{"id":"https://openalex.org/W2753873057","doi":"https://doi.org/10.1145/3133956.3134050","title":"FirmUSB","display_name":"FirmUSB","publication_year":2017,"publication_date":"2017-10-27","ids":{"openalex":"https://openalex.org/W2753873057","doi":"https://doi.org/10.1145/3133956.3134050","mag":"2753873057"},"language":"en","primary_location":{"id":"doi:10.1145/3133956.3134050","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3134050","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1708.09114","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5112306377","display_name":"Grant Hernandez","orcid":"https://orcid.org/0000-0002-2093-6223"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Grant Hernandez","raw_affiliation_strings":["University of Florida, Gainesville, FL, USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073132031","display_name":"Farhaan Fowze","orcid":"https://orcid.org/0000-0002-3575-3067"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Farhaan Fowze","raw_affiliation_strings":["University of Florida, Gainesville, FL, USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015662045","display_name":"Dave Tian","orcid":"https://orcid.org/0000-0002-7506-9593"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dave (Jing) Tian","raw_affiliation_strings":["University of Florida, Gainesville, FL, USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056009068","display_name":"Tuba Yavuz","orcid":"https://orcid.org/0000-0002-5542-2142"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tuba Yavuz","raw_affiliation_strings":["University of Florida, Gainesville, FL, USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5039485542","display_name":"Kevin Butler","orcid":"https://orcid.org/0000-0002-7498-4239"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kevin R.B. Butler","raw_affiliation_strings":["University of Florida, Gainesville, FL, USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL, USA","institution_ids":["https://openalex.org/I33213144"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5112306377"],"corresponding_institution_ids":["https://openalex.org/I33213144"],"apc_list":null,"apc_paid":null,"fwci":4.3106,"has_fulltext":false,"cited_by_count":76,"citation_normalized_percentile":{"value":0.95488004,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"2245","last_page":"2262"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.9521101713180542},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8135495185852051},{"id":"https://openalex.org/keywords/usb","display_name":"USB","score":0.7997078895568848},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.7054991722106934},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5669663548469543},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.45611947774887085},{"id":"https://openalex.org/keywords/microcode","display_name":"Microcode","score":0.4410057067871094},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.43628591299057007},{"id":"https://openalex.org/keywords/microcontroller","display_name":"Microcontroller","score":0.43463775515556335},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.40435630083084106},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.3263414800167084},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.21981650590896606},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1387406289577484}],"concepts":[{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.9521101713180542},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8135495185852051},{"id":"https://openalex.org/C507366226","wikidata":"https://www.wikidata.org/wiki/Q42378","display_name":"USB","level":3,"score":0.7997078895568848},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.7054991722106934},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5669663548469543},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.45611947774887085},{"id":"https://openalex.org/C22174128","wikidata":"https://www.wikidata.org/wiki/Q175869","display_name":"Microcode","level":2,"score":0.4410057067871094},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.43628591299057007},{"id":"https://openalex.org/C173018170","wikidata":"https://www.wikidata.org/wiki/Q165678","display_name":"Microcontroller","level":2,"score":0.43463775515556335},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.40435630083084106},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.3263414800167084},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.21981650590896606},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1387406289577484},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3133956.3134050","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3134050","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1708.09114","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1708.09114","pdf_url":"https://arxiv.org/pdf/1708.09114","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1708.09114","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1708.09114","pdf_url":"https://arxiv.org/pdf/1708.09114","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3959218861","display_name":null,"funder_award_id":"CNS-1254017","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":55,"referenced_works":["https://openalex.org/W78133515","https://openalex.org/W157156687","https://openalex.org/W967948971","https://openalex.org/W1465193051","https://openalex.org/W1496222301","https://openalex.org/W1506679007","https://openalex.org/W1508927144","https://openalex.org/W1593690673","https://openalex.org/W1694077306","https://openalex.org/W1710734607","https://openalex.org/W1940711725","https://openalex.org/W1965159911","https://openalex.org/W1972369120","https://openalex.org/W1994367926","https://openalex.org/W2007237548","https://openalex.org/W2010417554","https://openalex.org/W2011843373","https://openalex.org/W2012575532","https://openalex.org/W2043118292","https://openalex.org/W2058869529","https://openalex.org/W2062801884","https://openalex.org/W2064856281","https://openalex.org/W2091939272","https://openalex.org/W2098202130","https://openalex.org/W2101512909","https://openalex.org/W2111021060","https://openalex.org/W2113864883","https://openalex.org/W2116998907","https://openalex.org/W2119251836","https://openalex.org/W2119812052","https://openalex.org/W2132897303","https://openalex.org/W2133588128","https://openalex.org/W2137530017","https://openalex.org/W2156858199","https://openalex.org/W2163499368","https://openalex.org/W2170371367","https://openalex.org/W2203654293","https://openalex.org/W2297774820","https://openalex.org/W2363172845","https://openalex.org/W2467344324","https://openalex.org/W2468992231","https://openalex.org/W2493858325","https://openalex.org/W2508928295","https://openalex.org/W2514974017","https://openalex.org/W2538851513","https://openalex.org/W2544758986","https://openalex.org/W2560252021","https://openalex.org/W2574017551","https://openalex.org/W2576376563","https://openalex.org/W2583316335","https://openalex.org/W2907671633","https://openalex.org/W3002103885","https://openalex.org/W3028218615","https://openalex.org/W4285719527","https://openalex.org/W6629841029"],"related_works":["https://openalex.org/W2378655517","https://openalex.org/W2365853604","https://openalex.org/W2370321928","https://openalex.org/W2379112813","https://openalex.org/W1966431236","https://openalex.org/W2389467012","https://openalex.org/W2353952957","https://openalex.org/W2390375986","https://openalex.org/W608147619","https://openalex.org/W2348309678"],"abstract_inverted_index":{"The":[0],"USB":[1,57,78,93],"protocol":[2,79],"has":[3],"become":[4],"ubiquitous,":[5],"supporting":[6],"devices":[7,11,15,42,94],"from":[8],"high-powered":[9],"computing":[10],"to":[12,40,53,80,139,150,190],"small":[13],"embedded":[14,162,182],"and":[16,24,30,84,108,135,184],"control":[17],"systems.":[18],"USB's":[19],"greatest":[20],"feature,":[21],"its":[22,28],"openness":[23],"expandability,":[25],"is":[26,50,59],"also":[27,156],"weakness,":[29],"attacks":[31],"such":[32],"as":[33,43,123,125],"BadUSB":[34],"exploit":[35],"the":[36,77,86,104,126,166,176],"unconstrained":[37,151],"functionality":[38],"afforded":[39],"these":[41,142],"a":[44,56,67,145],"vector":[45],"for":[46,118],"compromise.":[47],"Fundamentally,":[48],"it":[49],"virtually":[51],"impossible":[52],"know":[54],"whether":[55],"device":[58],"benign":[60],"or":[61],"malicious.":[62],"This":[63],"work":[64,110],"introduces":[65],"FirmUSB,":[66],"USB-specific":[68],"firmware":[69,82],"analysis":[70,106,119,180],"framework":[71],"that":[72,88,97],"uses":[73],"domain":[74,137],"knowledge":[75,138],"of":[76,128,147,168,178,196],"examine":[81],"images":[83],"determine":[85],"activity":[87,160],"they":[89],"can":[90,120],"produce.":[91],"Embedded":[92],"use":[95,136,167],"microcontrollers":[96],"have":[98],"not":[99],"been":[100],"well":[101,124],"studied":[102],"by":[103,144],"binary":[105],"community,":[107],"our":[109],"demonstrates":[111],"how":[112],"lifters":[113],"into":[114,175],"popular":[115],"intermediate":[116],"representations":[117],"be":[121],"built,":[122],"challenges":[127,177],"doing":[129],"so.":[130],"We":[131,155],"develop":[132],"targeting":[133],"algorithms":[134],"speed":[140],"up":[141],"processes":[143],"factor":[146],"7":[148],"compared":[149],"fully":[152],"symbolic":[153,179],"execution.":[154],"successfully":[157],"find":[158],"malicious":[159],"in":[161],"8051":[163],"firmwares":[164],"without":[165],"source":[169],"code.":[170],"Finally,":[171],"we":[172],"provide":[173,185],"insights":[174],"on":[181,187],"architectures":[183],"guidance":[186],"improving":[188],"tools":[189],"better":[191],"handle":[192],"this":[193],"important":[194],"class":[195],"devices.":[197]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":18},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":13},{"year":2018,"cited_by_count":4}],"updated_date":"2026-04-03T22:45:19.894376","created_date":"2017-09-15T00:00:00"}