{"id":"https://openalex.org/W4410341079","doi":"https://doi.org/10.1109/icnc64010.2025.10993917","title":"On Software Security of Building Automation Systems","display_name":"On Software Security of Building Automation Systems","publication_year":2025,"publication_date":"2025-02-17","ids":{"openalex":"https://openalex.org/W4410341079","doi":"https://doi.org/10.1109/icnc64010.2025.10993917"},"language":"en","primary_location":{"id":"doi:10.1109/icnc64010.2025.10993917","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icnc64010.2025.10993917","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Computing, Networking and Communications (ICNC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028997437","display_name":"Christopher Morales-Gonzalez","orcid":"https://orcid.org/0000-0001-9403-6837"},"institutions":[{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christopher Morales-Gonzalez","raw_affiliation_strings":["University of Massachusetts Lowell"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Massachusetts Lowell","institution_ids":["https://openalex.org/I133738476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026866324","display_name":"Matthew Harper","orcid":"https://orcid.org/0000-0003-1749-7976"},"institutions":[{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matthew Harper","raw_affiliation_strings":["University of Massachusetts Lowell"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Massachusetts Lowell","institution_ids":["https://openalex.org/I133738476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118963570","display_name":"Boya Yuan","orcid":null},"institutions":[{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Boya Yuan","raw_affiliation_strings":["University of Massachusetts Lowell"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Massachusetts Lowell","institution_ids":["https://openalex.org/I133738476"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063375840","display_name":"Xinwen Fu","orcid":"https://orcid.org/0000-0003-2391-7789"},"institutions":[{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xinwen Fu","raw_affiliation_strings":["University of Massachusetts Lowell"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Massachusetts Lowell","institution_ids":["https://openalex.org/I133738476"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.09702368,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"382","last_page":"386"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T14470","display_name":"Advanced Data Processing Techniques","score":0.9652000069618225,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T14470","display_name":"Advanced Data Processing Techniques","score":0.9652000069618225,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13935","display_name":"Mathematical Control Systems and Analysis","score":0.9125999808311462,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6430500149726868},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.5777378082275391},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4897921085357666},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.48087695240974426},{"id":"https://openalex.org/keywords/building-automation","display_name":"Building automation","score":0.471913605928421},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3885607123374939},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32985028624534607},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.19188782572746277},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.18805590271949768},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.18558791279792786},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.11393949389457703},{"id":"https://openalex.org/keywords/mechanical-engineering","display_name":"Mechanical engineering","score":0.05276685953140259}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6430500149726868},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.5777378082275391},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4897921085357666},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.48087695240974426},{"id":"https://openalex.org/C83931994","wikidata":"https://www.wikidata.org/wiki/Q1149653","display_name":"Building automation","level":2,"score":0.471913605928421},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3885607123374939},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32985028624534607},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.19188782572746277},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.18805590271949768},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.18558791279792786},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.11393949389457703},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.05276685953140259},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icnc64010.2025.10993917","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icnc64010.2025.10993917","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Computing, Networking and Communications (ICNC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W2002934700","https://openalex.org/W2146244799","https://openalex.org/W3047947484","https://openalex.org/W4405181431","https://openalex.org/W6782130387","https://openalex.org/W6868458498"],"related_works":["https://openalex.org/W2519676117","https://openalex.org/W2218202131","https://openalex.org/W2377022227","https://openalex.org/W2155740880","https://openalex.org/W84108837","https://openalex.org/W2131713426","https://openalex.org/W4253249845","https://openalex.org/W2125452230","https://openalex.org/W2148444631","https://openalex.org/W2913971432"],"abstract_inverted_index":{"Building":[0],"automation":[1],"systems":[2],"(BASs)":[3],"provide":[4],"convenience":[5],"and":[6,15,18,54,85,94],"comforts":[7],"to":[8,60,109,112],"building":[9,13],"occupants,":[10],"may":[11],"optimize":[12],"management":[14,55,86],"energy":[16],"consumption,":[17],"is":[19,40,107],"part":[20],"of":[21,49,65,78,81,100],"the":[22,91],"critical":[23],"civil":[24],"infrastructure\u2014building.":[25],"However,":[26],"real-world":[27],"attacks":[28],"have":[29],"been":[30],"deployed":[31],"against":[32],"BASs.":[33],"Our":[34,43],"survey":[35],"has":[36,46],"identified":[37],"software":[38,68],"security":[39],"least":[41],"studied.":[42],"preliminary":[44],"study":[45,99],"discovered":[47],"tens":[48],"vulnerabilities":[50,80],"in":[51],"BAS":[52,67,82,114],"devices":[53],"software.":[56,87],"This":[57],"paper":[58],"tries":[59],"gives":[61],"a":[62,75,102],"big":[63],"picture":[64],"approaching":[66],"security.":[69],"We":[70,88],"will":[71,89],"focus":[72],"on":[73],"fuzzing,":[74],"natural":[76],"way":[77],"identifying":[79],"device":[83],"firmware":[84],"introduce":[90],"fuzzing":[92,95,101],"concepts":[93],"tools.":[96],"A":[97],"case":[98],"BACnet":[103],"Secure":[104],"Connect":[105],"testbed":[106],"presented":[108],"demonstrate":[110],"how":[111],"approach":[113],"fuzzing.":[115]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}