{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T02:03:37Z","timestamp":1776305017233,"version":"3.50.1"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T00:00:00Z","timestamp":1733011200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T00:00:00Z","timestamp":1736467200000},"content-version":"vor","delay-in-days":40,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int J Softw Tools Technol Transfer"],"published-print":{"date-parts":[[2024,12]]},"DOI":"10.1007\/s10009-024-00777-8","type":"journal-article","created":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T15:23:14Z","timestamp":1736522594000},"page":"797-821","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Inference of access policies through static analysis"],"prefix":"10.1007","volume":"26","author":[{"given":"Giacomo","family":"Zanatta","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gianluca","family":"Caiazza","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pietro","family":"Ferrara","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luca","family":"Negrini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,1,10]]},"reference":[{"key":"777_CR1","unstructured":"Kirschgens, L.A., Ugarte, I.Z., Gil-Uriarte, E., Rosas, A.M., Vilches, V.M.: Robot hazards: from safety to security. CoRR (2018). arXiv:1806.06681"},{"key":"777_CR2","first-page":"3","volume-title":"Enhancing Security in ROS","author":"G. Caiazza","year":"2019","unstructured":"Caiazza, G., White, R., Cortesi, A.: Enhancing Security in ROS, pp.\u00a03\u201315. Springer, Singapore (2019)"},{"key":"777_CR3","unstructured":"Mayoral-Vilches, V.: Robot cybersecurity, a review. Int. J. Cyber Forensics Adv. Threat Invest. 0(0) (2022)"},{"key":"777_CR4","first-page":"5","volume-title":"ICRA Workshop on Open Source Software","author":"M. Quigley","year":"2009","unstructured":"Quigley, M., Conley, K., Gerkey, B., Faust, J., Foote, T., Leibs, J., Wheeler, R., Ng, A.Y., et al.: ROS: an open-source robot operating system. In: ICRA Workshop on Open Source Software, vol.\u00a03.2, p.\u00a05. Kobe, Japan (2009)"},{"issue":"66","key":"777_CR5","doi-asserted-by":"publisher","DOI":"10.1126\/scirobotics.abm6074","volume":"7","author":"S. Macenski","year":"2022","unstructured":"Macenski, S., Foote, T., Gerkey, B., Lalancette, C., Woodall, W.: Robot operating system 2: design, architecture, and uses in the wild. Sci. Robot. 7(66), eabm6074 (2022)","journal-title":"Sci. Robot."},{"key":"777_CR6","unstructured":"Mayoral-Vilches, V.: Robot cybersecurity, a review. Int. J. Cyber Forensics Adv. Threat Invest. (2022)"},{"key":"777_CR7","doi-asserted-by":"publisher","first-page":"11253","DOI":"10.1109\/IROS47612.2022.9982129","volume-title":"2022 IEEE\/RSJ International Conference on Intelligent Robots and Systems (IROS)","author":"V. Mayoral-Vilches","year":"2022","unstructured":"Mayoral-Vilches, V., White, R., Caiazza, G., Arguedas, M.: SROS2: usable cyber security tools for ROS 2. In: 2022 IEEE\/RSJ International Conference on Intelligent Robots and Systems (IROS), pp.\u00a011253\u201311259 (2022)"},{"key":"777_CR8","unstructured":"ROS2 core team: 2023-09 ROS 2 RMW alternate. https:\/\/discourse.ros.org\/t\/ros-2-alternative-middleware-report\/33771"},{"key":"777_CR9","volume-title":"Proceedings of IEEE\/RSJ International Conference on Intelligent Robots and Systems (IROS)","author":"G. Zanatta","year":"2024","unstructured":"Zanatta, G., Caiazza, G., Ferrara, P., Negrini, L., White, R.: Automating ROS 2 security policies extraction through static analysis. In: Proceedings of IEEE\/RSJ International Conference on Intelligent Robots and Systems (IROS) (2024)"},{"key":"777_CR10","first-page":"5","volume-title":"Proceedings of the 26th ACM International Workshop on Formal Techniques for Java-Like Programs, FTfJP 2024","author":"G. Zanatta","year":"2024","unstructured":"Zanatta, G., Ferrara, P., Lisovenko, T., Negrini, L., Caiazza, G., White, R.: Sound static analysis for microservices: utopia? A preliminary experience with LiSA. In: Proceedings of the 26th ACM International Workshop on Formal Techniques for Java-Like Programs, FTfJP 2024, pp.\u00a05\u201310. Association for Computing Machinery, New York (2024)"},{"key":"777_CR11","first-page":"19","volume-title":"LiSA: A Generic Framework for Multilanguage Static Analysis","author":"L. Negrini","year":"2023","unstructured":"Negrini, L., Ferrara, P., Arceri, V., Cortesi, A.: LiSA: A Generic Framework for Multilanguage Static Analysis, pp.\u00a019\u201342. Springer, Singapore (2023)"},{"key":"777_CR12","first-page":"1","volume-title":"Proceedings of the 10th ACM SIGPLAN International Workshop on the State of the Art in Program Analysis, SOAP 2021","author":"P. Ferrara","year":"2021","unstructured":"Ferrara, P., Negrini, L., Arceri, V., Cortesi, A.: Static analysis for dummies: experiencing LiSA. In: Proceedings of the 10th ACM SIGPLAN International Workshop on the State of the Art in Program Analysis, SOAP 2021, pp.\u00a01\u20136. Association for Computing Machinery, New York (2021)"},{"key":"777_CR13","first-page":"238","volume-title":"4th ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, January 1977","author":"P. Cousot","year":"1977","unstructured":"Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: 4th ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, January 1977, pp.\u00a0238\u2013252. ACM (1977)"},{"key":"777_CR14","first-page":"269","volume-title":"6th Annual ACM Symposium on Principles of Programming Languages, San Antonio, Texas, USA, January 1979","author":"P. Cousot","year":"1979","unstructured":"Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: 6th Annual ACM Symposium on Principles of Programming Languages, San Antonio, Texas, USA, January 1979, pp.\u00a0269\u2013282. ACM Press (1979)"},{"issue":"2","key":"777_CR15","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1145\/103135.103136","volume":"13","author":"M.N. Wegman","year":"1991","unstructured":"Wegman, M.N., Zadeck, F.K.: Constant propagation with conditional branches. ACM Trans. Program. Lang. Syst. 13(2), 181\u2013210 (1991)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"777_CR16","unstructured":"Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen (1994)"},{"key":"777_CR17","series-title":"LNCS","volume-title":"Proceedings of VMCAI\u201914","author":"P. Ferrara","year":"2014","unstructured":"Ferrara, P.: Generic combination of heap and value analyses in abstract interpretation. In: Proceedings of VMCAI\u201914. LNCS. Springer, Berlin (2014)"},{"key":"777_CR18","volume-title":"Principles of Abstract Interpretation","author":"P. Cousot","year":"2021","unstructured":"Cousot, P.: Principles of Abstract Interpretation. MIT Press, Cambridge (2021)"},{"key":"777_CR19","first-page":"1","volume-title":"Proceedings of the 10th ACM SIGPLAN International Workshop on the State of the Art in Program Analysis (SOAP 2021), SOAP 2021","author":"P. Ferrara","year":"2021","unstructured":"Ferrara, P., Negrini, L., Arceri, V., Cortesi, A.: Static analysis for dummies: experiencing LiSA. In: Proceedings of the 10th ACM SIGPLAN International Workshop on the State of the Art in Program Analysis (SOAP 2021), SOAP 2021, pp.\u00a01\u20136. ACM Press (2021)"},{"key":"777_CR20","series-title":"Leibniz International Proceedings in Informatics (LIPIcs)","first-page":"17:1","volume-title":"Proc. of the 34th European Conference on Object-Oriented Programming (ECOOP\u201920)","author":"R. Monat","year":"2020","unstructured":"Monat, R., Ouadjaout, A., Min\u00e9, A.: Static type analysis by abstract interpretation of Python programs. In: Proc. of the 34th European Conference on Object-Oriented Programming (ECOOP\u201920). Leibniz International Proceedings in Informatics (LIPIcs), vol.\u00a0166, pp.\u00a017:1\u201317:29 (2020). Dagstuhl Publishing. http:\/\/www-apr.lip6.fr\/~mine\/publi\/article-monat-al-ecoop20.pdf"},{"key":"777_CR21","series-title":"Lecture Notes in Computer Science (LNCS)","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1007\/978-3-030-65474-0_11","volume-title":"Proc. of the 27th International Static Analysis Symposium (SAS\u201920)","author":"A. Ouadjaout","year":"2020","unstructured":"Ouadjaout, A., Min\u00e9, A.: A library modeling language for the static analysis of C programs. In: Proc. of the 27th International Static Analysis Symposium (SAS\u201920). Lecture Notes in Computer Science (LNCS), vol.\u00a012389, pp.\u00a0223\u2013246. Springer, Berlin (2020). http:\/\/www-apr.lip6.fr\/~mine\/publi\/ouadjaout-al-sas20.pdf"},{"issue":"8","key":"777_CR22","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1145\/3338112","volume":"62","author":"D. Distefano","year":"2019","unstructured":"Distefano, D., F\u00e4hndrich, M., Logozzo, F., O\u2019Hearn, P.W.: Scaling static analyses at Facebook. Commun. ACM 62(8), 62\u201370 (2019)","journal-title":"Commun. ACM"},{"key":"777_CR23","first-page":"271","volume-title":"Proceedings","author":"G. Brat","year":"2014","unstructured":"Brat, G., Navas, J.A., Shi, N., Venet, A.: IKOS: a framework for static analysis based on abstract interpretation. In: Proceedings, vol.\u00a012, Software Engineering and Formal Methods: 12th International Conference, SEFM 2014, Grenoble, France, September 1\u20135, 2014, pp.\u00a0271\u2013277. Springer (2014)"},{"key":"777_CR24","unstructured":"Zhang, B., Chen, W., Chiu, H.-C., Zhang, C.: Unveiling the power of intermediate representations for static analysis: a survey (2024)"},{"key":"777_CR25","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/978-3-642-54013-4_17","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"P. Ferrara","year":"2014","unstructured":"Ferrara, P.: Generic combination of heap and value analyses in abstract interpretation. In: McMillan, K.L., Rival, X. (eds.) Verification, Model Checking, and Abstract Interpretation, pp.\u00a0302\u2013321. Springer, Berlin (2014)"},{"key":"777_CR26","first-page":"105","volume-title":"Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1999)","author":"M. Sagiv","year":"1999","unstructured":"Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1999), pp.\u00a0105\u2013118. ACM Press (1999)"},{"key":"777_CR27","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/978-3-662-48899-7_10","volume-title":"Proceedings of Logic for Programming, Artificial Intelligence, and Reasoning (LPAR 2015)","author":"M.D. Ernst","year":"2015","unstructured":"Ernst, M.D., Lovato, A., Macedonio, D., Spiridon, C., Spoto, F.: Boolean formulas for the static identification of injection attacks in Java. In: Davis, M., Fehnker, A., McIver, A., Voronkov, A. (eds.) Proceedings of Logic for Programming, Artificial Intelligence, and Reasoning (LPAR 2015), pp.\u00a0130\u2013145. Springer, Berlin (2015)"},{"issue":"3","key":"777_CR28","doi-asserted-by":"publisher","first-page":"18:1","DOI":"10.1145\/3332371","volume":"41","author":"F. Spoto","year":"2019","unstructured":"Spoto, F., Burato, E., Ernst, M.D., Ferrara, P., Lovato, A., Macedonio, D., Spiridon, C.: Static identification of injection attacks in Java. ACM Trans. Program. Lang. Syst. 41(3), 18:1\u201318:58 (2019)","journal-title":"ACM Trans. Program. Lang. Syst."},{"issue":"3","key":"777_CR29","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1016\/j.infsof.2006.11.005","volume":"50","author":"M.N. Ngo","year":"2008","unstructured":"Ngo, M.N., Tan, H.B.K.: Applying static analysis for automated extraction of database interactions in web applications. Inf. Softw. Technol. 50(3), 160\u2013175 (2008)","journal-title":"Inf. Softw. Technol."},{"key":"777_CR30","first-page":"187","volume-title":"2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM)","author":"B.J. Berger","year":"2020","unstructured":"Berger, B.J., Nguempnang, R., Sohr, K., Koschke, R.: Static extraction of enforced authorization policies SeeAuthz. In: 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM), pp.\u00a0187\u2013197. IEEE Computer Society, Los Alamitos (2020)"},{"key":"777_CR31","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1109\/RoSE52553.2021.00013","volume-title":"2021 IEEE\/ACM 3rd International Workshop on Robotics Software Engineering (RoSE)","author":"A. Santos","year":"2021","unstructured":"Santos, A., Cunha, A., Macedo, N.: The high-assurance ROS framework. In: 2021 IEEE\/ACM 3rd International Workshop on Robotics Software Engineering (RoSE), pp.\u00a037\u201340 (2021)"},{"key":"777_CR32","doi-asserted-by":"publisher","first-page":"4491","DOI":"10.1109\/IROS.2016.7759661","volume-title":"2016 IEEE\/RSJ International Conference on Intelligent Robots and Systems (IROS)","author":"A. Santos","year":"2016","unstructured":"Santos, A., Cunha, A., Macedo, N., Louren\u00e7o, C.: A framework for quality assessment of ROS repositories. In: 2016 IEEE\/RSJ International Conference on Intelligent Robots and Systems (IROS), pp.\u00a04491\u20134496 (2016)"},{"key":"777_CR33","unstructured":"HAROS. To which extent is ROS 2 supported? https:\/\/github.com\/git-afsantos\/haros\/issues\/117 Accessed on 2024-02-28"},{"key":"777_CR34","first-page":"1","volume-title":"2018 16th ACM\/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE)","author":"Y. Liu","year":"2018","unstructured":"Liu, Y., Guan, Y., Li, X., Wang, R., Zhang, J.: Formal analysis and verification of DDS in ROS 2. In: 2018 16th ACM\/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE), pp.\u00a01\u20135 (2018)"},{"key":"777_CR35","doi-asserted-by":"crossref","unstructured":"Perez, I., Mavridou, A., Pressburger, T., Will, A., Martin, P.J.: Monitoring ROS 2: from requirements to autonomous robots (2022). arXiv preprint. arXiv:2209.14030","DOI":"10.4204\/EPTCS.371.15"},{"key":"777_CR36","first-page":"247","volume-title":"Proceedings","author":"J. Huang","year":"2014","unstructured":"Huang, J., Erdogan, C., Zhang, Y., Moore, B., Luo, Q., Sundaresan, A., Rosu, G.: Rosrv: runtime verification for robots. In: Proceedings, vol.\u00a05, Runtime Verification: 5th International Conference, RV 2014, Toronto, ON, Canada, September 22\u201325, 2014, pp.\u00a0247\u2013254. Springer (2014)"},{"key":"777_CR37","first-page":"387","volume-title":"Proceedings","author":"A. Ferrando","year":"2020","unstructured":"Ferrando, A., Cardoso, R.C., Fisher, M., Ancona, D., Franceschini, L., Mascardi, V.: ROSMonitoring: a runtime verification framework for ROS. In: Proceedings, vol.\u00a021, Towards Autonomous Robotic Systems: 21st Annual Conference, TAROS 2020, Nottingham, UK, September 16, 2020, pp.\u00a0387\u2013399. Springer (2020)"},{"key":"777_CR38","first-page":"207","volume-title":"Proceedings","author":"S. Adam","year":"2014","unstructured":"Adam, S., Larsen, M., Jensen, K., Schultz, U.P.: Towards rule-based dynamic safety monitoring for mobile robots. In: Proceedings, vol.\u00a04, Simulation, Modeling, and Programming for Autonomous Robots: 4th International Conference, SIMPAR 2014, Bergamo, Italy, October 20\u201323, 2014, pp.\u00a0207\u2013218. Springer (2014)"},{"key":"777_CR39","first-page":"1","volume-title":"2018 International Conference on Networking, Embedded and Wireless Systems (ICNEWS)","author":"R. Rohith","year":"2018","unstructured":"Rohith, R., Moharir, M., Shobha, G., et al.: Scapy\u00a0\u2013 a powerful interactive packet manipulation program. In: 2018 International Conference on Networking, Embedded and Wireless Systems (ICNEWS), pp.\u00a01\u20135. IEEE (2018)"},{"key":"777_CR40","doi-asserted-by":"publisher","DOI":"10.1016\/j.robot.2022.104361","volume":"161","author":"C. B\u00e9dard","year":"2023","unstructured":"B\u00e9dard, C., Lajoie, P.-Y., Beltrame, G., Dagenais, M.: Message flow analysis with complex causal links for distributed ROS 2 systems. Robot. Auton. Syst. 161, 104361 (2023)","journal-title":"Robot. Auton. Syst."},{"key":"777_CR41","first-page":"739","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS\u201922","author":"G. Deng","year":"2022","unstructured":"Deng, G., Xu, G., Zhou, Y., Zhang, T., Liu, Y.: On the (in)security of secure ROS 2. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS\u201922, pp.\u00a0739\u2013753. Association for Computing Machinery, New York (2022)"},{"key":"777_CR42","unstructured":"OSRF. https:\/\/github.com\/osrf\/nodl_to_policy. Accessed on 2024-02-28"},{"key":"777_CR43","unstructured":"ROS2 Design. Design node interface definition language (IDL). https:\/\/github.com\/ros2\/design\/pull\/266. Accessed on 2024-02-28"},{"key":"777_CR44","unstructured":"Caiazza, G.: Application-level Security for Robotic Networks. PhD thesis, Ca\u2019 Foscari University of Venice, Italy (2021)"}],"container-title":["International Journal on Software Tools for Technology Transfer"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10009-024-00777-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10009-024-00777-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10009-024-00777-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,6]],"date-time":"2025-02-06T11:44:06Z","timestamp":1738842246000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10009-024-00777-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12]]},"references-count":44,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2024,12]]}},"alternative-id":["777"],"URL":"https:\/\/doi.org\/10.1007\/s10009-024-00777-8","relation":{},"ISSN":["1433-2779","1433-2787"],"issn-type":[{"value":"1433-2779","type":"print"},{"value":"1433-2787","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12]]},"assertion":[{"value":"12 December 2024","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 January 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}