{"id":"https://openalex.org/W4387298303","doi":"https://doi.org/10.1145/3607199.3607217","title":"Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images","display_name":"Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387298303","doi":"https://doi.org/10.1145/3607199.3607217"},"language":"en","primary_location":{"id":"doi:10.1145/3607199.3607217","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3607199.3607217","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607217","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607217","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073278833","display_name":"Eric Gustafson","orcid":"https://orcid.org/0009-0001-2371-9486"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Eric Gustafson","raw_affiliation_strings":["UC Santa Barbara, USA"],"affiliations":[{"raw_affiliation_string":"UC Santa Barbara, USA","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059803399","display_name":"Paul Grosen","orcid":"https://orcid.org/0009-0004-9065-3407"},"institutions":[{"id":"https://openalex.org/I134446601","display_name":"Berkeley College","ror":"https://ror.org/02xewxa75","country_code":"US","type":"education","lineage":["https://openalex.org/I134446601"]},{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Paul Grosen","raw_affiliation_strings":["UC Berkeley, USA"],"affiliations":[{"raw_affiliation_string":"UC Berkeley, USA","institution_ids":["https://openalex.org/I134446601","https://openalex.org/I95457486"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035847553","display_name":"Nilo Redini","orcid":"https://orcid.org/0009-0002-6768-7380"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nilo Redini","raw_affiliation_strings":["UC Santa Barbara, USA"],"affiliations":[{"raw_affiliation_string":"UC Santa Barbara, USA","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103149791","display_name":"Saagar Jha","orcid":"https://orcid.org/0009-0006-0502-4038"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Saagar Jha","raw_affiliation_strings":["UC Santa Barbara, United States of America"],"affiliations":[{"raw_affiliation_string":"UC Santa Barbara, United States of America","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071672404","display_name":"Andrea Continella","orcid":"https://orcid.org/0000-0002-0329-1830"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Andrea Continella","raw_affiliation_strings":["University of Twente, Netherlands"],"affiliations":[{"raw_affiliation_string":"University of Twente, Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046356501","display_name":"Ruoyu Wang","orcid":"https://orcid.org/0000-0003-1524-2566"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ruoyu Wang","raw_affiliation_strings":["Arizona State University, United States of America"],"affiliations":[{"raw_affiliation_string":"Arizona State University, United States of America","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113708992","display_name":"Kevin Fu","orcid":null},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kevin Fu","raw_affiliation_strings":["Northeastern University, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085837723","display_name":"Sara Rampazzi","orcid":"https://orcid.org/0000-0002-3630-6269"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sara Rampazzi","raw_affiliation_strings":["University of Florida, United States of America"],"affiliations":[{"raw_affiliation_string":"University of Florida, United States of America","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022177364","display_name":"Christopher Kruegel","orcid":"https://orcid.org/0000-0001-5140-3414"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christopher Kruegel","raw_affiliation_strings":["UC Santa Barbara, United States of America"],"affiliations":[{"raw_affiliation_string":"UC Santa Barbara, United States of America","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075685499","display_name":"Giovanni Vigna","orcid":"https://orcid.org/0000-0002-3422-5369"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Giovanni Vigna","raw_affiliation_strings":["UC Santa Barbara, United States of America"],"affiliations":[{"raw_affiliation_string":"UC Santa Barbara, United States of America","institution_ids":["https://openalex.org/I154570441"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5073278833"],"corresponding_institution_ids":["https://openalex.org/I154570441"],"apc_list":null,"apc_paid":null,"fwci":0.7849,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.71659143,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"32","last_page":"45"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.9008142352104187},{"id":"https://openalex.org/keywords/retrofitting","display_name":"Retrofitting","score":0.8349692821502686},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6205261945724487},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3487285375595093},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.2384573519229889},{"id":"https://openalex.org/keywords/structural-engineering","display_name":"Structural engineering","score":0.14442765712738037},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.1265517771244049}],"concepts":[{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.9008142352104187},{"id":"https://openalex.org/C2778368411","wikidata":"https://www.wikidata.org/wiki/Q24662","display_name":"Retrofitting","level":2,"score":0.8349692821502686},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6205261945724487},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3487285375595093},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2384573519229889},{"id":"https://openalex.org/C66938386","wikidata":"https://www.wikidata.org/wiki/Q633538","display_name":"Structural engineering","level":1,"score":0.14442765712738037},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.1265517771244049}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3607199.3607217","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3607199.3607217","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607217","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:ris.utwente.nl:openaire_cris_publications/160d13e5-ab4c-4ecc-bb69-8cc33a061ad6","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/160d13e5-ab4c-4ecc-bb69-8cc33a061ad6","pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Gustafson, E, Grosen, P, Redini, N, Jha, S, Wang, R, Continella, A, Fu, K, Rampazzi, S, Kruegel, C & Vigna, G 2023, Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images. in RAID '23 : Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hong Kong, China, October 16-18, 2023. Association for Computing Machinery, New York, NY, pp. 32-45, 26th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2023, Hong Kong, China, 16/10/23. https://doi.org/10.1145/3607199.3607217","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:ris.utwente.nl:publications/160d13e5-ab4c-4ecc-bb69-8cc33a061ad6","is_oa":true,"landing_page_url":"https://research.utwente.nl/files/351183023/3607199.3607217.pdf","pdf_url":"https://ris.utwente.nl/ws/files/351183023/3607199.3607217.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Gustafson, E, Grosen, P, Redini, N, Jha, S, Wang, R, Continella, A, Fu, K, Rampazzi, S, Kruegel, C & Vigna, G 2023, Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images. in RAID '23 : Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hong Kong, China, October 16-18, 2023. Association for Computing Machinery, New York, NY, pp. 32-45, 26th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2023, Hong Kong, China, 16/10/23. https://doi.org/10.1145/3607199.3607217","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1145/3607199.3607217","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3607199.3607217","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607217","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1633690903","display_name":null,"funder_award_id":"00014-20","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G2336166159","display_name":null,"funder_award_id":"4-20-","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G2811237814","display_name":null,"funder_award_id":"Grant","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G4776870722","display_name":null,"funder_award_id":"unknown","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G5365867299","display_name":null,"funder_award_id":"Grant","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"},{"id":"https://openalex.org/G6009445997","display_name":null,"funder_award_id":"unknown","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"},{"id":"https://openalex.org/G629491556","display_name":null,"funder_award_id":"(NWO)","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"},{"id":"https://openalex.org/G7034037648","display_name":null,"funder_award_id":"4-20-1-","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G8876708457","display_name":null,"funder_award_id":"N00014-20-1-2632","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G8876996369","display_name":null,"funder_award_id":"N00014","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320321800","display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","ror":"https://ror.org/04jsz6e67"},{"id":"https://openalex.org/F4320329456","display_name":"Ministerie van Economische Zaken en Klimaat","ror":null},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387298303.pdf","grobid_xml":"https://content.openalex.org/works/W4387298303.grobid-xml"},"referenced_works_count":13,"referenced_works":["https://openalex.org/W2065995359","https://openalex.org/W2350778671","https://openalex.org/W2514974017","https://openalex.org/W2577142429","https://openalex.org/W2741175893","https://openalex.org/W2774286308","https://openalex.org/W2920627032","https://openalex.org/W2926178846","https://openalex.org/W2947362543","https://openalex.org/W2951450826","https://openalex.org/W2991611768","https://openalex.org/W3015291177","https://openalex.org/W3015383024"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2582981600","https://openalex.org/W4389238932","https://openalex.org/W4387467152","https://openalex.org/W4212885212","https://openalex.org/W4379115910","https://openalex.org/W3010413952","https://openalex.org/W4253989935","https://openalex.org/W2810560948"],"abstract_inverted_index":{"In":[0,17],"today\u2019s":[1],"era":[2],"of":[3,6,41,61],"the":[4,20,39,69],"Internet":[5],"Things,":[7],"we":[8,27],"are":[9,36,73],"surrounded":[10],"by":[11],"security-":[12],"and":[13,71,82],"safety-critical,":[14],"network-connected":[15],"devices.":[16],"parallel":[18],"with":[19],"rise":[21],"in":[22,33],"attacks":[23],"on":[24],"such":[25],"devices,":[26,62],"have":[28,76],"also":[29],"seen":[30],"an":[31],"increase":[32],"devices":[34],"that":[35,64],"abandoned,":[37],"reached":[38],"end":[40],"their":[42],"support":[43],"periods,":[44],"or":[45],"will":[46],"not":[47],"otherwise":[48],"receive":[49],"future":[50],"security":[51],"updates.":[52],"While":[53],"this":[54],"issue":[55],"exists":[56],"for":[57],"a":[58],"wide":[59],"array":[60],"those":[63],"use":[65],"monolithic":[66],"firmware,":[67],"where":[68],"code":[70],"data":[72],"opaquely":[74],"intermixed,":[75],"traditionally":[77],"been":[78],"difficult":[79],"to":[80],"examine":[81],"protect.":[83]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}