A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems

Marchetto, Alessandro; Scanniello, Giuseppe

doi:10.1007/978-3-031-49266-2_32

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14483))

Included in the following conference series:

International Conference on Product-Focused Software Process Improvement

378 Accesses

Abstract

This paper presents a Rapid Review (RR) conducted to identify and characterize existing approaches and methods that discover, fix, and manage vulnerabilities in Embedded, Cyber-Physical, and Internet-of-Things systems and software (ESs hereafter). In the last years, a growing interest concerned the adoption of ESs in different domains (e.g., automotive, healthcare) and with different purposes. Modern ESs are heterogeneous, computationally powerful, connected, and intelligent systems characterized by many technologies, devices, and an extensive use of embedded software (SW). Adopting software that could emulate or substitute hardware (HD) components makes the ESs flexible, tunable, and less costly but demands attention to security aspects such as SW vulnerabilities. Vulnerabilities can be exploited by attackers and compromise entire systems. The findings of our RR emerge from 61 papers and can be summarized as follows: (i) complex and connected ESs are studied especially for autonomous vehicles and robots; (ii) new methods and approaches are proposed mainly to discover software-vulnerabilities related to memory management in ES firmware software; and (iii) most of the proposed methods apply fuzzy-based dynamic analysis to binary and executable files of ES software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 79.99; Price excludes VAT (USA)

Softcover Book: USD 99.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
https://www.transparencymarketresearch.com.
2.
https://tinyurl.com/4rfbzc2w.
3.
Voyant tool: https://voyant-tools.org, online 2023.

References

Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77–101 (2006)
Article Google Scholar
Cartaxo, B., Pinto, G., Soares, S.: Rapid reviews in software engineering. In: Contemporary Empirical Methods in Software Engineering, pp. 357–384. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-32489-6_13
Chapter Google Scholar
Dessiatnikoff, A., Deswarte, Y., Alata, E., Nicomette, V.: Potential attacks on onboard aerospace systems. IEEE Secur. Priv. 10(4), 71–74 (2012)
Article Google Scholar
Eceiza, M., Flores, J.L., Iturbe, M.: Fuzzing the internet of things: a review on the techniques and challenges for efficient vulnerability discovery in embedded systems. IEEE Internet Things J. 8(13), 10390–10411 (2021)
Article Google Scholar
Feng, X., Zhu, X., Han, Q.-L., Zhou, W., Wen, S., Xiang, Y.: Detecting vulnerability on IoT device firmware: a survey. IEEE/CAA J. Automatica Sin. 10(1), 25–41 (2023). https://doi.org/10.1109/JAS.2022.105860
Fournaris, A.P., Pocero Fraile, L., Koufopavlou, O.: Exploiting hardware vulnerabilities to attack embedded system devices: a survey of potent microarchitectural attacks. Electron. 6(3) (2017). ISSN 2079-9292
Google Scholar
Papp, D., Ma, Z., Buttyan, L.: Embedded systems security: threats, vulnerabilities, and attack taxonomy, pp. 145–152. IEEE, Turkey (2015)
Google Scholar
Qasem, A., Shirani, P., Debbabi, M., Wang, L., Lebel, B., Agba, B.L.: Automatic vulnerability detection in embedded devices and firmware: survey and layered taxonomies. ACM Comput. Surv. 54(2) (2021). https://doi.org/10.1145/3432893. ISSN 0360-0300
Schotten, M., M’hamed., E., Meester, W., Steiginga, S., Ross, C.: A Brief History of Scopus: The World’s Largest Abstract and Citation Database of Scientific Literature, pp. 31–58. CRC Press, January 2017
Google Scholar
Speckemeier, C., Niemann, A., Wasem, J., Buchberger, B., Neusser, S.: Methodological guidance for rapid reviews in healthcare: a scoping review. Res. Synth. Methods 13(4), 394–404 (2022)
Article Google Scholar

Download references

Author information

Authors and Affiliations

University of Trento, Trento, Italy
Alessandro Marchetto
University of Salerno, Salerno, Italy
Giuseppe Scanniello

Authors

Alessandro Marchetto
View author publications
You can also search for this author in PubMed Google Scholar
Giuseppe Scanniello
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alessandro Marchetto .

Editor information

Editors and Affiliations

FHV Vorarlberg University of Applied Science, Dornbirn, Austria
Regine Kadgien
Fraunhofer Institute for Experimental Software Engineering, Kaiserslautern, Germany
Andreas Jedlitschka
FHV Vorarlberg University of Applied Science, Dornbirn, Austria
Andrea Janes
University of Oulu, Oulu, Finland
Valentina Lenarduzzi
University of Oulu, Oulu, Finland
Xiaozhou Li

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Marchetto, A., Scanniello, G. (2024). A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems. In: Kadgien, R., Jedlitschka, A., Janes, A., Lenarduzzi, V., Li, X. (eds) Product-Focused Software Process Improvement. PROFES 2023. Lecture Notes in Computer Science, vol 14483. Springer, Cham. https://doi.org/10.1007/978-3-031-49266-2_32

Download citation

DOI: https://doi.org/10.1007/978-3-031-49266-2_32
Published: 02 December 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-49265-5
Online ISBN: 978-3-031-49266-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

A Rapid Review on Software Vulnerabilities and Embedded, Cyber-Physical, and IoT Systems