Conference item
UniBOM – a unified SBOM analysis and visualisation tool for IoT systems and beyond
- Abstract:
-
Modern networked systems rely on complex software stacks, which often conceal vulnerabilities arising from intricate interdependencies. A Software Bill of Materials (SBOM) is effective for identifying dependencies and mitigating security risks. However, existing SBOM solutions lack precision, particularly in binary analysis and non-package-managed languages like C/C++.
This paper introduces UniBOM, an advanced tool for SBOM generation, analysis, and visualisation, designed to enhance the security accountability of networked systems. UniBOM integrates binary, filesystem, and source code analysis, enabling fine-grained vulnerability detection and risk management. Key features include historical CPE tracking, AI-based vulnerability classification by severity and memory safety, and support for non-package-managed C/C++ dependencies.
UniBOM’s effectiveness is demonstrated through a comparative vulnerability analysis of 258 wireless router firmware binaries and the source code of four popular IoT operating systems, highlighting its superior detection capabilities compared to other widely used SBOM generation and analysis tools. Packaged for open-source distribution, UniBOM offers an end-to-end unified analysis and visualisation solution, advancing SBOM-driven security management for dependable networked systems and broader software.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Version of record, pdf, 875.4KB, Terms of use)
-
- Publisher copy:
- 10.1145/3770501.3770512
Authors
- Publisher:
- Association for Computing Machinery
- Host title:
- IOT '25: Proceedings of the 15th International Conference on the Internet of Things
- Pages:
- 86-94
- Publication date:
- 2025-11-01
- Acceptance date:
- 2025-09-13
- Event title:
- 15th International Conference on the Internet of Things (IoT 2025)
- Event location:
- Vienna, Austria
- Event website:
- https://iot-conference.org/iot2025/
- Event start date:
- 2025-11-18
- Event end date:
- 2025-11-21
- DOI:
- ISBN:
- 9798400715952
- Language:
-
English
- Keywords:
- Pubs id:
-
2300264
- Local pid:
-
pubs:2300264
- Deposit date:
-
2025-10-17
- ARK identifier:
Terms of use
- Copyright holder:
- Safronov et al
- Copyright date:
- 2025
- Rights statement:
- ©2025 Copyright held by the owner/author(s). This work is licensed under a Creative Commons Attribution 4.0 International License.
- Notes:
-
This paper was presented at the15th International Conference on the Internet of Things (IoT 2025) 18-21 November 2025, Vienna, Austria.
- Licence:
- CC Attribution (CC BY)
If you are the owner of this record, you can report an update to it here: Report update to this record