{"id":"https://openalex.org/W7131907972","doi":"https://doi.org/10.1109/sii64115.2026.11404710","title":"Broken in Transit: Detecting Type Confusion in ROS 2 Deserialization via Fuzzing","display_name":"Broken in Transit: Detecting Type Confusion in ROS 2 Deserialization via Fuzzing","publication_year":2026,"publication_date":"2026-01-11","ids":{"openalex":"https://openalex.org/W7131907972","doi":"https://doi.org/10.1109/sii64115.2026.11404710"},"language":null,"primary_location":{"id":"doi:10.1109/sii64115.2026.11404710","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sii64115.2026.11404710","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2026 IEEE/SICE International Symposium on System Integration (SII)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5115091532","display_name":"Stephen Nwagwughiagwu","orcid":null},"institutions":[{"id":"https://openalex.org/I137853757","display_name":"Howard University","ror":"https://ror.org/05gt1vc06","country_code":"US","type":"education","lineage":["https://openalex.org/I137853757"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Stephen Nwagwughiagwu","raw_affiliation_strings":["Howard University,Washington, DC,USA,20059"],"affiliations":[{"raw_affiliation_string":"Howard University,Washington, DC,USA,20059","institution_ids":["https://openalex.org/I137853757"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5127014226","display_name":"Jose Toribio","orcid":null},"institutions":[{"id":"https://openalex.org/I27804330","display_name":"Brown University","ror":"https://ror.org/05gq02987","country_code":"US","type":"education","lineage":["https://openalex.org/I27804330"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jose Toribio","raw_affiliation_strings":["Brown University,Department of Computer Science,Providence,RI,USA,02912"],"affiliations":[{"raw_affiliation_string":"Brown University,Department of Computer Science,Providence,RI,USA,02912","institution_ids":["https://openalex.org/I27804330"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056416862","display_name":"Jeremy Blackstone","orcid":null},"institutions":[{"id":"https://openalex.org/I137853757","display_name":"Howard University","ror":"https://ror.org/05gt1vc06","country_code":"US","type":"education","lineage":["https://openalex.org/I137853757"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jeremy Blackstone","raw_affiliation_strings":["Howard University,Department of Electrical Engineering and Computer Science,Washington, DC,USA,20059"],"affiliations":[{"raw_affiliation_string":"Howard University,Department of Electrical Engineering and Computer Science,Washington, DC,USA,20059","institution_ids":["https://openalex.org/I137853757"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5115091532"],"corresponding_institution_ids":["https://openalex.org/I137853757"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.94434116,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"578","last_page":"583"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.10279999673366547,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.10279999673366547,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10054","display_name":"Parallel Computing and Optimization Techniques","score":0.0681999996304512,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10093","display_name":"Nuclear physics research studies","score":0.025800000876188278,"subfield":{"id":"https://openalex.org/subfields/3106","display_name":"Nuclear and High Energy Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9363999962806702},{"id":"https://openalex.org/keywords/robotics","display_name":"Robotics","score":0.6032999753952026},{"id":"https://openalex.org/keywords/serialization","display_name":"Serialization","score":0.5570999979972839},{"id":"https://openalex.org/keywords/middleware","display_name":"Middleware (distributed applications)","score":0.5372999906539917},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4805999994277954},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.47769999504089355},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.4512999951839447},{"id":"https://openalex.org/keywords/confusion","display_name":"Confusion","score":0.44830000400543213}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9363999962806702},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6890000104904175},{"id":"https://openalex.org/C34413123","wikidata":"https://www.wikidata.org/wiki/Q170978","display_name":"Robotics","level":3,"score":0.6032999753952026},{"id":"https://openalex.org/C52723943","wikidata":"https://www.wikidata.org/wiki/Q1127410","display_name":"Serialization","level":2,"score":0.5570999979972839},{"id":"https://openalex.org/C169468491","wikidata":"https://www.wikidata.org/wiki/Q146923","display_name":"Middleware (distributed applications)","level":2,"score":0.5372999906539917},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4986000061035156},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4805999994277954},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.47769999504089355},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.45590001344680786},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.4512999951839447},{"id":"https://openalex.org/C2781140086","wikidata":"https://www.wikidata.org/wiki/Q557945","display_name":"Confusion","level":2,"score":0.44830000400543213},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.4415999948978424},{"id":"https://openalex.org/C90509273","wikidata":"https://www.wikidata.org/wiki/Q11012","display_name":"Robot","level":2,"score":0.3790999948978424},{"id":"https://openalex.org/C63000827","wikidata":"https://www.wikidata.org/wiki/Q3080428","display_name":"Software portability","level":2,"score":0.3596999943256378},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.34929999709129333},{"id":"https://openalex.org/C12269588","wikidata":"https://www.wikidata.org/wiki/Q132364","display_name":"Communications protocol","level":2,"score":0.31360000371932983},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.3034999966621399},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.2903999984264374},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.2865999937057495},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2840999960899353},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.26170000433921814}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sii64115.2026.11404710","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sii64115.2026.11404710","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2026 IEEE/SICE International Symposium on System Integration (SII)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W2101426237","https://openalex.org/W2552237521","https://openalex.org/W2620076267","https://openalex.org/W2761119957","https://openalex.org/W2798388185","https://openalex.org/W2979357014","https://openalex.org/W3086273157","https://openalex.org/W3137265271","https://openalex.org/W3212394256","https://openalex.org/W4280571816","https://openalex.org/W4308644262","https://openalex.org/W4308731476","https://openalex.org/W4394998982","https://openalex.org/W4402443217"],"related_works":[],"abstract_inverted_index":{"The":[0],"Robot":[1],"Operating":[2],"System":[3],"2":[4,63,149],"(ROS":[5],"2)":[6],"has":[7],"become":[8],"the":[9,25,53,126,153,168,175],"middleware":[10,181],"backbone":[11],"of":[12,57,128,155,179],"modern":[13],"robotics":[14,163],"and":[15,21,28,42,108,143,161,177,182],"cyber-physical":[16,183],"systems,":[17],"offering":[18],"flexibility,":[19],"modularity,":[20],"high-performance":[22],"communication":[23],"via":[24],"DDS":[26],"protocol":[27],"eProsima\u2019s":[29],"Fast-CDR":[30,95],"serialization":[31],"library.":[32],"However,":[33],"this":[34,49,156],"reliance":[35],"on":[36],"implicit":[37],"type":[38,58,130],"contracts":[39],"between":[40],"publishers":[41],"subscribers":[43],"introduces":[44],"critical":[45],"attack":[46,69],"surfaces.":[47],"In":[48],"paper,":[50],"we":[51,78,151],"present":[52],"first":[54],"systematic":[55],"study":[56],"confusion":[59],"vulnerabilities":[60],"in":[61,71,105,117,158],"ROS":[62,118,148],"deserialization,":[64],"exposing":[65],"a":[66,90,113],"previously":[67,114],"unexplored":[68],"surface":[70],"robotic":[72,180],"middleware.":[73],"Through":[74,140],"our":[75],"fuzzing":[76,142],"approach,":[77],"show":[79],"that":[80],"injecting":[81],"malformed":[82],"or":[83,132],"mismatched":[84],"message":[85],"types":[86],"into":[87],"topics":[88],"expecting":[89],"different":[91],"format":[92],"can":[93],"trigger":[94],"deserialization":[96],"failures.":[97],"These":[98],"failures":[99],"propagate":[100],"as":[101],"uncaught":[102],"exceptions":[103],"resulting":[104],"process":[106],"crashes":[107],"node-level":[109],"outages.Our":[110],"findings":[111],"reveal":[112],"undocumented":[115],"flaw":[116],"2\u2019s":[119],"trust":[120],"model":[121],"for":[122,170],"topic":[123],"integrity,":[124],"where":[125],"absence":[127],"runtime":[129],"enforcement":[131],"input":[133],"validation":[134],"leads":[135],"to":[136,173],"exploitable":[137],"denial-of-service":[138],"conditions.":[139],"targeted":[141],"case":[144],"studies":[145],"using":[146],"standard":[147],"messages,":[150],"evaluate":[152],"exploitability":[154],"vulnerability":[157],"both":[159],"simulation":[160],"physical":[162],"environments.":[164],"This":[165],"work":[166],"underscores":[167],"need":[169],"secure-by-design":[171],"messaging":[172],"ensure":[174],"reliability":[176],"safety":[178],"systems.":[184]},"counts_by_year":[],"updated_date":"2026-03-01T06:05:34.837733","created_date":"2026-02-28T00:00:00"}