"protected":[101],"environment.":[102],"We":[103],"implement":[104],"2":[107],"prototype":[108],"commercial-off-the-shelf":[109],"(COTS)":[110],"smartphones":[111],"one":[113],"development":[114],"board,":[115],"finding":[116],"3":[117],"unique":[118],"crashes":[119],"5":[121],"previously":[127],"unreported":[128],"TrustZone":[131],"literature.":[133]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}