Conference item icon

Conference item

UniBOM – a unified SBOM analysis and visualisation tool for IoT systems and beyond

Abstract:
Modern networked systems rely on complex software stacks, which often conceal vulnerabilities arising from intricate interdependencies. A Software Bill of Materials (SBOM) is effective for identifying dependencies and mitigating security risks. However, existing SBOM solutions lack precision, particularly in binary analysis and non-package-managed languages like C/C++.
This paper introduces UniBOM, an advanced tool for SBOM generation, analysis, and visualisation, designed to enhance the security accountability of networked systems. UniBOM integrates binary, filesystem, and source code analysis, enabling fine-grained vulnerability detection and risk management. Key features include historical CPE tracking, AI-based vulnerability classification by severity and memory safety, and support for non-package-managed C/C++ dependencies.
UniBOM’s effectiveness is demonstrated through a comparative vulnerability analysis of 258 wireless router firmware binaries and the source code of four popular IoT operating systems, highlighting its superior detection capabilities compared to other widely used SBOM generation and analysis tools. Packaged for open-source distribution, UniBOM offers an end-to-end unified analysis and visualisation solution, advancing SBOM-driven security management for dependable networked systems and broader software.
Publication status:
Published
Peer review status:
Peer reviewed

Actions

Access Document

Files:
Publisher copy:
10.1145/3770501.3770512

Authors

More by this author
Institution:
University of Oxford
Division:
MPLS
Department:
Computer Science
Role:
Author
ORCID:
0009-0005-6431-0125
More by this author
Institution:
University of Oxford
Division:
MPLS
Department:
Computer Science
Role:
Author


More from this funder
Funder identifier:
https://ror.org/05ar5fy68
Grant:
10028034


Publisher:
Association for Computing Machinery
Host title:
IOT '25: Proceedings of the 15th International Conference on the Internet of Things
Pages:
86-94
Publication date:
2025-11-01
Acceptance date:
2025-09-13
Event title:
15th International Conference on the Internet of Things (IoT 2025)
Event location:
Vienna, Austria
Event website:
https://iot-conference.org/iot2025/
Event start date:
2025-11-18
Event end date:
2025-11-21
DOI:
ISBN:
9798400715952


Language:
English
Keywords:
Pubs id:
2300264
Local pid:
pubs:2300264
Deposit date:
2025-10-17
ARK identifier:

Terms of use


Views and Downloads






If you are the owner of this record, you can report an update to it here: Report update to this record

TO TOP