{"id":"https://openalex.org/W4410949939","doi":"https://doi.org/10.1109/access.2025.3575691","title":"Bare-Metal Firmware Fuzzing: A Survey of Techniques and Approaches","display_name":"Bare-Metal Firmware Fuzzing: A Survey of Techniques and Approaches","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4410949939","doi":"https://doi.org/10.1109/access.2025.3575691"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3575691","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3575691","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3575691","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109812814","display_name":"Asmita Asmita","orcid":"https://orcid.org/0000-0002-5626-1985"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Asmita Asmita","raw_affiliation_strings":["Electrical and Computer Engineering Department, University of California at Davis, Davis, CA, USA"],"raw_orcid":"https://orcid.org/0000-0002-5626-1985","affiliations":[{"raw_affiliation_string":"Electrical and Computer Engineering Department, University of California at Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108230346","display_name":"Ryan Tsang","orcid":"https://orcid.org/0009-0006-8382-0099"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ryan Tsang","raw_affiliation_strings":["Electrical and Computer Engineering Department, University of California at Davis, Davis, CA, USA"],"raw_orcid":"https://orcid.org/0009-0006-8382-0099","affiliations":[{"raw_affiliation_string":"Electrical and Computer Engineering Department, University of California at Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5098749111","display_name":"Sujan Ghimire","orcid":"https://orcid.org/0009-0009-1331-0706"},"institutions":[{"id":"https://openalex.org/I138006243","display_name":"University of Arizona","ror":"https://ror.org/03m2x1q45","country_code":"US","type":"education","lineage":["https://openalex.org/I138006243"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sujan Ghimire","raw_affiliation_strings":["Electrical and Computer Engineering Department, The University of Arizona, Tucson, AZ, USA"],"raw_orcid":"https://orcid.org/0009-0009-1331-0706","affiliations":[{"raw_affiliation_string":"Electrical and Computer Engineering Department, The University of Arizona, Tucson, AZ, USA","institution_ids":["https://openalex.org/I138006243"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016438213","display_name":"Soheil Salehi","orcid":"https://orcid.org/0000-0001-5998-8795"},"institutions":[{"id":"https://openalex.org/I138006243","display_name":"University of Arizona","ror":"https://ror.org/03m2x1q45","country_code":"US","type":"education","lineage":["https://openalex.org/I138006243"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Soheil Salehi","raw_affiliation_strings":["Electrical and Computer Engineering Department, The University of Arizona, Tucson, AZ, USA"],"raw_orcid":"https://orcid.org/0000-0001-5998-8795","affiliations":[{"raw_affiliation_string":"Electrical and Computer Engineering Department, The University of Arizona, Tucson, AZ, USA","institution_ids":["https://openalex.org/I138006243"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047382437","display_name":"Houman Homayoun","orcid":"https://orcid.org/0000-0001-8904-4699"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Houman Homayoun","raw_affiliation_strings":["Electrical and Computer Engineering Department, University of California at Davis, Davis, CA, USA"],"raw_orcid":"https://orcid.org/0000-0001-8904-4699","affiliations":[{"raw_affiliation_string":"Electrical and Computer Engineering Department, University of California at Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5109812814"],"corresponding_institution_ids":["https://openalex.org/I84218800"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":1.2753,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.7878974,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"13","issue":null,"first_page":"98253","last_page":"98277"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9763415455818176},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.8496165871620178},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6492355465888977},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26661697030067444},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.1605575978755951}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9763415455818176},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.8496165871620178},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6492355465888977},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26661697030067444},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.1605575978755951}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3575691","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3575691","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:840e51bf7fd94ad2bbf07c006f1c7e50","is_oa":true,"landing_page_url":"https://doaj.org/article/840e51bf7fd94ad2bbf07c006f1c7e50","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 98253-98277 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3575691","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3575691","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G8387180850","display_name":null,"funder_award_id":"1916741","funder_id":"https://openalex.org/F4320306458","funder_display_name":"Noyce Foundation"}],"funders":[{"id":"https://openalex.org/F4320306458","display_name":"Noyce Foundation","ror":"https://ror.org/00a933p49"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":115,"referenced_works":["https://openalex.org/W1480909796","https://openalex.org/W1546956568","https://openalex.org/W1976878954","https://openalex.org/W2027718224","https://openalex.org/W2113864883","https://openalex.org/W2128985333","https://openalex.org/W2129975948","https://openalex.org/W2141175718","https://openalex.org/W2150990339","https://openalex.org/W2215262239","https://openalex.org/W2514974017","https://openalex.org/W2535617737","https://openalex.org/W2574017551","https://openalex.org/W2576376563","https://openalex.org/W2610511123","https://openalex.org/W2611698539","https://openalex.org/W2613534458","https://openalex.org/W2701225458","https://openalex.org/W2741068848","https://openalex.org/W2757104921","https://openalex.org/W2766540688","https://openalex.org/W2782780792","https://openalex.org/W2791018263","https://openalex.org/W2798388185","https://openalex.org/W2806377938","https://openalex.org/W2884769489","https://openalex.org/W2891235722","https://openalex.org/W2947182139","https://openalex.org/W2947814692","https://openalex.org/W2949986519","https://openalex.org/W2954282565","https://openalex.org/W2964097210","https://openalex.org/W2964241064","https://openalex.org/W2974819274","https://openalex.org/W2979357014","https://openalex.org/W2986938475","https://openalex.org/W3015408935","https://openalex.org/W3024280588","https://openalex.org/W3047947484","https://openalex.org/W3090745156","https://openalex.org/W3092928873","https://openalex.org/W3103619372","https://openalex.org/W3104664063","https://openalex.org/W3113108440","https://openalex.org/W3128203310","https://openalex.org/W3160978791","https://openalex.org/W3164551084","https://openalex.org/W3170245351","https://openalex.org/W3173646574","https://openalex.org/W3183163781","https://openalex.org/W3183842862","https://openalex.org/W3212565000","https://openalex.org/W4210660460","https://openalex.org/W4220806723","https://openalex.org/W4226344376","https://openalex.org/W4230648425","https://openalex.org/W4236605548","https://openalex.org/W4288084466","https://openalex.org/W4288085970","https://openalex.org/W4294151777","https://openalex.org/W4308632293","https://openalex.org/W4308642592","https://openalex.org/W4362656212","https://openalex.org/W4378591002","https://openalex.org/W4380558484","https://openalex.org/W4383221439","https://openalex.org/W4384154462","https://openalex.org/W4384155638","https://openalex.org/W4385245566","https://openalex.org/W4385302156","https://openalex.org/W4385656615","https://openalex.org/W4385696576","https://openalex.org/W4385750097","https://openalex.org/W4386569390","https://openalex.org/W4391623949","https://openalex.org/W4391724785","https://openalex.org/W4392576603","https://openalex.org/W4394769544","https://openalex.org/W4399396305","https://openalex.org/W4399851775","https://openalex.org/W4402264433","https://openalex.org/W4403390916","https://openalex.org/W4409671279","https://openalex.org/W6630124987","https://openalex.org/W6631155369","https://openalex.org/W6637594488","https://openalex.org/W6637688222","https://openalex.org/W6681015208","https://openalex.org/W6696942718","https://openalex.org/W6726837539","https://openalex.org/W6743674107","https://openalex.org/W6753907239","https://openalex.org/W6753913213","https://openalex.org/W6753913816","https://openalex.org/W6754840073","https://openalex.org/W6764065038","https://openalex.org/W6764080030","https://openalex.org/W6766204418","https://openalex.org/W6766830175","https://openalex.org/W6766958283","https://openalex.org/W6768128038","https://openalex.org/W6776032291","https://openalex.org/W6776092528","https://openalex.org/W6779448139","https://openalex.org/W6779763331","https://openalex.org/W6780211247","https://openalex.org/W6781817248","https://openalex.org/W6782130387","https://openalex.org/W6793980422","https://openalex.org/W6794636854","https://openalex.org/W6851662535","https://openalex.org/W6853867249","https://openalex.org/W6921300763","https://openalex.org/W6921398516","https://openalex.org/W7000681503"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W2766647240","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W4391761545","https://openalex.org/W4378373752"],"abstract_inverted_index":{"Firmware":[0],"attacks":[1],"are":[2],"increasingly":[3],"prevalent,":[4],"often":[5,141],"serving":[6],"as":[7,55,158],"low-hanging":[8],"fruit":[9],"for":[10,116,173,203],"attackers":[11],"due":[12],"to":[13,49,57,138,180],"the":[14,75,99,150,195,213],"challenges":[15],"of":[16,22,36,77,85,101,153,197,212,219],"firmware":[17,38,59,79,132,221],"security":[18,34],"analysis.":[19],"The":[20],"complexity":[21],"hardware":[23],"systems,":[24],"platform":[25],"diversity,":[26],"peripheral":[27],"interactions,":[28],"and":[29,69,89,98,135,163,216],"asynchronous":[30],"events":[31],"make":[32],"thorough":[33],"analysis":[35,52,122],"embedded":[37,118,174],"particularly":[39],"difficult.":[40],"Despite":[41],"these":[42,64,182],"challenges,":[43],"significant":[44],"research":[45,62,127],"has":[46,128],"been":[47],"dedicated":[48],"advancing":[50],"dynamic":[51],"techniques,":[53,81,156],"such":[54,157],"fuzzing,":[56,140],"improve":[58],"security.":[60],"Existing":[61],"approaches":[63],"issues":[65],"with":[66,146,184],"varying":[67],"methods":[68],"emphases.":[70],"This":[71,206],"survey":[72,111,207],"paper":[73],"examines":[74],"implementation":[76],"existing":[78,96,126,147],"fuzzing":[80,90,107,117,155,188],"providing":[82],"an":[83],"overview":[84,211],"their":[86],"emulation":[87],"strategies":[88],"methodologies.":[91],"It":[92],"also":[93],"reviews":[94],"several":[95],"fuzzers":[97],"application":[100,196],"large":[102],"language":[103],"models":[104],"(LLMs)":[105],"in":[106,168],"generic":[108,169],"software.":[109],"Our":[110,121],"focuses":[112],"specifically":[113],"on":[114,131,143],"frameworks":[115],"bare-metal/monolithic":[119],"firmware.":[120,175],"highlights":[123],"that":[124],"most":[125],"focused":[129],"primarily":[130],"emulation,":[133],"rehosting,":[134],"back-end":[136],"instrumentation":[137],"facilitate":[139],"relying":[142],"direct":[144],"integration":[145],"fuzzers.":[148],"However,":[149],"broader":[151],"exploration":[152],"various":[154],"input":[159],"generation,":[160],"mutation,":[161],"feedback,":[162],"scheduling":[164],"strategies,":[165],"widely":[166],"used":[167],"software":[170],"remains":[171],"limited":[172],"Recent":[176],"efforts":[177],"have":[178],"started":[179],"address":[181],"aspects,":[183],"emerging":[185],"work":[186],"exploring":[187],"techniques":[189],"beyond":[190],"simple":[191],"fuzzer":[192],"integration.":[193],"Furthermore,":[194],"LLMs":[198],"presents":[199],"a":[200,209],"promising":[201],"direction":[202],"further":[204],"investigation.":[205],"provides":[208],"comprehensive":[210],"past,":[214],"present,":[215],"future":[217],"landscape":[218],"bare-metal":[220],"fuzzing.":[222]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}