{"id":"https://openalex.org/W4391623949","doi":"https://doi.org/10.1145/3623278.3624759","title":"FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware","display_name":"FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware","publication_year":2023,"publication_date":"2023-03-25","ids":{"openalex":"https://openalex.org/W4391623949","doi":"https://doi.org/10.1145/3623278.3624759"},"language":"en","primary_location":{"id":"doi:10.1145/3623278.3624759","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3623278.3624759","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3623278.3624759","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3623278.3624759","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037451675","display_name":"Puzhuo Liu","orcid":"https://orcid.org/0000-0002-8995-5924"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Puzhuo Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053886363","display_name":"Yaowen Zheng","orcid":"https://orcid.org/0000-0002-8953-0782"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yaowen Zheng","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101708632","display_name":"C. P. Sun","orcid":"https://orcid.org/0000-0002-0862-2491"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Chengnian Sun","raw_affiliation_strings":["University of Waterloo, Waterloo, Ontario, Canada"],"affiliations":[{"raw_affiliation_string":"University of Waterloo, Waterloo, Ontario, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103138124","display_name":"Chuan Qin","orcid":"https://orcid.org/0009-0006-7867-957X"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chuan Qin","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071831111","display_name":"Dongliang Fang","orcid":"https://orcid.org/0009-0005-7484-1333"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dongliang Fang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064612584","display_name":"M. L. Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingdong Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5061643975","display_name":"Limin Sun","orcid":"https://orcid.org/0000-0003-2745-7521"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Limin Sun","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5037451675"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":3.1672,"has_fulltext":true,"cited_by_count":16,"citation_normalized_percentile":{"value":0.93138713,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"138","last_page":"152"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.9896276593208313},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7854286432266235},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7262303233146667},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6952133774757385},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.45370975136756897},{"id":"https://openalex.org/keywords/microcode","display_name":"Microcode","score":0.4296490550041199},{"id":"https://openalex.org/keywords/interface","display_name":"Interface (matter)","score":0.4245629608631134},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3832853138446808},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.24526381492614746}],"concepts":[{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.9896276593208313},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7854286432266235},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7262303233146667},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6952133774757385},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.45370975136756897},{"id":"https://openalex.org/C22174128","wikidata":"https://www.wikidata.org/wiki/Q175869","display_name":"Microcode","level":2,"score":0.4296490550041199},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.4245629608631134},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3832853138446808},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.24526381492614746},{"id":"https://openalex.org/C157915830","wikidata":"https://www.wikidata.org/wiki/Q2928001","display_name":"Bubble","level":2,"score":0.0},{"id":"https://openalex.org/C129307140","wikidata":"https://www.wikidata.org/wiki/Q6795880","display_name":"Maximum bubble pressure method","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3623278.3624759","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3623278.3624759","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3623278.3624759","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3623278.3624759","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3623278.3624759","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3623278.3624759","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5400000214576721}],"awards":[],"funders":[{"id":"https://openalex.org/F4320307791","display_name":"Cisco Systems","ror":"https://ror.org/03yt1ez60"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4391623949.pdf","grobid_xml":"https://content.openalex.org/works/W4391623949.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W191489030","https://openalex.org/W1457363419","https://openalex.org/W1820253543","https://openalex.org/W2039427951","https://openalex.org/W2078197322","https://openalex.org/W2089592764","https://openalex.org/W2180277119","https://openalex.org/W2532962075","https://openalex.org/W2576376563","https://openalex.org/W2749008552","https://openalex.org/W2791018263","https://openalex.org/W2882992559","https://openalex.org/W2888320512","https://openalex.org/W2892187814","https://openalex.org/W2926178846","https://openalex.org/W2965717902","https://openalex.org/W2972481639","https://openalex.org/W2979393298","https://openalex.org/W3015383024","https://openalex.org/W3018354080","https://openalex.org/W3048512654","https://openalex.org/W3093415205","https://openalex.org/W3105926539","https://openalex.org/W3106692695","https://openalex.org/W3111743984","https://openalex.org/W3155424504","https://openalex.org/W3155466149","https://openalex.org/W3161486299","https://openalex.org/W3177280097","https://openalex.org/W3193122818","https://openalex.org/W3195235276","https://openalex.org/W3212565000","https://openalex.org/W4226086536","https://openalex.org/W4226163120","https://openalex.org/W4283789005","https://openalex.org/W4285490438","https://openalex.org/W4288057749","https://openalex.org/W4308632257","https://openalex.org/W6744145243","https://openalex.org/W6921300763"],"related_works":["https://openalex.org/W1966431236","https://openalex.org/W608147619","https://openalex.org/W1984676852","https://openalex.org/W2068967940","https://openalex.org/W270731569","https://openalex.org/W4252104358","https://openalex.org/W2062160093","https://openalex.org/W2025981307","https://openalex.org/W1998626163","https://openalex.org/W2056006243"],"abstract_inverted_index":{"Finding":[0],"vulnerabilities":[1,28],"in":[2],"firmware":[3,8,27,39],"is":[4,21],"vital":[5],"as":[6,58],"any":[7],"vulnerability":[9],"may":[10],"lead":[11],"to":[12,14,30,44,60],"cyberattacks":[13],"the":[15,46],"physical":[16],"IoT":[17],"devices.":[18],"Taint":[19],"analysis":[20],"one":[22],"promising":[23],"technique":[24],"for":[25],"finding":[26],"thanks":[29],"its":[31],"high":[32],"coverage":[33],"and":[34],"scalability.":[35],"However,":[36],"sizable":[37],"closed-source":[38],"makes":[40],"it":[41],"extremely":[42],"difficult":[43],"analyze":[45],"complete":[47],"data-flow":[48],"paths":[49],"from":[50],"taint":[51],"sources":[52],"(i.e.,":[53],"interface":[54],"library":[55],"functions":[56],"such":[57],"recv)":[59],"sinks.":[61]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":3}],"updated_date":"2026-03-31T07:56:22.981413","created_date":"2025-10-10T00:00:00"}