{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,29]],"date-time":"2026-03-29T00:48:58Z","timestamp":1774745338343,"version":"3.50.1"},"publisher-location":"Cham","reference-count":15,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031928857","type":"print"},{"value":"9783031928864","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-92886-4_7","type":"book-chapter","created":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T06:13:05Z","timestamp":1747289585000},"page":"97-110","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Update at\u00a0Your Own Risk: Analysis and\u00a0Recommendations for\u00a0Update-Related Vulnerabilities"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6781-1420","authenticated-orcid":false,"given":"Ahmad B.","family":"Usman","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1916-3398","authenticated-orcid":false,"given":"Mikael","family":"Asplund","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,16]]},"reference":[{"key":"7_CR1","unstructured":"Bellissimo, A., Burgess, J., Fu, K.: Secure software updates: disappointments and new challenges. In: First USENIX Workshop on Hot Topics in Security (HotSec 06). USENIX Association (2006)"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Boldyreva, A., Kim, T., Lipton, R., Warinschi, B.: Provably-secure remote memory attestation for heap overflow protection. In: Security and Cryptography for Networks. Springer (2016)","DOI":"10.1007\/978-3-319-44618-9_5"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"Bradley, C., Barrera, D.: Towards characterizing iot software update practices. In: Foundations and Practice of Security. Springer (2023)","DOI":"10.1007\/978-3-031-30122-3_25"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for linux-based embedded firmware. In: (NDSS) (2016)","DOI":"10.14722\/ndss.2016.23415"},{"issue":"2","key":"7_CR5","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1109\/MSP.2012.113","volume":"11","author":"B Coppens","year":"2013","unstructured":"Coppens, B., De Sutter, B., De Bosschere, K.: Protecting your software updates. IEEE Secur. Priv. 11(2), 47\u201354 (2013). https:\/\/doi.org\/10.1109\/MSP.2012.113","journal-title":"IEEE Secur. Priv."},{"key":"7_CR6","doi-asserted-by":"publisher","unstructured":"Ibrahim, M., Continella, A., Bianchi, A.: Aot - attack on things: a security analysis of iot firmware updates. In: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS &P) (2023). https:\/\/doi.org\/10.1109\/EuroSP57164.2023.00065","DOI":"10.1109\/EuroSP57164.2023.00065"},{"key":"7_CR7","doi-asserted-by":"publisher","first-page":"102613","DOI":"10.1016\/j.cose.2022.102613","volume":"115","author":"S Liu","year":"2022","unstructured":"Liu, S., Feng, P., Wang, S., Sun, K., Cao, J.: Enhancing malware analysis sandboxes with emulated user behavior. Comput. Secur. 115, 102613 (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102613","journal-title":"Comput. Secur."},{"key":"7_CR8","doi-asserted-by":"publisher","unstructured":"Lorch, R., Larraz, D., Tinelli, C., Chowdhury, O.: A comprehensive, automated security analysis of the uptane automotive over-the-air update framework. In: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses. (RAID \u201924), Association for Computing Machinery (2024). https:\/\/doi.org\/10.1145\/3678890.3678927","DOI":"10.1145\/3678890.3678927"},{"key":"7_CR9","doi-asserted-by":"publisher","unstructured":"Plappert, C., Fuchs, A.: Secure and lightweight ecu attestations for resilient over-the-air updates in connected vehicles. In: ACSAC \u201923, Association for Computing Machinery (2023). https:\/\/doi.org\/10.1145\/3627106.3627202","DOI":"10.1145\/3627106.3627202"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Setayeshfar, O., Rhee, J.J., Kim, C.H., Lee, K.H.: Find my sloths: automated comparative analysis of how real enterprise computers keep up with the software update races. In: Detection of Intrusions and Malware, and Vulnerability Assessment. Springer (2021)","DOI":"10.1007\/978-3-030-80825-9_11"},{"key":"7_CR11","doi-asserted-by":"publisher","unstructured":"Treetippayaruk, S., Senivongse, T.: Security vulnerability assessment for software version upgrade. In: 2017 18th IEEE\/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel\/Distributed Computing (SNPD) (2017). https:\/\/doi.org\/10.1109\/SNPD.2017.8022734","DOI":"10.1109\/SNPD.2017.8022734"},{"key":"7_CR12","doi-asserted-by":"publisher","unstructured":"Usman, A.B., Asplund, M.: Remote attestation with software updates in embedded systems. In: 2024 IEEE Conference on Communications and Network Security (CNS) (2024). https:\/\/doi.org\/10.1109\/CNS62487.2024.10735526","DOI":"10.1109\/CNS62487.2024.10735526"},{"key":"7_CR13","doi-asserted-by":"publisher","unstructured":"Usman, A.B., Cole, N., Asplund, M., Boeira, F., Vestlund, C.: Remote attestation assurance arguments for trusted execution environments. In: Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems. (SaT-CPS \u201923), Association for Computing Machinery (2023). https:\/\/doi.org\/10.1145\/3579988.3585056","DOI":"10.1145\/3579988.3585056"},{"key":"7_CR14","doi-asserted-by":"publisher","unstructured":"Wedyan, F., Alrmuny, D., Bieman, J.M.: The effectiveness of automated static analysis tools for fault detection and refactoring prediction. In: 2009 International Conference on Software Testing Verification and Validation (2009). https:\/\/doi.org\/10.1109\/ICST.2009.21","DOI":"10.1109\/ICST.2009.21"},{"key":"7_CR15","unstructured":"Wu, Y., et al.: Your firmware has arrived: a study of firmware update vulnerabilities. In: 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association (2024)"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-92886-4_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T06:13:09Z","timestamp":1747289589000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-92886-4_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031928857","9783031928864"],"references-count":15,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-92886-4_7","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"16 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 May 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 May 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"40","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2025.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}