FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution

Improved probabilistic verification by hash compaction

CHARME '95 Proceedings of the IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods

CUTE: a concolic unit testing engine for C

Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering

Towards Automatic Generation of Vulnerability-Based Signatures

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy

EXE: automatically generating inputs of death

Proceedings of the 13th ACM conference on Computer and communications security

Bouncer: securing software by blocking bad input

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles

The software model checker Blast: Applications to software engineering

International Journal on Software Tools for Technology Transfer (STTT)

Security and Privacy for Implantable Medical Devices

IEEE Pervasive Computing

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy

Loop-extended symbolic execution on binary programs

Proceedings of the eighteenth international symposium on Software testing and analysis

A few billion lines of code later: using static analysis to find bugs in the real world

Communications of the ACM

State Joining and Splitting for the Symbolic Execution of Binaries

Runtime Verification

Cloud9: a software testing service

ACM SIGOPS Operating Systems Review

Reverse engineering of binary device drivers with RevNIC

Proceedings of the 5th European conference on Computer systems

Execution synthesis: a technique for automated software debugging

Proceedings of the 5th European conference on Computer systems

KleeNet: discovering insidious interaction bugs in wireless sensor networks before deployment

Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks

RWset: attacking path explosion in constraint-based test generation

TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems

Experimental Security Analysis of a Modern Automobile

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy

KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs

OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation

A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan

Proceedings of the 26th Annual Computer Security Applications Conference

Security and privacy vulnerabilities of in-car wireless networks: a tire pressure monitoring system case study

USENIX Security'10 Proceedings of the 19th USENIX conference on Security

S2E: a platform for in-vivo multi-path analysis of software systems

Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems

A decade of software model checking with SLAM

Communications of the ACM

Parallel symbolic execution for automated real-world software testing

Proceedings of the sixth conference on Computer systems

Comprehensive experimental analyses of automotive attack surfaces

SEC'11 Proceedings of the 20th USENIX conference on Security

Efficient state merging in symbolic execution

Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation

Security analysis of smartphone point-of-sale systems

WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies

SymDrive: testing drivers without devices

OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation