Abstract
This paper presents a Rapid Review (RR) conducted to identify and characterize existing approaches and methods that discover, fix, and manage vulnerabilities in Embedded, Cyber-Physical, and Internet-of-Things systems and software (ESs hereafter). In the last years, a growing interest concerned the adoption of ESs in different domains (e.g., automotive, healthcare) and with different purposes. Modern ESs are heterogeneous, computationally powerful, connected, and intelligent systems characterized by many technologies, devices, and an extensive use of embedded software (SW). Adopting software that could emulate or substitute hardware (HD) components makes the ESs flexible, tunable, and less costly but demands attention to security aspects such as SW vulnerabilities. Vulnerabilities can be exploited by attackers and compromise entire systems. The findings of our RR emerge from 61 papers and can be summarized as follows: (i) complex and connected ESs are studied especially for autonomous vehicles and robots; (ii) new methods and approaches are proposed mainly to discover software-vulnerabilities related to memory management in ES firmware software; and (iii) most of the proposed methods apply fuzzy-based dynamic analysis to binary and executable files of ES software.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
Voyant tool: https://voyant-tools.org, online 2023.
References
Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77–101 (2006)
Cartaxo, B., Pinto, G., Soares, S.: Rapid reviews in software engineering. In: Contemporary Empirical Methods in Software Engineering, pp. 357–384. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-32489-6_13
Dessiatnikoff, A., Deswarte, Y., Alata, E., Nicomette, V.: Potential attacks on onboard aerospace systems. IEEE Secur. Priv. 10(4), 71–74 (2012)
Eceiza, M., Flores, J.L., Iturbe, M.: Fuzzing the internet of things: a review on the techniques and challenges for efficient vulnerability discovery in embedded systems. IEEE Internet Things J. 8(13), 10390–10411 (2021)
Feng, X., Zhu, X., Han, Q.-L., Zhou, W., Wen, S., Xiang, Y.: Detecting vulnerability on IoT device firmware: a survey. IEEE/CAA J. Automatica Sin. 10(1), 25–41 (2023). https://doi.org/10.1109/JAS.2022.105860
Fournaris, A.P., Pocero Fraile, L., Koufopavlou, O.: Exploiting hardware vulnerabilities to attack embedded system devices: a survey of potent microarchitectural attacks. Electron. 6(3) (2017). ISSN 2079-9292
Papp, D., Ma, Z., Buttyan, L.: Embedded systems security: threats, vulnerabilities, and attack taxonomy, pp. 145–152. IEEE, Turkey (2015)
Qasem, A., Shirani, P., Debbabi, M., Wang, L., Lebel, B., Agba, B.L.: Automatic vulnerability detection in embedded devices and firmware: survey and layered taxonomies. ACM Comput. Surv. 54(2) (2021). https://doi.org/10.1145/3432893. ISSN 0360-0300
Schotten, M., M’hamed., E., Meester, W., Steiginga, S., Ross, C.: A Brief History of Scopus: The World’s Largest Abstract and Citation Database of Scientific Literature, pp. 31–58. CRC Press, January 2017
Speckemeier, C., Niemann, A., Wasem, J., Buchberger, B., Neusser, S.: Methodological guidance for rapid reviews in healthcare: a scoping review. Res. Synth. Methods 13(4), 394–404 (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Marchetto, A., Scanniello, G. (2024). A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems. In: Kadgien, R., Jedlitschka, A., Janes, A., Lenarduzzi, V., Li, X. (eds) Product-Focused Software Process Improvement. PROFES 2023. Lecture Notes in Computer Science, vol 14483. Springer, Cham. https://doi.org/10.1007/978-3-031-49266-2_32
Download citation
DOI: https://doi.org/10.1007/978-3-031-49266-2_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-49265-5
Online ISBN: 978-3-031-49266-2
eBook Packages: Computer ScienceComputer Science (R0)