{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T11:26:08Z","timestamp":1765538768379,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100006041","name":"Innovate UK","doi-asserted-by":"publisher","award":["10028034"],"award-info":[{"award-number":["10028034"]}],"id":[{"id":"10.13039\/501100006041","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,18]]},"DOI":"10.1145\/3770501.3770512","type":"proceedings-article","created":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T11:20:16Z","timestamp":1765538416000},"page":"86-94","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["UniBOM \u2013 A Unified SBOM Analysis and Visualisation Tool for IoT Systems and Beyond"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-6431-0125","authenticated-orcid":false,"given":"Vadim","family":"Safronov","sequence":"first","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8656-0454","authenticated-orcid":false,"given":"Ionut","family":"Bostan","sequence":"additional","affiliation":[{"name":"NquiringMinds, Southampton, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7473-0565","authenticated-orcid":false,"given":"Nicholas","family":"Allott","sequence":"additional","affiliation":[{"name":"NquiringMinds, Southampton, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8236-980X","authenticated-orcid":false,"given":"Andrew","family":"Martin","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2025,12,12]]},"reference":[{"key":"e_1_3_3_2_2_2","unstructured":"[n. d.]. Conan - The open source C and C++ package manager. https:\/\/conan.io\/. Accessed: 2024-11-28."},{"key":"e_1_3_3_2_3_2","unstructured":"2024. Trivy: Open Source Vulnerability Scanner. https:\/\/trivy.dev\/v0.33\/ Accessed: 2024-11-28."},{"key":"e_1_3_3_2_4_2","volume-title":"CHERIoT: Rethinking security for low-cost embedded systems","author":"Amar Saar","year":"2023","unstructured":"Saar Amar, Tony Chen, David Chisnall, Felix Domke, Nathaniel Filardo, Kunyan Liu, Robert Norton-Wright, Yucong Tao, Robert N.\u00a0M.\u00a0Watson, and Hongyan Xia. 2023. CHERIoT: Rethinking security for low-cost embedded systems. Technical Report MSR-TR-2023-6. Microsoft. https:\/\/www.microsoft.com\/en-us\/research\/publication\/cheriot-rethinking-security-for-low-cost-embedded-systems\/"},{"key":"e_1_3_3_2_5_2","unstructured":"Anchore. 2024. Grype - A vulnerability scanner for container images and filesystems. https:\/\/github.com\/anchore\/grype. Accessed: 2024-11-28."},{"key":"e_1_3_3_2_6_2","unstructured":"Anchore. n. d.. Syft: A CLI tool and library for generating SBOMs from container images and filesystems. https:\/\/github.com\/anchore\/syft Accessed: 2024-11-28."},{"key":"e_1_3_3_2_7_2","first-page":"1093","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J.\u00a0Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1093\u20131110. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis"},{"key":"e_1_3_3_2_8_2","unstructured":"J. Biden. 2021. Executive Order on Improving the Nation\u2019s Cybersecurity. https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\/ [Accessed: Jun. 20 2024]."},{"key":"e_1_3_3_2_9_2","unstructured":"MITRE Corporation. 2024. About Common Weakness Enumeration. https:\/\/cwe.mitre.org\/about\/index.html [Accessed: Jun. 19 2024]."},{"key":"e_1_3_3_2_10_2","unstructured":"NIST CPE. 2024. NVD - Common Platform Enumeration (CPE). https:\/\/nvd.nist.gov\/products\/cpe [Accessed: Jun. 19 2024]."},{"key":"e_1_3_3_2_11_2","unstructured":"NIST CVE. 2024. NIST\u2019s CVE Process. https:\/\/nvd.nist.gov\/general\/cve-process [Accessed: Jun. 19 2024]."},{"key":"e_1_3_3_2_12_2","unstructured":"Cybersecurity and Infrastructure Security\u00a0Agency (CISA). n. d.. The Urgent Need for Memory Safety in Software Products. https:\/\/www.cisa.gov\/news-events\/news\/urgent-need-memory-safety-software-products [Accessed: Nov. 28 2024]."},{"key":"e_1_3_3_2_13_2","unstructured":"CycloneDX. 2024. CDxgen - Generate SBOMs with CycloneDX. https:\/\/github.com\/CycloneDX\/cdxgen Accessed: 2024-12-03."},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134048"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00100"},{"key":"e_1_3_3_2_16_2","unstructured":"FOSSA. n. d.. Learn SBOMs. https:\/\/fossa.com\/learn\/sboms Accessed: 2024-12-03."},{"key":"e_1_3_3_2_17_2","unstructured":"Apache\u00a0Software Foundation. n. d.. Apache NuttX GitHub Repository. https:\/\/github.com\/apache\/nuttx.git Accessed: 2024-11-29."},{"key":"e_1_3_3_2_18_2","unstructured":"Raspberry\u00a0Pi Foundation. n. d.. Linux GitHub Repository. https:\/\/github.com\/raspberrypi\/linux.git Accessed: 2024-11-29."},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","unstructured":"R. Grisenthwaite G. Barnes R.\u00a0N.\u00a0M. Watson S.\u00a0W. Moore P. Sewell and J. Woodruff. 2023. The Arm Morello Evaluation Platform\u2014Validating CHERI-Based Security in a High-Performance System. IEEE Micro 43 3 (2023) 50\u201357. 10.1109\/MM.2023.3264676","DOI":"10.1109\/MM.2023.3264676"},{"key":"e_1_3_3_2_20_2","unstructured":"Mozilla Hacks. 2019. Rewriting a Browser Component in Rust. https:\/\/hacks.mozilla.org\/2019\/02\/rewriting-a-browser-component-in-rust\/ [Accessed: Nov. 28 2024]."},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/1985441.1985453"},{"key":"e_1_3_3_2_22_2","unstructured":"Alex Hern. 2016. DDoS attack that disrupted internet was largest of its kind in history experts say. https:\/\/www.theguardian.com\/technology\/2016\/oct\/26\/ddos-attack-dyn-mirai-botnet Accessed: 2024-11-28."},{"key":"e_1_3_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598040"},{"key":"e_1_3_3_2_24_2","unstructured":"Intel. n. d.. CVE Binary Tool: A tool to scan for known vulnerabilities in software binaries. https:\/\/github.com\/intel\/cve-bin-tool Accessed: 2024-11-28."},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"publisher","unstructured":"R. Jiao M. Tseng Q. Ma and Y. Zou. 2000. Generic Bill-of-Materials-and-Operations for High-Variety Production Management. Concurrent Engineering: Research and Applications 8 4 (Dec. 2000) 297\u2013321. 10.1177\/1063293X0000800404","DOI":"10.1177\/1063293X0000800404"},{"key":"e_1_3_3_2_26_2","unstructured":"Michael Johnson and Patricia Wilson. 2023. Penetrating Shields: A Systematic Analysis of Memory Corruption Mitigations in the Spectre Era. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2309.04119 (2023)."},{"key":"e_1_3_3_2_27_2","unstructured":"ReFirm Labs. 2024. Binwalk. https:\/\/github.com\/ReFirmLabs\/binwalk [Accessed: Aug. 5 2024]."},{"key":"e_1_3_3_2_28_2","doi-asserted-by":"publisher","unstructured":"J. Mart\u00ednez and J.M. Dur\u00e1n. 2021. Software supply chain attacks a threat to global cybersecurity: SolarWinds\u2019 case study. International Journal of Safety and Security Engineering 11 5 (2021) 537\u2013545. 10.18280\/ijsse.110505","DOI":"10.18280\/ijsse.110505"},{"key":"e_1_3_3_2_29_2","doi-asserted-by":"publisher","unstructured":"Nicholas\u00a0D. Matsakis and Felix\u00a0S. Klock\u00a0II. 2014. The Rust Language. ACM SIGAda Ada Letters 34 3 (2014) 103\u2013104. 10.1145\/2663171.2663188","DOI":"10.1145\/2663171.2663188"},{"key":"e_1_3_3_2_30_2","unstructured":"Microsoft. n. d.. SBOM Tool: Generate Software Bill of Materials (SBOMs). https:\/\/github.com\/microsoft\/sbom-tool Accessed: 2024-11-28."},{"key":"e_1_3_3_2_31_2","unstructured":"MITRE. 2024. CPE Version 2.3 Specifications. https:\/\/cpe.mitre.org\/specification\/ [Accessed: Jun. 19 2024]."},{"key":"e_1_3_3_2_32_2","unstructured":"Microsoft Security Response\u00a0Center (MSRC). 2019. A Proactive Approach to More Secure Code. https:\/\/msrc.microsoft.com\/blog\/2019\/07\/a-proactive-approach-to-more-secure-code\/ [Accessed: Nov. 28 2024]."},{"key":"e_1_3_3_2_33_2","unstructured":"National Security Agency of the United States. 2023. Recommendations for Software Bill of Materials (SBOM) Management. https:\/\/media.defense.gov\/2023\/Dec\/14\/2003359097\/-1\/-1\/0\/CSI-SCRM-SBOM-Management-v1.1.PDF Accessed: 2024-11-28."},{"key":"e_1_3_3_2_34_2","unstructured":"NIST IoT. n. d.. Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. https:\/\/www.nccoe.nist.gov\/projects\/trusted-iot-device-network-layer-onboarding-and-lifecycle-management Accessed: 2024-11-28."},{"key":"e_1_3_3_2_35_2","unstructured":"OpenWRT Project. n. d.. OpenWRT GitHub Repository - latest release. https:\/\/github.com\/openwrt\/openwrt.git Accessed: 2024-11-29."},{"key":"e_1_3_3_2_36_2","unstructured":"The\u00a0Chromium Project. n. d.. Memory Safety - Chromium Security. https:\/\/www.chromium.org\/Home\/chromium-security\/memory-safety\/ [Accessed: Nov. 28 2024]."},{"key":"e_1_3_3_2_37_2","unstructured":"Zephyr Project. n. d.. Zephyr RTOS GitHub Repository. https:\/\/github.com\/zephyrproject-rtos\/zephyr.git Accessed: 2024-11-29."},{"key":"e_1_3_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/3703790.3703820"},{"key":"e_1_3_3_2_39_2","unstructured":"Vadim Safronov Anthony McCaigue Nicholas Allott and Andrew Martin. 2025. TAIBOM: Bringing Trustworthiness to AI-Enabled Systems. arxiv:https:\/\/arXiv.org\/abs\/2510.02169\u00a0[cs.SE] https:\/\/arxiv.org\/abs\/2510.02169"},{"key":"e_1_3_3_2_40_2","doi-asserted-by":"publisher","unstructured":"John Smith and Jane Doe. 2022. A Comprehensive Survey of Tagged Memory-Protection Techniques. Comput. Surveys 53 4 (2022) 1\u201330. 10.1145\/3533704","DOI":"10.1145\/3533704"},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW55150.2022.00052"},{"key":"e_1_3_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3560432"},{"key":"e_1_3_3_2_43_2","doi-asserted-by":"publisher","unstructured":"W. Tang Z. Xu C. Liu J. Wu S. Yang Y. Li P. Luo and Y. Liu. 2022. Towards Understanding Third-party Library Dependency in C\/C++ Ecosystem. (Oct. 2022). 10.1145\/3551349.3560432","DOI":"10.1145\/3551349.3560432"},{"key":"e_1_3_3_2_44_2","unstructured":"DeepSCA Team. n. d.. DeepSCA: SBOM Analysis Tool. https:\/\/tools.deepbits.com\/ Accessed: 2024-12-03."},{"key":"e_1_3_3_2_45_2","unstructured":"OpenWRT Team. n. d.. OpenWRT Version 23.05.5 Archive. https:\/\/github.com\/openwrt\/openwrt\/archive\/refs\/tags\/v23.05.5.zip Accessed: 2024-11-29."},{"key":"e_1_3_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00083"},{"key":"e_1_3_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2014.6853201"},{"key":"e_1_3_3_2_48_2","doi-asserted-by":"crossref","unstructured":"B. Xia T. Bi Z. Xing Q. Lu and L. Zhu. 2023. An Empirical Study on Software Bill of Materials: Where We Stand and the Road Ahead. arXiv (2023). https:\/\/arxiv.org\/abs\/2301.05362","DOI":"10.1109\/ICSE48619.2023.00219"},{"key":"e_1_3_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446761"},{"key":"e_1_3_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN58291.2024.00018"},{"key":"e_1_3_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534366"}],"event":{"name":"IOT 2025: The 15th International Conference on the Internet of Things","location":"Vienna Austria","acronym":"IOT 2025"},"container-title":["Proceedings of the 15th International Conference on the Internet of Things"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3770501.3770512","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T11:22:35Z","timestamp":1765538555000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3770501.3770512"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,18]]},"references-count":50,"alternative-id":["10.1145\/3770501.3770512","10.1145\/3770501"],"URL":"https:\/\/doi.org\/10.1145\/3770501.3770512","relation":{},"subject":[],"published":{"date-parts":[[2025,11,18]]},"assertion":[{"value":"2025-12-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}