This paper presents a Rapid Review (RR) conducted to identify and characterize existing approaches and methods that discover, fix, and manage vulnerabilities in Embedded, Cyber-Physical, and Internetof-Things systems and software (ESs hereafter). In the last years, a growing interest concerned the adoption of ESs in different domains (e.g., automotive, healthcare) and with different purposes. Modern ESs are heterogeneous, computationally powerful, connected, and intelligent systems characterized by many technologies, devices, and an extensive use of embedded software (SW). Adopting software that could emulate or substitute hardware (HD) components makes the ESs flexible, tunable, and less costly but demands attention to security aspects such as SW vulnerabilities. Vulnerabilities can be exploited by attackers and compromise entire systems. The findings of our RR emerge from 61 papers and can be summarized as follows: (i) complex and connected ESs are studied especially for autonomous vehicles and robots; (ii) new methods and approaches are proposed mainly to discover software-vulnerabilities related to memory management in ES firmware software; and (iii) most of the proposed methods apply fuzzy-based dynamic analysis to binary and executable files of ES software.

A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems / Marchetto, Alessandro; Scanniello, Giuseppe. - (2023), pp. 468-477. (Intervento presentato al convegno International Conference on Product-Focused Software Process Improvement (PROFES 2023) tenutosi a Dornbirn, Austria nel 10–13 December, 2023) [10.1007/978-3-031-49266-2].

A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems

Marchetto, Alessandro
Primo
;
2023-01-01

Abstract

This paper presents a Rapid Review (RR) conducted to identify and characterize existing approaches and methods that discover, fix, and manage vulnerabilities in Embedded, Cyber-Physical, and Internetof-Things systems and software (ESs hereafter). In the last years, a growing interest concerned the adoption of ESs in different domains (e.g., automotive, healthcare) and with different purposes. Modern ESs are heterogeneous, computationally powerful, connected, and intelligent systems characterized by many technologies, devices, and an extensive use of embedded software (SW). Adopting software that could emulate or substitute hardware (HD) components makes the ESs flexible, tunable, and less costly but demands attention to security aspects such as SW vulnerabilities. Vulnerabilities can be exploited by attackers and compromise entire systems. The findings of our RR emerge from 61 papers and can be summarized as follows: (i) complex and connected ESs are studied especially for autonomous vehicles and robots; (ii) new methods and approaches are proposed mainly to discover software-vulnerabilities related to memory management in ES firmware software; and (iii) most of the proposed methods apply fuzzy-based dynamic analysis to binary and executable files of ES software.
2023
International Conference on Product-Focused Software Process Improvement (PROFES 2023)
Cham (SW)
Springer Cham
978-3-031-49266-2
Marchetto, Alessandro; Scanniello, Giuseppe
A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems / Marchetto, Alessandro; Scanniello, Giuseppe. - (2023), pp. 468-477. (Intervento presentato al convegno International Conference on Product-Focused Software Process Improvement (PROFES 2023) tenutosi a Dornbirn, Austria nel 10–13 December, 2023) [10.1007/978-3-031-49266-2].
File in questo prodotto:
File Dimensione Formato  
PROFESshort_2282_Marchetto.pdf

accesso aperto

Tipologia: Post-print referato (Refereed author’s manuscript)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 273.91 kB
Formato Adobe PDF
273.91 kB Adobe PDF Visualizza/Apri
profes_2023 (1).pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 514.28 kB
Formato Adobe PDF
514.28 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/398734
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact