Top

Published in:

2024 | OriginalPaper | Chapter

A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems

Authors : Alessandro Marchetto, Giuseppe Scanniello

Published in: Product-Focused Software Process Improvement

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper presents a Rapid Review (RR) conducted to identify and characterize existing approaches and methods that discover, fix, and manage vulnerabilities in Embedded, Cyber-Physical, and Internet-of-Things systems and software (ESs hereafter). In the last years, a growing interest concerned the adoption of ESs in different domains (e.g., automotive, healthcare) and with different purposes. Modern ESs are heterogeneous, computationally powerful, connected, and intelligent systems characterized by many technologies, devices, and an extensive use of embedded software (SW). Adopting software that could emulate or substitute hardware (HD) components makes the ESs flexible, tunable, and less costly but demands attention to security aspects such as SW vulnerabilities. Vulnerabilities can be exploited by attackers and compromise entire systems. The findings of our RR emerge from 61 papers and can be summarized as follows: (i) complex and connected ESs are studied especially for autonomous vehicles and robots; (ii) new methods and approaches are proposed mainly to discover software-vulnerabilities related to memory management in ES firmware software; and (iii) most of the proposed methods apply fuzzy-based dynamic analysis to binary and executable files of ES software.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter On Fixing Bugs: Do Personality Traits Matter?

next chapter Social Sustainability Approaches for Software Development: A Systematic Literature Review

https://www.transparencymarketresearch.com.

https://tinyurl.com/4rfbzc2w.

Voyant tool: https://voyant-tools.org, online 2023.

Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77–101 (2006)CrossRef

Cartaxo, B., Pinto, G., Soares, S.: Rapid reviews in software engineering. In: Contemporary Empirical Methods in Software Engineering, pp. 357–384. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-32489-6_13CrossRef

Dessiatnikoff, A., Deswarte, Y., Alata, E., Nicomette, V.: Potential attacks on onboard aerospace systems. IEEE Secur. Priv. 10(4), 71–74 (2012)CrossRef

Eceiza, M., Flores, J.L., Iturbe, M.: Fuzzing the internet of things: a review on the techniques and challenges for efficient vulnerability discovery in embedded systems. IEEE Internet Things J. 8(13), 10390–10411 (2021)CrossRef

Feng, X., Zhu, X., Han, Q.-L., Zhou, W., Wen, S., Xiang, Y.: Detecting vulnerability on IoT device firmware: a survey. IEEE/CAA J. Automatica Sin. 10(1), 25–41 (2023). https://doi.org/10.1109/JAS.2022.105860

Fournaris, A.P., Pocero Fraile, L., Koufopavlou, O.: Exploiting hardware vulnerabilities to attack embedded system devices: a survey of potent microarchitectural attacks. Electron. 6(3) (2017). ISSN 2079-9292

Papp, D., Ma, Z., Buttyan, L.: Embedded systems security: threats, vulnerabilities, and attack taxonomy, pp. 145–152. IEEE, Turkey (2015)

Qasem, A., Shirani, P., Debbabi, M., Wang, L., Lebel, B., Agba, B.L.: Automatic vulnerability detection in embedded devices and firmware: survey and layered taxonomies. ACM Comput. Surv. 54(2) (2021). https://doi.org/10.1145/3432893. ISSN 0360-0300

Schotten, M., M’hamed., E., Meester, W., Steiginga, S., Ross, C.: A Brief History of Scopus: The World’s Largest Abstract and Citation Database of Scientific Literature, pp. 31–58. CRC Press, January 2017

10.

Speckemeier, C., Niemann, A., Wasem, J., Buchberger, B., Neusser, S.: Methodological guidance for rapid reviews in healthcare: a scoping review. Res. Synth. Methods 13(4), 394–404 (2022)CrossRef

Title: A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems
Authors: Alessandro Marchetto
Giuseppe Scanniello
Publisher: Springer Nature Switzerland
Book: Product-Focused Software Process Improvement
Print ISBN: 978-3-031-49265-5

Electronic ISBN: 978-3-031-49266-2

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-49266-2_32

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner