This paper presents a Rapid Review (RR) conducted to identify and characterize existing approaches and methods that discover, fix, and manage vulnerabilities in Embedded, Cyber-Physical, and Internetof-Things systems and software (ESs hereafter). In the last years, a growing interest concerned the adoption of ESs in different domains (e.g., automotive, healthcare) and with different purposes. Modern ESs are heterogeneous, computationally powerful, connected, and intelligent systems characterized by many technologies, devices, and an extensive use of embedded software (SW). Adopting software that could emulate or substitute hardware (HD) components makes the ESs flexible, tunable, and less costly but demands attention to security aspects such as SW vulnerabilities. Vulnerabilities can be exploited by attackers and compromise entire systems. The findings of our RR emerge from 61 papers and can be summarized as follows: (i) complex and connected ESs are studied especially for autonomous vehicles and robots; (ii) new methods and approaches are proposed mainly to discover software-vulnerabilities related to memory management in ES firmware software; and (iii) most of the proposed methods apply fuzzy-based dynamic analysis to binary and executable files of ES software.
A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems / Marchetto, Alessandro; Scanniello, Giuseppe. - (2023), pp. 468-477. (Intervento presentato al convegno International Conference on Product-Focused Software Process Improvement (PROFES 2023) tenutosi a Dornbirn, Austria nel 10–13 December, 2023) [10.1007/978-3-031-49266-2].
A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems
Marchetto, Alessandro
Primo
;
2023-01-01
Abstract
This paper presents a Rapid Review (RR) conducted to identify and characterize existing approaches and methods that discover, fix, and manage vulnerabilities in Embedded, Cyber-Physical, and Internetof-Things systems and software (ESs hereafter). In the last years, a growing interest concerned the adoption of ESs in different domains (e.g., automotive, healthcare) and with different purposes. Modern ESs are heterogeneous, computationally powerful, connected, and intelligent systems characterized by many technologies, devices, and an extensive use of embedded software (SW). Adopting software that could emulate or substitute hardware (HD) components makes the ESs flexible, tunable, and less costly but demands attention to security aspects such as SW vulnerabilities. Vulnerabilities can be exploited by attackers and compromise entire systems. The findings of our RR emerge from 61 papers and can be summarized as follows: (i) complex and connected ESs are studied especially for autonomous vehicles and robots; (ii) new methods and approaches are proposed mainly to discover software-vulnerabilities related to memory management in ES firmware software; and (iii) most of the proposed methods apply fuzzy-based dynamic analysis to binary and executable files of ES software.File | Dimensione | Formato | |
---|---|---|---|
PROFESshort_2282_Marchetto.pdf
accesso aperto
Tipologia:
Post-print referato (Refereed author’s manuscript)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
273.91 kB
Formato
Adobe PDF
|
273.91 kB | Adobe PDF | Visualizza/Apri |
profes_2023 (1).pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
514.28 kB
Formato
Adobe PDF
|
514.28 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione