bibliography.bib

@ARTICLE{2019arXiv190800722S,
       author = {{Strudel}, Robin and {Pashevich}, Alexander and {Kalevatykh}, Igor and
         {Laptev}, Ivan and {Sivic}, Josef and {Schmid}, Cordelia},
        title = "{Combining learned skills and reinforcement learning for robotic manipulations}",
      journal = {arXiv e-prints},
     keywords = {Computer Science - Machine Learning, Computer Science - Artificial Intelligence, Computer Science - Computer Vision and Pattern Recognition, Statistics - Machine Learning},
         year = "2019",
        month = "Aug",
          eid = {arXiv:1908.00722},
        pages = {arXiv:1908.00722},
archivePrefix = {arXiv},
       eprint = {1908.00722},
 primaryClass = {cs.LG},
       adsurl = {https://ui.adsabs.harvard.edu/abs/2019arXiv190800722S},
      adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@inproceedings{walden2008integrating,
  title={Integrating web application security into the IT curriculum},
  author={Walden, James},
  booktitle={Proceedings of the 9th ACM SIGITE conference on Information technology education},
  pages={187--192},
  year={2008},
  organization={ACM}
}

@ARTICLE {badstore.netv2.1.2006,
    author = "BadStore.net v2.1.",
    title  = "Hacking BadStore.netA hands-on approach to web application vulnerability discovery and exploitation",
    year   = "2006"
}

@article{meucci2014owasp,
  title={Owasp testing guide},
  author={Meucci, Matteo and Muller, A},
  journal={v4. 0,//OWASP Foundation},
  number={s 453},
  year={2014}
}

@book{stuttard2011web,
  title={The web application hacker's handbook: Finding and exploiting security flaws},
  author={Stuttard, Dafydd and Pinto, Marcus},
  year={2011},
  publisher={John Wiley \& Sons}
}

 @article{hrim,
  title={An information model for modular robots: the Hardware Robot Information Model (HRIM)},
  author={Zamalloa, Irati and Muguruza, Iñigo and Hernández, Alejandro and Kojcev, Risto and Mayoral, Víctor},
  journal={arXiv preprint arXiv:1802.01459},
  year={2018}
}


    @ARTICLE{2016arXiv160805742Z,
   author = {{Zamora}, I. and {Gonzalez Lopez}, N. and {Mayoral Vilches}, V. and
	{Hernandez Cordero}, A.},
    title = "{Extending the OpenAI Gym for robotics: a toolkit for reinforcement learning using ROS and Gazebo}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1608.05742},
 primaryClass = "cs.RO",
 keywords = {Computer Science - Robotics},
     year = 2016,
    month = aug,
   adsurl = {http://adsabs.harvard.edu/abs/2016arXiv160805742Z},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@ARTICLE{2018arXiv180204082M,
   author = {{Mayoral}, V. and {Kojcev}, R. and {Etxezarreta}, N. and {Hern{\'a}ndez}, A. and
	{Zamalloa}, I.},
    title = "{Towards self-adaptable robots: from programming to training machines}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1802.04082},
 primaryClass = "cs.RO",
 keywords = {Computer Science - Robotics},
     year = 2018,
    month = feb,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180204082M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@ARTICLE{2016arXiv160302199L,
   author = {{Levine}, S. and {Pastor}, P. and {Krizhevsky}, A. and {Quillen}, D.
	},
    title = "{Learning Hand-Eye Coordination for Robotic Grasping with Deep Learning and Large-Scale Data Collection}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1603.02199},
 primaryClass = "cs.LG",
 keywords = {Computer Science - Learning, Computer Science - Artificial Intelligence, Computer Science - Computer Vision and Pattern Recognition, Computer Science - Robotics},
     year = 2016,
    month = mar,
   adsurl = {http://adsabs.harvard.edu/abs/2016arXiv160302199L},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{1606.01540,
  Author = {Greg Brockman and Vicki Cheung and Ludwig Pettersson and Jonas Schneider and John Schulman and Jie Tang and Wojciech Zaremba},
  Title = {OpenAI Gym},
  Year = {2016},
  Eprint = {arXiv:1606.01540},
}

@inproceedings{todorov2012mujoco,
  title={Mujoco: A physics engine for model-based control},
  author={Todorov, Emanuel and Erez, Tom and Tassa, Yuval},
  booktitle={Intelligent Robots and Systems (IROS), 2012 IEEE/RSJ International Conference on},
  pages={5026--5033},
  year={2012},
  organization={IEEE}
}


% Gazebo
@inproceedings{koenig2004design,
  title={Design and use paradigms for gazebo, an open-source multi-robot simulator},
  author={Koenig, Nathan and Howard, Andrew},
  booktitle={Intelligent Robots and Systems, 2004.(IROS 2004). Proceedings. 2004 IEEE/RSJ International Conference on},
  volume={3},
  pages={2149--2154},
  year={2004},
  organization={IEEE}
}

@inproceedings{Quigley09,
author="Morgan Quigley and Brian Gerkey and Ken Conley and Josh Faust and
Tully Foote and Jeremy Leibs and Eric Berger and Rob Wheeler and Andrew Ng",
title="ROS: an open-source Robot Operating System",
booktitle="Proc. of the IEEE Intl. Conf. on Robotics and Automation (ICRA)
Workshop on Open Source Robotics",
month = may,
year=2009,
address="Kobe, Japan"
}

@article{stooke2018accelerated,
  title={Accelerated Methods for Deep Reinforcement Learning},
  author={Stooke, Adam and Abbeel, Pieter},
  journal={arXiv preprint arXiv:1803.02811},
  year={2018}
}

@ARTICLE{2017arXiv171209381L,
   author = {{Liang}, E. and {Liaw}, R. and {Moritz}, P. and {Nishihara}, R. and
	{Fox}, R. and {Goldberg}, K. and {Gonzalez}, J.~E. and {Jordan}, M.~I. and
	{Stoica}, I.},
    title = "{Ray RLlib: A Framework for Distributed Reinforcement Learning}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1712.09381},
 primaryClass = "cs.AI",
 keywords = {Computer Science - Artificial Intelligence, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Learning},
     year = 2017,
    month = dec,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv171209381L},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{pytorchrl,
  author = {Kostrikov, Ilya},
  title = {PyTorch Implementations of Reinforcement Learning Algorithms},
  year = {2018},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/ikostrikov/pytorch-a2c-ppo-acktr}},
}

@misc{baselines,
  author = {Dhariwal, Prafulla and Hesse, Christopher and Klimov, Oleg and Nichol, Alex and Plappert, Matthias and Radford, Alec and Schulman, John and Sidor, Szymon and Wu, Yuhuai},
  title = {OpenAI Baselines},
  year = {2017},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/openai/baselines}},
}

@ARTICLE{2017arXiv170902878H,
   author = {{Hafner}, D. and {Davidson}, J. and {Vanhoucke}, V.},
    title = "{TensorFlow Agents: Efficient Batched Reinforcement Learning in TensorFlow}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1709.02878},
 primaryClass = "cs.LG",
 keywords = {Computer Science - Learning, Computer Science - Artificial Intelligence},
     year = 2017,
    month = sep,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv170902878H},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{caspi_itai_2017_1134899,
  author       = {Caspi, Itai and
                  Leibovich, Gal and
                  Novik, Gal},
  title        = {Reinforcement Learning Coach},
  month        = dec,
  year         = 2017,
  doi          = {10.5281/zenodo.1134899},
  url          = {https://doi.org/10.5281/zenodo.1134899}
}

@ARTICLE{2017arXiv171205889M,
   author = {{Moritz}, P. and {Nishihara}, R. and {Wang}, S. and {Tumanov}, A. and
	{Liaw}, R. and {Liang}, E. and {Paul}, W. and {Jordan}, M.~I. and
	{Stoica}, I.},
    title = "{Ray: A Distributed Framework for Emerging AI Applications}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1712.05889},
 primaryClass = "cs.DC",
 keywords = {Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Artificial Intelligence, Computer Science - Learning, Statistics - Machine Learning},
     year = 2017,
    month = dec,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv171205889M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@inproceedings{brewer2015kubernetes,
  title={Kubernetes and the path to cloud native},
  author={Brewer, Eric A},
  booktitle={Proceedings of the Sixth ACM Symposium on Cloud Computing},
  pages={167--167},
  year={2015},
  organization={ACM}
}
@article{buyya1999high,
  title={High performance cluster computing},
  author={Buyya, Rajkumar},
  journal={New Jersey: F’rentice},
  year={1999}
}
@article{rosen2006bgp,
  title={BGP/MPLS IP virtual private networks (VPNs)},
  author={Rosen, Eric C and Rekhter, Yakov},
  year={2006}
}

@INPROCEEDINGS{8046383,
author={V. Mayoral and A. Hernández and R. Kojcev and I. Muguruza and I. Zamalloa and A. Bilbao and L. Usategi},
booktitle={2017 NASA/ESA Conference on Adaptive Hardware and Systems (AHS)},
title={The shift in the robotics paradigm: The Hardware Robot Operating System (H-ROS); an infrastructure to create interoperable robot components},
year={2017},
volume={},
number={},
pages={229-236},
keywords={control engineering computing;operating systems (computers);robots;H-ROS;building robots;hardware robot operating system;internal representation model;robot components;robot hardware components;robotics paradigm;software infrastructure;Hardware;Robot kinematics;Robot sensing systems;Service robots;Software;Standards;ROS;hardware;real-time Ethernet;robotics;standard},
doi={10.1109/AHS.2017.8046383},
ISSN={},
month={July},}

@techreport{hackerreport2018,
    author={Hackerone},
     title={The 2018 hacker report},
     year= {2018},
     url={https://www.hackerone.com/sites/default/files/2018-01/2018_Hacker_Report.pdf}
}

@techreport{hackerreport2017,
     title = {The hacker-powered security report},
     author = {hackerone},
     year = {2017},
     url = {https://www.hackerone.com/sites/default/files/2017-06/The%20Hacker-Powered%20Security%20Report.pdf}
}

@mastersthesis{shyvakov2017developing,
  title={Developing a security framework for robots},
  author={Shyvakov, Oleksandr},
  year={2017},
  school={University of Twente}
}

@article{park2017security,
  title={Security assessment framework for IoT service},
  author={Park, Keon Chul and Shin, Dong-Hee},
  journal={Telecommunication Systems},
  volume={64},
  number={1},
  pages={193--209},
  year={2017},
  publisher={Springer}
}

@techreport{hackingbeforeskynet,
     title = {Hacking Robots Before Skynet},
     author = {Cerrudo, Cesar and Apa, Lucas},
     year = {2017},
     url = {https://ioactive.com/wp-content/uploads/2018/05/Hacking-Robots-Before-Skynet-Paper_Final.pdf}
}

@techreport{hackingbeforeskynet2,
     title = {Hacking Robots Before Skynet:  Technical Appendix},
     author = {Cerrudo, Cesar and Apa, Lucas},
     year = {2017},
     url = {https://ioactive.com/pdfs/Hacking-Robots-Before-Skynet-Technical-Appendix.pdf}
}

@INPROCEEDINGS{SecurecomROS,
author={B. Breiling and B. Dieber and P. Schartner},
booktitle={2017 Annual IEEE International Systems Conference (SysCon)},
title={Secure communication for the robot operating system},
year={2017},
volume={},
number={},
pages={1-6},
keywords={message authentication;middleware;operating systems (computers);peer-to-peer computing;robot programming;ROS;authenticity;confidentiality;data loss;monetary damage;peer-to-peer basis;publishers-subscribers interaction;robot operating system;robotics software;robotics technologies;secure communication channel;Authentication;Authorization;Communication channels;Peer-to-peer computing;Service robots},
doi={10.1109/SYSCON.2017.7934755},
ISSN={},
month={April},}

}




@INPROCEEDINGS{ApplicationSecROS,
author={B. Dieber and S. Kacianka and S. Rass and P. Schartner},
booktitle={2016 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS)},
title={Application-level security for ROS-based applications},
year={2016},
volume={},
number={},
pages={4477-4482},
keywords={control engineering computing;cryptography;industrial robots;operating systems (computers);production control;production engineering computing;risk analysis;ROS;application-level security;cryptographic methods;industrial applications;production process;risk safety;robot operating system;Authentication;Cryptography;Digital signatures;Production;Service robots},
doi={10.1109/IROS.2016.7759659},
ISSN={},
month={Oct},}

}

@misc{usbhacks,
  title = {Top 5 USB Hacks that PWN You},
  author = {Singh, Tarandeep},
  howpublished = {\url{http://geeknizer.com/top-usb-hacks-pwn/}},
  note = {Accessed: 2018-05-18}
}

@misc{pepperdocs,
  title = {Aldebaran Software 2.1.0.18 documentation},
  author = {{Aldebaran Robotics}},
  howpublished = {\url{http://doc.aldebaran.com/2-0/family/juliette_user_guide/webpage_access.html}},
  note = {Accessed: 2018-05-18}
}

@misc{rethinkdocs,
  title = {Baxter Research Robot Wiki},
  author = {{Rethink Robotics}},
  howpublished = {\url{http://sdk.rethinkrobotics.com/wiki/Robot_Hostname}},
  note = {Accessed: 2018-05-18}
}



@article{articlefinger,
author = {Smart, Matthew and Robert Malan, G and Jahanian, Farnam},
year = {2000},
month = {01},
pages = {},
title = {Defeating TCP/IP stack fingerprinting}
}

@article{iso2017iec,
  title={Systems and software engineering—Vocabulary ISO/IEC/IEEE 24765: 2017},
  author={IEEE Standards Association and others},
  journal={ISO/IEC/IEEE},
  volume={24765},
  year={2017}
}

@article{Dieber:2017:SRO:3165321.3165569,
 author = {Dieber, Bernhard and Breiling, Benjamin and Taurer, Sebastian and Kacianka, Severin and Rass, Stefan and Schartner, Peter},
 title = {Security for the Robot Operating System},
 journal = {Robot. Auton. Syst.},
 issue_date = {December 2017},
 volume = {98},
 number = {C},
 month = dec,
 year = {2017},
 issn = {0921-8890},
 pages = {192--203},
 numpages = {12},
 url = {https://doi.org/10.1016/j.robot.2017.09.017},
 doi = {10.1016/j.robot.2017.09.017},
 acmid = {3165569},
 publisher = {North-Holland Publishing Co.},
 address = {Amsterdam, The Netherlands, The Netherlands},
 keywords = {68M14, 68N99, 68T40, 93C85, 94A60, 94A62, Industry 4.0, ROS, Robotics, Security},
}

@misc{threat0,
    title = {Jan. 25, 1979: Robot kills human},
    author={Kravets, David},
    year={2010},
    journal={Wired},
    howpublished = {\url{https://www.wired.com/2010/01/0125robot-kills-worker/}},
    url={https://www.wired.com/2010/01/0125robot-kills-worker/},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat1,
    title = {Robot kills factory worker},
    author={Whymant, Robert},
    year={2014},
    journal={TheGuardian},
    url = {https://www.theguardian.com/theguardian/2014/dec/09/robot-kills-factory-worker},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat2,
    title = {Robot kills man at Volkswagen plant in Germany},
    author={Huggler, Justin},
    year={2015},
    journal={Telegraph},
    url = {https://www.telegraph.co.uk/news/worldnews/europe/germany/11712513/Robot-kills-man-at-Volkswagen-plant-in-Germany},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat3,
    title = {Mall security bot knocks down toddler, breaks Asimov first law of robotics},
    author={Vincent, James},
    year={2016},
    journal={The Verge},
    url = {https://www.theverge.com/2016/7/13/12170640/mall-security-robot-k5-knocks-down-toddler},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat4,
    title = {Dallas deployment of robot bomb to kill suspect is “without precedent”},
    author={Farivar, Cyrus},
    year={2016},
    journal={Ars Technica},
    url = {https://arstechnica.com/tech-policy/2016/07/is-it-ok-to-send-a-police-robot-to-deliver-a-bomb-to-kill-an-active-shooter},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat5,
    title = {Robotic surgery linked to 144 deaths in the US},
    author={Unknown},
    year={2015},
    journal={BBC},
    howpublished = {http://www.bbc.com/news/technology-33609495},
    note = {Accessed: 2018-05-19}
  }

@ARTICLE{2018arXiv180504101G,
   author = {{Giaretta}, A. and {De Donno}, M. and {Dragoni}, N.},
    title = "{Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1805.04101},
 primaryClass = "cs.CR",
 keywords = {Computer Science - Cryptography and Security},
     year = 2018,
    month = may,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180504101G},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}


@techreport{IEC62443,
  title={Industrial Communication Networks Network and System Security Part 1-1: Terminology, Concepts and Models, IEC},
  author={International Electrotechnical Commission and others},
  year={2009},
  institution={TS 62443-1-1 ed1. 0, Geneva, Switzerland}
}

@techreport{sedgewick2014framework,
  title={Framework for improving critical infrastructure cybersecurity, version 1.0},
  author={Sedgewick, Adam},
  year={2014}
}

@techreport{nistframework,
  title={Framework for Improving Critical Infrastructure Cybersecurity},
  author={National Institute of Standards and Technology},
  institution={National Institute of Standards and Technology},
  year={2016},
  note={Version 1.1}
}

@article{white2016sros,
  title={SROS: Securing ROS over the wire, in the graph, and through the kernel},
  author={White, Ruffin and Christensen, Dr and Henrik, I and Quigley, Dr and others},
  journal={arXiv preprint arXiv:1611.07060},
  year={2016}
}


@inproceedings{mcclean2013preliminary,
  title={A preliminary cyber-physical security assessment of the robot operating system (ros)},
  author={McClean, Jarrod and Stull, Christopher and Farrar, Charles and Mascare{\~n}as, David},
  booktitle={Unmanned Systems Technology XV},
  volume={8741},
  pages={874110},
  year={2013},
  organization={International Society for Optics and Photonics}
}

@article{dieber2017security,
  title={Security for the Robot Operating System},
  author={Dieber, Bernhard and Breiling, Benjamin and Taurer, Sebastian and Kacianka, Severin and Rass, Stefan and Schartner, Peter},
  journal={Robotics and Autonomous Systems},
  volume={98},
  pages={192--203},
  year={2017},
  publisher={Elsevier}
}

@inproceedings{finnicum2011building,
  title={Building Secure Robot Applications.},
  author={Finnicum, Murph and King, Samuel T},
  booktitle={HotSec},
  year={2011}
}

@inproceedings{dieber2016application,
  title={Application-level security for ROS-based applications},
  author={Dieber, Bernhard and Kacianka, Severin and Rass, Stefan and Schartner, Peter},
  booktitle={Intelligent Robots and Systems (IROS), 2016 IEEE/RSJ International Conference on},
  pages={4477--4482},
  year={2016},
  organization={IEEE}
}

@inproceedings{jeong2017study,
  title={A Study on ROS Vulnerabilities and Countermeasure},
  author={Jeong, Se-Yeon and Choi, I-Ju and Kim, Yeong-Jin and Shin, Yong-Min and Han, Jeong-Hun and Jung, Goo-Hong and Kim, Kyoung-Gon},
  booktitle={Proceedings of the Companion of the 2017 ACM/IEEE International Conference on Human-Robot Interaction},
  pages={147--148},
  year={2017},
  organization={ACM}
}

@incollection{lera2017cybersecurity,
  title={Cybersecurity of Robotics and Autonomous Systems: Privacy and Safety},
  author={Lera, Francisco J Rodr{\'\i}guez and Llamas, Camino Fern{\'a}ndez and Guerrero, {\'A}ngel Manuel and Olivera, Vicente Matell{\'a}n},
  booktitle={Robotics-Legal, Ethical and Socioeconomic Impacts},
  year={2017},
  publisher={InTech}
}

@article{martin2018quantitative,
  title={Quantitative analysis of security in distributed robotic frameworks},
  author={Mart{\'\i}n, Francisco and Soriano, Enrique and Ca{\~n}as, Jos{\'e} M},
  journal={Robotics and Autonomous Systems},
  volume={100},
  pages={95--107},
  year={2018},
  publisher={Elsevier}
}

@article{lera2016cybersecurity,
  title={Cybersecurity in Autonomous Systems: Evaluating the performance of hardening ROS},
  author={Lera, Francisco Javier Rodr{\i}guez and Balsa, Jes{\'u}s and Casado, Fernando and Fern{\'a}ndez, Camino and Rico, Francisco Mart{\i}n and Matell{\'a}n, Vicente},
  journal={M{\'a}laga, Spain},
  pages={47},
  year={2016}
}

@article{KHALID2018,
title = "Security framework for industrial collaborative robotic cyber-physical systems",
journal = "Computers in Industry",
volume = "97",
pages = "132 - 145",
year = "2018",
issn = "0166-3615",
doi = "https://doi.org/10.1016/j.compind.2018.02.009",
url = "http://www.sciencedirect.com/science/article/pii/S016636151730088X",
author = "Azfar Khalid and Pierre Kirisci and Zeashan Hameed Khan and Zied Ghrairi and Klaus-Dieter Thoben and Jürgen Pannek",
keywords = "Cyber physical production system, Cyber security, Human-robot collaboration"
}

@ARTICLE{RSF,
   author = {{Mayoral-Vilches}, V. and {Alzola-Kirschgens}, L. and {Bilbao Calvo}, A. and
	{Hernández Cordero}, A. and {Izquierdo Pisón}, R. and
	{Mayoral Vilches}, D. and {Muñiz Rosas}, A. and {Olalde Mendia}, G. and
	{Usategi San Juan}, L. and {Zamalloa Ugarte}, I. and {Gil-Uriarte}, E. and
	{Tews}, E. and {Peter}, A.},
    title = {Introducing the Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics},
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1806.04042},
 primaryClass = "cs.CR",
 keywords = {Computer Science - Cryptography and Security, Computer Science - Robotics},
     year = 2018,
    month = jun,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180604042M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@inproceedings{quigley2009ros,
  title={ROS: an open-source Robot Operating System},
  author={Quigley, Morgan and Conley, Ken and Gerkey, Brian and Faust, Josh and Foote, Tully and Leibs, Jeremy and Wheeler, Rob and Ng, Andrew Y},
  booktitle={ICRA workshop on open source software},
  volume={3},
  number={3.2},
  pages={5},
  year={2009},
  organization={Kobe, Japan}
}

@ARTICLE{2018arXiv180803322D,
   author = {{DeMarinis}, N. and {Tellex}, S. and {Kemerlis}, V. and {Konidaris}, G. and
	{Fonseca}, R.},
    title = "{Scanning the Internet for ROS: A View of Security in Robotics Research}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1808.03322},
 primaryClass = "cs.CR",
 keywords = {Computer Science - Cryptography and Security, Computer Science - Robotics},
     year = 2018,
    month = jul,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180803322D},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@techreport{eagle2004capture,
  title={Capture-the-flag: Learning computer security under fire},
  author={Eagle, Chris and Clark, John L},
  year={2004},
  institution={NAVAL POSTGRADUATE SCHOOL MONTEREY CA}
}

@inproceedings{cowan2003defcon,
  title={Defcon capture the flag: Defending vulnerable code from intense attack},
  author={Cowan, Crispin and Arnold, Seth and Beattie, Steve and Wright, Chris and Viega, John},
  booktitle={DARPA Information Survivability Conference and Exposition, 2003. Proceedings},
  volume={1},
  pages={120--129},
  year={2003},
  organization={IEEE}
}

@article{vigna20112010,
  title={The 2010 international capture the flag competition},
  author={Vigna, Giovanni},
  journal={IEEE Security \& Privacy},
  volume={9},
  number={1},
  pages={12--14},
  year={2011},
  publisher={IEEE}
}

@article{darpa2014cyber,
  title={Cyber grand challenge},
  author={DARPA, DA},
  journal={Retrieved June},
  volume={6},
  pages={2014},
  year={2014}
}

@ARTICLE{RVSS,
  author = {{Mayoral-Vilches}, V. and {Gil-Uriarte}, E. and {Zamalloa Ugarte}, I. and
{Olalde Mendia}, G. and {Izquierdo Pis{\'o}n}, R. and {Alzola Kirschgens}, L. and
{Bilbao Calvo}, A. and {Hern{\'a}ndez Cordero}, A. and {Apa}, L. and
{Cerrudo}, C.},
  title = "{Towards an open standard for assessing the severity of robot security vulnerabilities, the Robot Vulnerability Scoring System (RVSS)}",
  journal = {ArXiv e-prints},
  archivePrefix = "arXiv",
  eprint = {1807.10357},
  primaryClass = "cs.RO",
  keywords = {Computer Science - Robotics, Computer Science - Cryptography and Security},
  year = 2018,
  month = jul,
  adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180710357M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@INPROCEEDINGS{Koenig04designand,
    author = {Nathan Koenig and Andrew Howard},
    title = {Design and Use Paradigms for Gazebo, An Open-Source Multi-Robot Simulator},
    booktitle = {In IEEE/RSJ International Conference on Intelligent Robots and Systems},
    year = {2004},
    pages = {2149--2154}
}

@article{White,
abstract = {SROS1 is a proposed addition to the ROS1 API and ecosystem to support modern cryptography and security measures. An overview of current progress will be presented, explaining each major advancement, including: over-the-wire cryptography for all data transport, namespaced access control enforcing graph poli-cies/restrictions, and finally process profiles using Linux Security Modules to harden a node's resource access. This chapter not only seeks to raise community awareness of the vulnerabilities in ROS1, but to provide clear instruction along designed patterns of development for using proposed solutions provided by SROS1 to advance the state of security for open source robotics subsystems.},
author = {White, Ruffin and Caiazza, Gianluca and Christensen, Henrik and Cortesi, Agostino},
doi = {10.1007/978-3-319-91590-6_11},
file = {:Users/gorka/Library/Application Support/Mendeley Desktop/Downloaded/White et al. - Unknown - SROS1 Using and Developing Secure ROS1 Systems(2).pdf:pdf},
keywords = {Access control,ROS,Robotics,Secure communications},
mendeley-groups = {CYBERSECURITY/ROS},
title = {{SROS1: Using and Developing Secure ROS1 Systems}},
url = {https://doi.org/10.1007/978-3-319-91590-6{\_}11}
}

@article{Durumeric2013,
abstract = {Internet-wide network scanning has numerous security applications, including exposing new vulnerabilities and tracking the adoption of defensive mechanisms, but prob- ing the entire public address space with existing tools is both difficult and slow. We introduce ZMap, a modular, open-source network scanner specifically architected to perform Internet-wide scans and capable of surveying the entire IPv4 address space in under 45 minutes from user space on a single machine, approaching the theo- retical maximum speed of gigabit Ethernet. We present the scanner architecture, experimentally characterize its performance and accuracy, and explore the security impli- cations of high speed Internet-scale network surveys, both offensive and defensive. We also discuss best practices for good Internet citizenship when performing Internet-wide surveys, informed by our own experiences conducting a long-term research survey over the past year. 1},
author = {Durumeric, Zakir and Wustrow, Eric and Halderman, J. Alex},
file = {:Users/gorka/Downloads/zmap.pdf:pdf},
isbn = {9781931971034},
journal = {Proceedings of the 22nd USENIX Security Symposium},
number = {August},
pages = {605--619},
title = {{ZMap: Fast Internet-wide Scanning and Its Security Applications}},
url = {https://zmap.io/paper.pdf},
year = {2013}
}
@misc{biondi, title={Scapy}, url={https://scapy.net/}, journal={Scapy}, author={Biondi, Philippe}}

@ARTICLE{rctf,
   author = {{Olalde Mendia}, G. and {Usategui San Juan}, L. and {Perez Bascaran}, X. and
	{Bilbao Calvo}, A. and {Hern{\'a}ndez Cordero}, A. and {Zamalloa Ugarte}, I. and
	{Mu{\~n}iz Rosas}, A. and {Mayoral Vilches}, D. and {Ayucar Carbajo}, U. and
	{Alzola Kirschgens}, L. and {Mayoral Vilches}, V. and {Gil-Uriarte}, E.
	},
    title = "{Robotics CTF (RCTF), a playground for robot hacking}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1810.02690},
 primaryClass = "cs.CY",
 keywords = {Computer Science - Computers and Society, Computer Science - Robotics},
     year = 2018,
    month = oct,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv181002690O},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}
@inproceedings{laperdrix:hal-01285470,
  TITLE = {{Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints}},
  AUTHOR = {Laperdrix, Pierre and Rudametkin, Walter and Baudry, Benoit},
  URL = {https://hal.inria.fr/hal-01285470},
  BOOKTITLE = {{37th IEEE Symposium on Security and Privacy (S\&P 2016)}},
  ADDRESS = {San Jose, United States},
  YEAR = {2016},
  MONTH = May,
  KEYWORDS = {browser fingerprinting ; privacy ; software diversity},
  PDF = {https://hal.inria.fr/hal-01285470/file/beauty-sp16.pdf},
  HAL_ID = {hal-01285470},
  HAL_VERSION = {v2},
}

@techreport{McGreevy2001,
abstract = {Are you footprinting your systems? Or is an attacker doing it for you? Yes, footprinting can be good for you just like scanning. The process of footprinting is the first step in information gathering of hackers. To perform or thwart a successful attack, one needs to gather information. The hacker's intention is to learn about all aspects of the perspective organization's security posture, profile of their Intranet, remote access capabilities, and intranet/extranet presence (Scambray, McClure, and Kurtz 2001). Footprint...},
address = {Monterrey},
author = {McGreevy, James P.},
file = {:Users/gorka/Desktop/footprinting-it-it-why-62.pdf:pdf},
institution = {SANS Institute},
title = {{Footprinting: What Is It, Who Should Do It, and Why?}},
url = {https://www.sans.org/reading-room/whitepapers/auditing/footprinting-it-it-why-62},
year = {2002}
}

@article{DeMarinis2018,
abstract = {Because robots can directly perceive and affect the physical world, security issues take on particular importance. In this paper, we describe the results of our work on scanning the entire IPv4 address space of the Internet for instances of the Robot Operating System (ROS), a widely used robotics platform for research. Our results identified that a number of hosts supporting ROS are exposed to the public Internet, thereby allowing anyone to access robotic sensors and actuators. As a proof of concept, and with consent, we were able to read image sensor information and move the robot of a research group in a US university. This paper gives an overview of our findings, including the geographic distribution of publicly-accessible platforms, the sorts of sensor and actuator data that is available, as well as the different kinds of robots and sensors that our scan uncovered. Additionally, we offer recommendations on best practices to mitigate these security issues in the future.},
archivePrefix = {arXiv},
arxivId = {1808.03322},
author = {DeMarinis, Nicholas and Tellex, Stefanie and Kemerlis, Vasileios and Konidaris, George and Fonseca, Rodrigo},
eprint = {1808.03322},
file = {:Users/gorka/Downloads/1808.03322.pdf:pdf},
mendeley-groups = {CYBERSECURITY},
title = {{Scanning the Internet for ROS: A View of Security in Robotics Research}},
year = {2018}
}

@techreport{Maggi,
author = {Maggi, Federico and Quarta, Davide and Pogliani, Marcello and Polino, Mario and Zanchettin, Andrea M and Zanero, Stefano and {Di Milano}, Politecnico},
file = {:Users/gorka/Library/Application Support/Mendeley Desktop/Downloaded/Maggi et al. - Unknown - Rogue Robots Testing the Limits of an Industrial Robot's Security.pdf:pdf},
keywords = {ICS,industrial security,robot,routers},
mendeley-groups = {CYBERSECURITY/ROS},
title = {{Rogue Robots: Testing the Limits of an Industrial Robot's Security}}
}
@misc{shodan,
    title={The search engine for the Internet of Things}, url={https://www.shodan.io/},
    journal={Shodan}
}

@inproceedings{Mirian2016,
  doi = {10.1109/pst.2016.7906943},
  url = {https://doi.org/10.1109/pst.2016.7906943},
  year  = {2016},
  month = {dec},
  publisher = {{IEEE}},
  author = {Ariana Mirian and Zane Ma and David Adrian and Matthew Tischer and Thasphon Chuenchujit and Tim Yardley and Robin Berthier and Joshua Mason and Zakir Durumeric and J. Alex Halderman and Michael Bailey},
  title = {An Internet-wide view of {ICS} devices},
  booktitle = {2016 14th Annual Conference on Privacy,  Security and Trust ({PST})}
}

@article{Adrian2014,
author = {Adrian, David and Durumeric, Zakir and Singh, Gulshan and Halderman, J Alex},
file = {:Users/gorka/Downloads/woot14-adrian.pdf:pdf},
journal = {Usenix Woot},
number = {August},
pages = {8},
title = {{Zippier ZMap : Internet-Wide Scanning at 10 Gbps}},
url = {http://dl.acm.org/citation.cfm?id=2671293.2671301},
year = {2014}
}
@techreport{rfc5280,
        url = {https://www.rfc-editor.org/rfc/rfc5280.txt},
        author = {D. Cooper and S. Santesson and S. Farrell and S. Boeyen and R. Housley and W. Polk},
        number = {5280},
        howpublished = {Internet Requests for Comments},
        title = {Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile},
        issn = {},
        year = {2008},
        type = {RFC},
        publisher = {RFC Editor},
        institution = {RFC Editor},
        month = {May}
}

  @misc{dds,
    title = {What is DDS?},
    author={Object Management Group},
    year={2018},
    howpublished = {https://www.omgwiki.org/dds/what-is-dds-3/},
    note = {Accessed: 2018-12-01}
  }

  @misc{robapi,
    title = {API Reference},
    author={ABB},
    year={2016},
    howpublished = {http://developercenter.robotstudio.com/webservice/api\_reference},
    note = {Accessed: 2018-12-03}
  }

@misc{scadastrangelove_2016, title={scadastrangelove/SCADAPASS}, url={https://github.com/scadastrangelove/SCADAPASS}, journal={GitHub}, author={Scadastrangelove}, year={2016}, month={Nov}}



@techreport{rose2019zero,
  title={Zero Trust Architecture Draft, NIST Special Publication 800-207},
  author={Rose, Scott and Borchert, Oliver and Mitchell, Stu and Connelly, Sean},
  year={2019},
  institution={National Institute of Standards and Technology},
  journal={NIST Special publication},
  volume={800},
  number={207}
}

@techreport{rose2019zero_draft2,
  title={Zero Trust Architecture Draft (2nd), NIST Special Publication 800-207},
  author={Rose, Scott and Borchert, Oliver and Mitchell, Stu and Connelly, Sean},
  year={2020},
  institution={National Institute of Standards and Technology},
  journal={NIST Special publication},
  volume={800},
  number={207}
}



@article{vilches2019introducing,
  title={Introducing the robot vulnerability database (rvd)},
  author={Mayoral-Vilches, V{\'\i}ctor and Juan, Lander Usategui San and Dieber, Bernhard and Carbajo, Unai Ayucar and Gil-Uriarte, Endika},
  journal={arXiv preprint arXiv:1912.11299},
  year={2019}
}

@misc{ztacloudgoogle,
title = {BeyondCorp: How Google Ditched VPNs for Remote Employee Access},
author={ Joab Jackson},
year={2018},
howpublished = {https://thenewstack.io/beyondcorp-google-ditched-virtual-private-networking-internal-applications/},
note = {Accessed: 2020-02-21}
}

@misc{ztabanks,
title = {Why banks are adopting a modern approach to cybersecurity—the Zero Trust model},
author={Diana Pallais},
year={2019},
howpublished = {https://www.microsoft.com/en-us/microsoft-365/blog/2019/09/18/why-banks-adopt-modern-cybersecurity-zero-trust-model/},
note = {Accessed: 2020-02-21}
}

@article{43231,
title	= {BeyondCorp: A New Approach to Enterprise Security},
author	= {Rory Ward and Betsy Beyer},
year	= {2014},
journal	= {;login:},
pages	= {6--11},
volume	= {Vol. 39, No. 6}
}

@techreport{actzero,
  title={Zero Trust Cybersecurity Current Trends},
  author={American Council for Technology},
  year={2018},
  institution={American Council for Technology-Industry Advisory Council (ACT-IAC)},
}

@article{wolfertsecurity,
  title={Security Risks of Social Robots Used to Persuade and Manipulate: A Proof of Concept Study},
  author={Wolfert, Pieter and Deschuyteneer, Jorre and Oetringer, Djamari and Robinson, Nicole and Belpaeme, Tony}
}


@unpublished{rasscs4r,
title= {Access Control Models, with Applications to Robotics},
author = {Stefan Rass},
year = {2020},
note= {European Robotics Forum 2020, Cybersecurity for Robotics Workshop, part II},
URL= {https://aliasrobotics.com/cs4r_2.php},
}

@techreport{grimes2007vision,
  title={Information Grid Architectural Vision. Vision for a Net-Centric, Service Oriented DoD Enterprise},
  author={Grimes, John G},
  year={2007},
  institution={DEPARTMENT OF DEFENSE WASHINGTON DC CHIEF INFORMATION OFFICER}
}

@techreport{grimes2007strategy,
  title={Net-Centric Services Strategy. Strategy for a Net-Centric, Service Oriented DoD Enterprise},
  author={Grimes, John G},
  year={2007},
  institution={DEPARTMENT OF DEFENSE WASHINGTON DC CHIEF INFORMATION OFFICER}
}

@misc{standard2005extensible,
  title={extensible access control markup language (xacml) version 3.0},
  author={Standard, OASIS},
  journal={2011-09-24]. http://docs. oasis-open. org/xacml/2.0/access\_control-xacml-2.0-core-spec-os. pdf},
  year={2005}
}

@article{lacava2020current,
  title={Current Research Issues on Cyber security in Robotics},
  author={Lacava, G and Marotta, A and Martinelli, F and Saracino, A and La Marra, A and Gil-Uriarte, E and Vilches, V Mayoral},
  year={2020}
}

@techreport{canonicalros2020,
  title={Securing ROS robotics platforms},
  author={Canonical},
  year={2020},
  institution={Canonical}
}

@misc{rosmetrics,
  title={ROS Community Metrics},
  author={ROS community},
  URL= {http://wiki.ros.org/Metrics},
  year={2020}
}

@article{cousins2010ros,
  title={Ros on the pr2 [ros topics]},
  author={Cousins, Steve},
  journal={IEEE Robotics \& Automation Magazine},
  volume={17},
  number={3},
  pages={23--25},
  year={2010},
  publisher={IEEE}
}

@article{lera2016ciberseguridad,
  title={Ciberseguridad en robots aut{\'o}nomos: An{\'a}lisis y evaluaci{\'o}n multiplataforma del bastionado ROS},
  author={Lera, Francisco Javier Rodr{\i}guez and Matell{\'a}n, Vicente and Balsa, Jes{\'u}s and Casado, Fernando},
  journal={Actas Jornadas Sarteco},
  pages={571--578},
  year={2016}
}

@incollection{dieber2020penetration,
  title={Penetration testing  {ROS}},
  author={Dieber, Bernhard and White, Ruffin and Taurer, Sebastian and Breiling, Benjamin and Caiazza, Gianluca and Christensen, Henrik and Cortesi, Agostino},
  booktitle={Robot Operating System (ROS)},
  pages={183--225},
  year={2020},
  publisher={Springer}
}

@article{olssoniot,
  title={IoT Offensive Security Penetration Testing},
  author={Olsson, Theodor and Forsberg, Albin Larsson}
}

@inproceedings{rivera2019rosploit,
  title={ROSploit: Cybersecurity tool for {ROS}},
  author={Rivera, Sean and Lagraa, Sofiane and State, Radu},
  booktitle={2019 Third IEEE International Conference on Robotic Computing (IRC)},
  pages={415--416},
  year={2019},
  organization={IEEE}
}


@article{wilhoit2013scada,
  title={The SCADA that didn’t cry wolf},
  author={Wilhoit, Kyle},
  journal={Trend Micro Inc., White Paper},
  year={2013}
}


@article{stouffer2011guide,
  title={Guide to industrial control systems (ICS) security},
  author={Stouffer, Keith and Falco, Joe and Scarfone, Karen},
  journal={NIST special publication},
  volume={800},
  number={82},
  pages={16--16},
  year={2011}
}

@misc{homelandicssec,
  title={CYBER SECURITY ASSESSMENTS OF INDUSTRIAL CONTROL SYSTEMS A GOOD PRACTICE GUIDE},
  author={Homeland Security},
  URL= {https://www.ccn-cert.cni.es/publico/InfraestructurasCriticaspublico/CPNI-Guia-SCI.pdf},
  year={2011}
}

@article{center2013apt1,
  title={Apt1: Exposing one of chinas cyber espionage units},
  author={Center, Mandiant Intelligence},
  journal={Mandian. com},
  year={2013}
}

@article{assante2015industrial,
  title={The industrial control system cyber kill chain},
  author={Assante, Michael J and Lee, Robert M},
  journal={SANS Institute InfoSec Reading Room},
  volume={1},
  year={2015}
}

@article{bryant2017novel,
  title={A novel kill-chain framework for remote security log analysis with SIEM software},
  author={Bryant, Blake D and Saiedian, Hossein},
  journal={computers \& security},
  volume={67},
  pages={198--210},
  year={2017},
  publisher={Elsevier}
}

@techreport{strom2017finding,
  title={Finding cyber threats with ATT\&CK-based analytics},
  author={Strom, Blake E and Battaglia, Joseph A and Kemmerer, Michael S and Kupersanin, William and Miller, Douglas P and Wampler, Craig and Whitley, Sean M and Wolf, Ross D},
  year={2017},
  institution={Technical Report MTR170202, MITRE}
}

@article{iec2003iec,
  title={IEC 61131-3-Programmable Controllers--Part 3: Programming Languages},
  author={IEC-International Electrotechnical Commission and others},
  journal={CH Geneva},
  year={2003}
}

@techreport{tuvrheinland_industrialrobotics,
  title={Industrial Robotics and Cyber Security},
  author={TÜV Rheinland},
  year={2018},
  institution={TÜV Rheinland}
}

@article{mayoral2020devsecops,
  title={DevSecOps in Robotics},
  author={Mayoral-Vilches, V{\'\i}ctor and Garc{\'\i}a-Maestro, Nuria and Towers, McKenna and Gil-Uriarte, Endika},
  journal={arXiv preprint arXiv:2003.10402},
  year={2020}
}

@article{maggi2020rogue,
  title={Rogue automation: Vulnerabile and Malicious Code in Industrial Programming},
  author={Maggi, Federico and Pogliani, Marcello},
  journal={Trend Micro, Politecnico di Milano, Tech. Rep},
  year={2020}
}

@misc{cisbenchmarkmelodic10,
title = {CIS ROS Melodic Benchmark v1.0.0 },
author={Rael Daruszka and Jonathan Lewis Christopherson and others},
year={2020},
howpublished = {https://workbench.cisecurity.org/benchmarks/5207},
note = {Accessed: 2020-08-17}
}

@article{alexander2020mitre,
  title={MITRE ATT\&CK{\textregistered} for Industrial Control Systems: Design and Philosophy},
  author={Alexander, Otis and Belisle, Misha and Steele, Jacob},
  year={2020}
}

@article{strom2018mitre,
  title={Mitre att\&ck: Design and philosophy},
  author={Strom, Blake E and Applebaum, Andy and Miller, Doug P and Nickels, Kathryn C and Pennington, Adam G and Thomas, Cody B},
  journal={Technical report},
  year={2018}
}

@misc{robotimmunesystem,
title = {Robot Immune System (RIS)},
author={Alias Robotics},
year={2020},
howpublished = {https://aliasrobotics.com/ris.php},
note = {Accessed: 2020-08-20}
}

@article{rivera2020discofuzzer,
  title={DiscoFuzzer: Discontinuity-based Vulnerability Detector for Robotic Systems},
  author={Rivera, Sean and Iannillo, Antonio Ken and others},
  year={2020},
  publisher={TechRxiv}
}

@inproceedings{clark2017cybersecurity,
  title={Cybersecurity issues in robotics},
  author={Clark, George W and Doran, Michael V and Andel, Todd R},
  booktitle={2017 IEEE conference on cognitive and computational aspects of situation management (CogSIMA)},
  pages={1--5},
  year={2017},
  organization={IEEE}
}

@inproceedings{balsa2017cybersecurity,
  title={Cybersecurity in autonomous systems: hardening ROS using encrypted communications and semantic rules},
  author={Balsa-Comer{\'o}n, Jes{\'u}s and Guerrero-Higueras, {\'A}ngel Manuel and Rodr{\'\i}guez-Lera, Francisco Javier and Fern{\'a}ndez-Llamas, Camino and Matell{\'a}n-Olivera, Vicente},
  booktitle={Iberian Robotics Conference},
  pages={67--78},
  year={2017},
  organization={Springer}
}

@inproceedings{doczi2016increasing,
  title={Increasing ROS 1. x communication security for medical surgery robot},
  author={D{\'o}czi, Roland and Kis, Ferenc and S{\"u}t{\H{o}}, Bal{\'a}zs and P{\'o}ser, Val{\'e}ria and Kronreif, Gernot and J{\'o}svai, Eszter and Kozlovszky, Miklos},
  booktitle={2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC)},
  pages={004444--004449},
  year={2016},
  organization={IEEE}
}

@article{sandoval2018communications,
  title={Communications Authentication Protocols for Unmanned Aerial Systems Running the Military Robot Operating System [video]},
  author={Sandoval, Sergio},
  year={2018}
}

@misc{redteamingrosindustrial_whitepaper,
    title = {Red Teaming ROS-Industrial, extended version},
    author={{Alias Robotics}},
    year={2020},
    howpublished = {https://aliasrobotics.com/files/red\_teaming\_rosindustrial.pdf}
}

@article{filkins2019sans,
  title={SANS 2019 State of OT/ICS Cybersecurity Survey},
  author={Filkins, Barbara and Wylie, Doug and Dely, AJ},
  journal={SANS Technology Institute},
  year={2019}
}

@inproceedings{bozic2017planning,
  title={Planning the attack! or how to use ai in security testing?},
  author={Bozic, Josip and Wotawa, Franz},
  booktitle={IWAISe: First International Workshop on Artificial Intelligence in Security},
  volume={50},
  year={2017}
}

@article{ekenna2020clustering,
  title={Clustering and Analysis of Vulnerabilities Present in Different Robot Types},
  author={Ekenna, Chinwe and Acharya, Bharvee},
  journal={arXiv preprint arXiv:2008.08166},
  year={2020}
}

@article{mayoral2020can,
  title={Can ROS be used securely in industry? Red teaming ROS-Industrial},
  author={Mayoral-Vilches, V{\'\i}ctor and Pinzger, Martin and Rass, Stefan and Dieber, Bernhard and Gil-Uriarte, Endika},
  journal={arXiv preprint arXiv:2009.08211},
  year={2020}
}

@inproceedings{zheng2011ivda,
  title={IVDA: International vulnerability database alliance},
  author={Zheng, Chen and Zhang, Yuqing and Sun, Yingfei and Liu, Qixu},
  booktitle={2011 Second Worldwide Cybersecurity Summit (WCS)},
  pages={1--6},
  year={2011},
  organization={IEEE}
}

@article{ma2001sharing,
  title={Sharing vulnerability information using a taxonomically-correct, web-based cooperative database},
  author={Ma, Lingfeng and Mandujano, Salvador and Song, Guangfeng and Meunier, Pascal},
  journal={Center for Education and Research in Information Assurance and Security, Purdue University},
  volume={3},
  year={2001}
}

@article{ALHAZMI2007219,
title = "Measuring, analyzing and predicting security vulnerabilities in software systems",
journal = "Computers \& Security",
volume = "26",
number = "3",
pages = "219 - 228",
year = "2007",
issn = "0167-4048",
doi = "https://doi.org/10.1016/j.cose.2006.10.002",
url = "http://www.sciencedirect.com/science/article/pii/S0167404806001520",
author = "O.H. Alhazmi and Y.K. Malaiya and I. Ray",
keywords = "Vulnerabilities, Security holes, Risk evaluation, Quantitative security modeling, Defect density",
abstract = "In this work we examine the feasibility of quantitatively characterizing some aspects of security. In particular, we investigate if it is possible to predict the number of vulnerabilities that can potentially be present in a software system but may not have been found yet. We use several major operating systems as representatives of complex software systems. The data on vulnerabilities discovered in these systems are analyzed. We examine the results to determine if the density of vulnerabilities in a program is a useful measure. We also address the question about what fraction of software defects are security related, i.e., are vulnerabilities. We examine the dynamics of vulnerability discovery hypothesizing that it may lead us to an estimate of the magnitude of the undiscovered vulnerabilities still present in the system. We consider the vulnerability discovery rate to see if models can be developed to project future trends. Finally, we use the data for both commercial and open-source systems to determine whether the key observations are generally applicable. Our results indicate that the values of vulnerability densities fall within a range of values, just like the commonly used measure of defect density for general defects. Our examination also reveals that it is possible to model the vulnerability discovery using a logistic model that can sometimes be approximated by a linear model."
}

@ARTICLE{Shin2011Vulnerabilities,
author={Y. {Shin} and A. {Meneely} and L. {Williams} and J. A. {Osborne}},
journal={IEEE Transactions on Software Engineering},
title={Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities},
year={2011},
volume={37},
number={6},
pages={772-787},
keywords={Linux;online front-ends;program testing;public domain software;software fault tolerance;software metrics;code churn;software vulnerabilities;developer activity metrics;security inspection;software metrics;source code;vulnerable code locations;open-source projects;Mozilla Firefox Web browser;Red Hat enterprise Linux kernel;Fault diagnosis;Software security;Complexity theory;Predictive models;Charge coupled devices;Fault prediction;software metrics;software security;vulnerability prediction.},
doi={10.1109/TSE.2010.81},
ISSN={2326-3881},
month={Nov},}

@inproceedings {Finifter2013BugBounty,
author = {Matthew Finifter and Devdatta Akhawe and David Wagner},
title = {An Empirical Study of Vulnerability Rewards Programs},
booktitle = {Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13)},
year = {2013},
isbn = {978-1-931971-03-4},
address = {Washington, D.C.},
pages = {273--288},
url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/finifter},
publisher = {{USENIX}},
}

@INPROCEEDINGS{McQueen2009Zeroday,
author={M. A. {McQueen} and T. A. {McQueen} and W. F. {Boyer} and M. R. {Chaffin}},
booktitle={2009 42nd Hawaii International Conference on System Sciences},
title={Empirical Estimates and Observations of 0Day Vulnerabilities},
year={2009},
volume={},
number={},
pages={1-12},
keywords={risk management;security of data;0Day software vulnerability observation;0Day lifespan;public disclosure;risk assessment;Life estimation;Security;Application software;Laboratories;Educational institutions;Protection;Databases;IEEE news;Software systems;Hardware},
doi={10.1109/HICSS.2009.186},
ISSN={1530-1605},
month={Jan},}

@inproceedings{Bilge:2012:BWK:2382196.2382284,
 author = {Bilge, Leyla and Dumitra\c{s}, Tudor},
 title = {Before We Knew It: An Empirical Study of Zero-day Attacks in the Real World},
 booktitle = {Proceedings of the 2012 ACM Conference on Computer and Communications Security},
 series = {CCS '12},
 year = {2012},
 isbn = {978-1-4503-1651-4},
 location = {Raleigh, North Carolina, USA},
 pages = {833--844},
 numpages = {12},
 url = {http://doi.acm.org/10.1145/2382196.2382284},
 doi = {10.1145/2382196.2382284},
 acmid = {2382284},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {full disclosure, vulnerabilities, zero-day attacks},
}

@inproceedings{schoonover2018galaxy,
  title={Galaxy: a network emulation framework for cybersecurity},
  author={Schoonover, Kevin and Michalak, Eric and Harris, Sean and Gausmann, Adam and Reinbolt, Hannah and Tauritz, Daniel R and Rawlings, Chris and Pope, Aaron Scott},
  booktitle={11th $\{$USENIX$\}$ Workshop on Cyber Security Experimentation and Test ($\{$CSET$\}$ 18)},
  year={2018}
}

@inproceedings{handigol2012reproducible,
  title={Reproducible network experiments using container-based emulation},
  author={Handigol, Nikhil and Heller, Brandon and Jeyakumar, Vimalkumar and Lantz, Bob and McKeown, Nick},
  booktitle={Proceedings of the 8th international conference on Emerging networking experiments and technologies},
  pages={253--264},
  year={2012}
}

@phdthesis{heller2013reproducible,
  title={Reproducible network research with high-fidelity emulation},
  author={Heller, Brandon},
  year={2013},
  school={Stanford University}
}

@article{grattafiori2016understanding,
  title={Understanding and hardening linux containers},
  author={Grattafiori, Aaron},
  journal={Whitepaper, NCC Group},
  year={2016}
}

@article{baillie2020cyborg,
  title={CybORG: An Autonomous Cyber Operations Research Gym},
  author={Baillie, Callum and Standen, Maxwell and Schwartz, Jonathon and Docking, Michael and Bowman, David and Kim, Junae},
  journal={arXiv preprint arXiv:2002.10667},
  year={2020}
}

% DETER Lab
@INPROCEEDINGS{5655108,
	author={J. Mirkovic and others},
	booktitle={2010 IEEE International Conference on Technologies for Homeland Security (HST)},
	title={The {DETER} project: Advancing the science of cyber security experimentation and test},
	year={2010},
	volume={},
	number={},
	pages={1-7},
	keywords={security of data;DETER cybersecurity testbed project;national resource;Communities;Software;Instruments;Complexity theory;Malware;cyber-security;testbed;experimental research},
	doi={10.1109/THS.2010.5655108},
	ISSN={},
	month={Nov},
}

% CANDLES
@inproceedings{Rush:2015:CAN:2739482.2768429,
	author = {G. Rush and others},
	title = {Coevolutionary Agent-based Network Defense Lightweight Event System ({CANDLES})},
	booktitle = {Proceedings of the Companion Publication of the 2015 Annual Conference on Genetic and Evolutionary Computation},
	series = {GECCO Companion '15},
	year = {2015},
	isbn = {978-1-4503-3488-4},
	location = {Madrid, Spain},
	pages = {859--866},
	numpages = {8},
	url = {http://doi.acm.org/10.1145/2739482.2768429},
	doi = {10.1145/2739482.2768429},
	acmid = {2768429},
	publisher = {ACM},
	address = {New York, NY, USA},
	keywords = {coevolution, cyber security, simulation},
}

% BRAWL
@misc{BRAWL,
      author = {The MITRE Corporation},
      title = {{BRAWL}},
      howpublished = {\url{https://github.com/mitre/brawl-public-game-001}},
      year = {2018}}
}

% VINE
@inproceedings{Eskridge:2015:VCE:2808475.2808486,
	author = {T. Eskridge and others},
	title = {{VINE}: A Cyber Emulation Environment for MTD Experimentation},
	booktitle = {Proceedings of the Second ACM Workshop on Moving Target Defense},
	series = {MTD '15},
	year = {2015},
	isbn = {978-1-4503-3823-3},
	location = {Denver, Colorado, USA},
	pages = {43--47},
	numpages = {5},
	url = {http://doi.acm.org/10.1145/2808475.2808486},
	doi = {10.1145/2808475.2808486},
	acmid = {2808486},
	publisher = {ACM},
	address = {New York, NY, USA},
	keywords = {moving target defense experimentation, network creation, network emulation, network monitoring}
}

% Small World
@article{FURFARO2018791,
	title = "A Cloud-based platform for the emulation of complex cybersecurity scenarios",
	journal = "Future Generation Computer Systems",
	volume = "89",
	pages = "791 - 803",
	year = "2018",
	issn = "0167-739X",
	doi = "https://doi.org/10.1016/j.future.2018.07.025",
	url = "http://www.sciencedirect.com/science/article/pii/S0167739X1630704X",
	author = "A. Furfaro and others",
	keywords = "Cybersecurity, Virtual environments, Cloud-based systems"
}

%CyAMS
@INPROCEEDINGS{7795375,
author={S. Brown and others},
booktitle={MILCOM 2016 - 2016 IEEE Military Communications Conference},
title={Validation of network simulation model and scalability tests using example malware},
year={2016},
volume={},
number={},
pages={491-496},
keywords={digital simulation;invasive software;network simulation model;scalability tests;example malware;behavioral simulator;CyAMS program;cyber army modeling and simulation program;malicious software propagation;ns-3 simulation model;CyAMS simulation model;Malware;IP networks;Computational modeling;Firewalls (computing);Scalability;Emulation;Routing},
doi={10.1109/MILCOM.2016.7795375},
ISSN={2155-7586},
month={Nov},
}

% Insight
@inproceedings{Futoransky2009SimulatingCF,
  title={Simulating cyber-attacks for fun and profit},
  author={A. Futoransky and others},
  booktitle={SimuTools},
  year={2009}
}

% Learning to Hack Masters Thesis
@misc{niculae_2018,
	title={Reinforcement Learning vs Genetic Algorithms in Game-Theoretic Cyber-Security},
	url={thesiscommons.org/nxzep},
	DOI={10.31237/osf.io/nxzep},
	publisher={Thesis Commons},
	author={S. Niculae},
	year={2018},
	month={Oct}
}

% Jonny Thesis
@article{JThesis,
	author = "J. Schwartz and H. Kurniawati",
	title = "{Autonomous Penetration Testing using Reinforcement Learning}",
	journal = {\href{https://arxiv.org/abs/1905.05965}{\tt arXiv:1905.05965}},
	year = "2019",
}

% MoveIt
@article{chitta2012moveit,
  title={Moveit![ros topics]},
  author={Chitta, Sachin and Sucan, Ioan and Cousins, Steve},
  journal={IEEE Robotics \& Automation Magazine},
  volume={19},
  number={1},
  pages={18--19},
  year={2012},
  publisher={IEEE}
}

% aztarna
@article{mayoral2018aztarna,
  title={aztarna, a footprinting tool for robots},
  author={Mayoral-Vilches, V{\'\i}ctor and Mendia, Gorka Olalde and Baskaran, Xabier Perez and Cordero, Alejandro Hern{\'a}ndez and Juan, Lander Usategui San and Gil-Uriarte, Endika and de Urabain, Odei Olalde Saez and Kirschgens, Laura Alzola},
  journal={arXiv preprint arXiv:1812.09490},
  year={2018}
}

% RVD#2554: MiR ROS computational graph presents no authentication mechanisms
%   https://github.com/aliasrobotics/RVD/issues/2554
@misc{rvd2554,
  author = {Mayoral-Vilches, V{\'\i}ctor and Glera, Alfonso},
  title = {RVD\#2554: MiR ROS computational graph presents no authentication mechanisms},
  year = {2020},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/aliasrobotics/RVD/issues/2554}}
}


 % RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones
% https://github.com/aliasrobotics/RVD/issues/2555
@misc{rvd2555,
  author = {Mayoral-Vilches, V{\'\i}ctor},
  title = {RVD\#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones},
  year = {2020},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/aliasrobotics/RVD/issues/2555}}
}

% RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor maps)
%   https://github.com/aliasrobotics/RVD/issues/2555
@misc{rvd2556,
  author = {Mayoral-Vilches, V{\'\i}ctor},
  title = {RVD\#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor maps)},
  year = {2020},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/aliasrobotics/RVD/issues/2556}}
}

% RVD#2558: Default credentials on SICK PLC allows disabling safety features
%   https://github.com/aliasrobotics/RVD/issues/2555
@misc{rvd2558,
  author = {Mayoral-Vilches, V{\'\i}ctor},
  title = {RVD\#2558: Default credentials on SICK PLC allows disabling safety features},
  year = {2020},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/aliasrobotics/RVD/issues/2558}}
}

% UR security case study - penetration testing
%   https://aliasrobotics.com/case-study-pentesting-ur.php
@misc{pentestingur,
  author = {{Alias Robotics}},
  title = {UR security case study - penetration testing},
  year = {2020},
  publisher = {Alias Robotics},
  howpublished = {\url{https://aliasrobotics.com/case-study-pentesting-ur.php}}
}

% ABB industrial cyber security - penetration testing
%   https://aliasrobotics.com/case-study-pentesting-abb.php
@misc{pentestingabb,
  author = {{Alias Robotics}},
  title = {ABB industrial cyber security - penetration testing},
  year = {2020},
  publisher = {Alias Robotics},
  howpublished = {\url{https://aliasrobotics.com/case-study-pentesting-abb.php}}
}

% Red teaming ROS-Industrial
%   https://aliasrobotics.com/case-study-red-teaming.php
@misc{redteamingrosi,
  author = {{Alias Robotics}},
  title = {Red teaming ROS-Industrial},
  year = {2020},
  publisher = {Alias Robotics},
  howpublished = {\url{https://aliasrobotics.com/case-study-red-teaming.php}}
}

% Purdue model
@article{williams1994purdue,
  title={The Purdue enterprise reference architecture},
  author={Williams, Theodore J},
  journal={Computers in industry},
  volume={24},
  number={2-3},
  pages={141--158},
  year={1994},
  publisher={Elsevier}
}


@InProceedings{Kolak2020ItTakesAVillage,
  author    = {Sophia Kolak and Afsoon Afzal and Claire Le Goues and Michael Hilton and Chris Timperley},
  title     = {It Takes a Village to Build a Robot: An Empirical Study of The ROS Ecosystem.},
  booktitle = {Proceedings of the 2020 International Conference on Software Maintenance and Evolution (ICSME2020)},
  year      = {2020},
}

@InProceedings{b6,
  author    = {Sophia Kolak and Afsoon Afzal and Claire Le Goues and Michael Hilton and Chris Timperley},
  title     = {It Takes a Village to Build a Robot: An Empirical Study of The ROS Ecosystem.},
  booktitle = {Proceedings of the 2020 International Conference on Software Maintenance and Evolution (ICSME2020)},
  year      = {2020},
}

@misc{cordella2019analysis,
  title={Analysis and development of a scoring system for repair and upgrade of products-final report},
  author={Cordella, Mauro and Alfieri, Felice and Sanfelix, Javier},
  year={2019},
  publisher={Publications Office of the European Union Luxembourg}
}

@misc{eccircularap,
  title={Circular Economy Action Plan, For a cleaner and more competitive Europe},
  author={Directorate-General for Communication (European Commission)},
  year={2020},
  publisher={Publications Office of the European Union Luxembourg},
  doi = "10.2779/05068"
}

@article{hatta2020right,
  title={The right to repair, the right to tinker, and the right to innovate},
  author={Hatta, Masayuki},
  journal={Annals of Business Administrative Science},
  pages={0200604a},
  year={2020},
  publisher={Global Business Research Center}
}

@inproceedings{taurer2019case,
  title={Case study: remote attack to disable MiR100 safety},
  author={Taurer, Sebastian and Breiling, Benjamin and Svrta, Stella and Dieber, Bernhard}
}


@article{zhu2021cybersecurity,
  title={Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice},
  author={Zhu, Quanyan and Rass, Stefan and Dieber, Bernhard and Mayoral-Vilches, Victor},
  journal={arXiv preprint arXiv:2103.05789},
  year={2021}
}

@article{skorobogatov2017deep,
  title={Deep dip teardown of tubeless insulin pump},
  author={Skorobogatov, Sergei},
  journal={arXiv preprint arXiv:1709.06026},
  year={2017}
}

@online{teradyne_growth,
  author = {Steve Crowe},
  title = {Teradyne’s robotics portfolio grows revenue 33\% in Q1},
  year = 2021,
  url = {https://www.therobotreport.com/teradyne-robotics-portfolio-revenue-33-q1/},
  urldate = {2021-05-02}
}

@inproceedings{younis2010reverse,
  title={Reverse engineering in mechatronics education},
  author={Younis, Mohammed Bani and Tutunji, Tarek A},
  booktitle={7th International Symposium on Mechatronics and its Applications},
  pages={1--5},
  year={2010},
  organization={IEEE}
}

@article{tutunjireverse,
  title={Reverse Engineering: Electronics},
  author={Tutunji, TarekA},
  publisher={Citeseer}
}

@article{kohlweiss2020integration,
  title={Integration of a teardown approach at Graz University of Technology{\'{}} s LEAD Factory},
  author={Kohlweiss, Andreas and Auberger, Elias and Ketenci, Atacan and Ramsauer, Christian},
  journal={Procedia Manufacturing},
  volume={45},
  pages={240--245},
  year={2020},
  publisher={Elsevier}
}

@inproceedings{sandborn2006using,
  title={Using Teardown Analysis as a vehicle to teach electronic systems manufacturing cost modeling},
  author={Sandborn, Peter and Myers, Jessica and Barron, Thomas and McCarthy, Michael},
  booktitle={Proceedings of the International Electronics Packaging Education Conference (at the ECTC)},
  year={2006}
}


@inproceedings{treude_exploratory_2011,
	title = {An {Exploratory} {Study} of {Software} {Reverse} {Engineering} in a {Security} {Context}},
	doi = {10.1109/WCRE.2011.30},
	abstract = {Illegal cyberspace activities are increasing rapidly and many software engineers are using reverse engineering methods to respond to attacks. The security-sensitive nature of these tasks, such as the understanding of malware or the decryption of encrypted content, brings unique challenges to reverse engineering: work has to be done offline, files can rarely be shared, time pressure is immense, and there is a lack of tool and process support for capturing and sharing the knowledge obtained while trying to understand plain assembly code. To help us gain an understanding of this reverse engineering work, we report on an exploratory study done in a security context at a research and development government organization to explore their work processes, tools, and artifacts. In this paper, we identify challenges, such as the management and navigation of a myriad of artifacts, and we conclude by offering suggestions for tool and process improvements.},
	booktitle = {2011 18th {Working} {Conference} on {Reverse} {Engineering}},
	author = {Treude, Christoph and Filho, Fernando Figueira and Storey, Margaret-Anne and Salois, Martin},
	month = oct,
	year = {2011},
	note = {ISSN: 2375-5369},
	keywords = {Software, Context, Assembly, Documentation, exploratory study, Malware, reverse engineering, Reverse engineering, security setting},
	pages = {184--188}
}

@inproceedings{rajendran_security_2013,
	address = {New York, NY, USA},
	series = {{CCS} '13},
	title = {Security analysis of integrated circuit camouflaging},
	isbn = {978-1-4503-2477-9},
	url = {https://doi.org/10.1145/2508859.2516656},
	doi = {10.1145/2508859.2516656},
	abstract = {Camouflaging is a layout-level technique that hampers an attacker from reverse engineering by introducing, in one embodiment, dummy contacts into the layout. By using a mix of real and dummy contacts, one can camouflage a standard cell whose functionality can be one of many. If an attacker cannot resolve the functionality of a camouflaged gate, he/she will extract an incorrect netlist. In this paper, we analyze the feasibility of identifying the functionality of camouflaged gates. We also propose techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering. Furthermore, we judiciously select gates to camouflage by using techniques which ensure that the outputs of the extracted netlist are controllably corrupted. The techniques leverage IC testing principles such as justification and sensitization. The proposed techniques are evaluated using ISCAS benchmark circuits and OpenSparc T1 microprocessor controllers.},
	urldate = {2021-05-10},
	booktitle = {Proceedings of the 2013 {ACM} {SIGSAC} conference on {Computer} \& communications security},
	publisher = {Association for Computing Machinery},
	author = {Rajendran, Jeyavijayan and Sam, Michael and Sinanoglu, Ozgur and Karri, Ramesh},
	month = nov,
	year = {2013},
	keywords = {ic camouflaging, ic reverse engineering, ip piracy, ip protection},
	pages = {709--720}
}


@inproceedings{tellez_iot_2016,
	title = {{IoT} security attacks using reverse engineering methods on {WSN} applications},
	doi = {10.1109/WF-IoT.2016.7845429},
	abstract = {With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become a popular technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring application with the goal to demonstrate the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our WSN application. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect MSP430 micro-controller units (MCUs). We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse engineer WSN applications to obtain critical security information such as encryption keys. We contribute a solution to patch the weak BSL password security flaw and improve the security of MSP430 MCU chips. The Secure-BSL patch we contribute allows the randomization of the BSL password. Our solution increases the brute force time to decades. The impractical brute force time enhances the security of the MSP430 and prevents future reverse engineering tactics. Our research serves as proof that the security of WSNs and the overall IoT technology is broken if we cannot protect these everyday objects at the physical layer.},
	booktitle = {2016 {IEEE} 3rd {World} {Forum} on {Internet} of {Things} ({WF}-{IoT})},
	author = {Tellez, Mauricio and El-Tawab, Samy and Heydari, M. Hossain},
	month = dec,
	year = {2016},
	keywords = {Monitoring, Security, IoT, Temperature measurement, Bootstrap Loader, Brute Force, Hacking, IEEE 802.15.4, Random access memory, Reverse Engineering, TelosB, Temperature sensors, Wireless sensor networks, Wireless Sensor Networks},
	pages = {182--187}
}


@inproceedings{lin_automatic_2010,
	address = {West Lafayette, IN},
	series = {{CERIAS} '10},
	title = {Automatic reverse engineering of data structures from binary execution},
	abstract = {With only the binary executable of a program, it is useful to discover the program's data structures and infer their syntactic and semantic definitions. Such knowledge is highly valuable in a variety of security and forensic applications. Although there exist efforts in program data structure inference, the existing solutions are not suitable for our targeted application scenarios. In this paper, we propose a reverse engineering technique to automatically reveal program data structures from binaries. Our technique, called REWARDS, is based on dynamic analysis. More specifically, each memory location accessed by the program is tagged with a timestamped type attribute. Following the program's runtime data flow, this attribute is propagated to other memory locations and registers that share the same type. During the propagation, a variable's type gets resolved if it is involved in a type-revealing execution point or type sink. More importantly, besides the forward type propagation, REWARDS involves a backward type resolution procedure where the types of some previously accessed variables get recursively resolved starting from a type sink. This procedure is constrained by the timestamps of relevant memory locations to disambiguate variables re-using the same memory location. In addition, REWARDS is able to reconstruct in-memory data structure layout based on the type information derived. We demonstrate that REWARDS provides unique benefits to two applications: memory image forensics and binary fuzzing for vulnerability discovery.},
	urldate = {2021-05-10},
	booktitle = {Proceedings of the 11th {Annual} {Information} {Security} {Symposium}},
	publisher = {CERIAS - Purdue University},
	author = {Lin, Zhiqiang and Zhang, Xiangyu and Xu, Dongyan},
	month = mar,
	year = {2010},
	pages = {1}
}


@inproceedings{mcloughlin_secure_2008,
	title = {Secure {Embedded} {Systems}: {The} {Threat} of {Reverse} {Engineering}},
	shorttitle = {Secure {Embedded} {Systems}},
	doi = {10.1109/ICPADS.2008.126},
	abstract = {Companies releasing newly designed embedded products typically recoup the cost of development through initial sales, and thus are unlikely to welcome early competition based around rapid reverse engineering of their products. By contrast, competitors able to shorten time-to-market though reverse engineering will gain design cost and market share advantages. Reverse engineering for nefarious purposes appears to be commonplace, and has significant cost impact on industry sales and profitability. In the Embedded Systems MSc programme at Nanyang Technological University, we are aiming to raise awareness of the unique security issues related to the reverse engineering of embedded systems. This effort is largely through devoting 50\% of the secure embedded systems course, ES6190 to reverse engineering (the remainder to traditional security concerns). This paper covers the reverse engineering problem scope, and our approach to raising awareness through the secure embedded systems course. A classification of hardware reverse engineering steps and mitigations is also presented for the first time, with an overview of a reverse engineering curriculum. Since the quantity of published literature related to the reverse-engineering of embedded systems lies somewhere between scarce and nonexistent, this paper presents a full overview of the topic before descussing educational aspects related to this.},
	booktitle = {2008 14th {IEEE} {International} {Conference} on {Parallel} and {Distributed} {Systems}},
	author = {McLoughlin, Ian},
	month = dec,
	year = {2008},
	note = {ISSN: 1521-9097},
	keywords = {embedded systems, Security, reverse engineering, Reverse engineering, Costs, Design engineering, design reuse, embedded security, Embedded system, Manufacturing, Marketing and sales, Product design, Profitability, User interfaces},
	pages = {729--736}
}


@inproceedings{wang_towards_2008,
	address = {New York, NY, USA},
	series = {{CCS} '08},
	title = {Towards automatic reverse engineering of software security configurations},
	isbn = {978-1-59593-810-7},
	url = {https://doi.org/10.1145/1455770.1455802},
	doi = {10.1145/1455770.1455802},
	abstract = {The specifications of an application's security configuration are crucial for understanding its security policies, which can be very helpful in security-related contexts such as misconfiguration detection. Such specifications, however, are often ill-documented, or even close because of the increasing use of graphic user interfaces to set program options. In this paper, we propose ConfigRE, a new technique for automatic reverse engineering of an application's access-control configurations. Our approach first partitions a configuration input into fields, and then identifies the semantic relations among these fields and the roles they play in enforcing an access control policy. Based upon such knowledge, ConfigRE automatically generates a specification language to describe the syntactic relations of these fields. The language can be converted into a scanner using standard parser generators for scanning configuration files and discovering the security policies specified in an application. We implemented ConfigRE in our research and evaluated it against real applications. The experiment results demonstrate the efficacy of our approach.},
	urldate = {2021-05-10},
	booktitle = {Proceedings of the 15th {ACM} conference on {Computer} and communications security},
	publisher = {Association for Computing Machinery},
	author = {Wang, Rui and Wang, XiaoFeng and Zhang, Kehuan and Li, Zhuowei},
	month = oct,
	year = {2008},
	keywords = {access control, configuration, reverse engineering, context-free language, taint analysis},
	pages = {245--256}
}


@article{guha_network_1997,
	title = {Network security via reverse engineering of {TCP} code: vulnerability analysis and proposed solutions},
	volume = {11},
	issn = {1558-156X},
	shorttitle = {Network security via reverse engineering of {TCP} code},
	doi = {10.1109/65.598458},
	abstract = {The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is widely employed to interconnect computing facilities in today's network environments. However, there exist several security vulnerabilities in the TCP specification and additional weaknesses in a number of its implementations. These vulnerabilities may allow an intruder to "attack" TCP-based systems, enabling him/her to "hijack" a TCP connection or cause denial of service to legitimate users. The authors analyze the TCP code via a "reverse engineering" technique called "program slicing" to identify several of these vulnerabilities, especially those that are related to the TCP state-transition diagram. They discuss many of the flaws present in the TCP implementation of many widely used operating systems, such as SUNOS 4.1.3, SVR4, and ULTRIX 4.3. The corresponding TCP attack "signatures" (including the well-known 1994 Christmas Day Mitnick Attack) are described, and recommendations are provided to improve the security state of a TCP-based system (e.g., incorporation of a "timer escape route" from every TCP state). Also, it is anticipated that wide dissemination of this article's results may not only lead to vendor patches to TCP code to plug security holes, but also raise awareness of how program slicing may be used to analyze other networking software and how future designs of TCP and other software can be improved.},
	number = {4},
	journal = {IEEE Network},
	author = {Guha, B. and Mukherjee, B.},
	month = jul,
	year = {1997},
	note = {Conference Name: IEEE Network},
	keywords = {Computer networks, Computer crime, Hardware, Security, Reverse engineering, Internetworking, Operating systems, Plugs, TCPIP, Transport protocols},
	pages = {40--48}
}

@article{hallett2015xilinx,
  title={Xilinx Reduces Risk and Increases Efficiency for IEC61508 and ISO26262 Certified Safety Applications},
  author={Hallett, Ed and Corradi, Giulio and McNeil, Steven},
  journal={Xilinx White Paper},
  year={2015}
}

@inproceedings{gracic2016implementation,
  title={Implementation of a fault-tolerant system using safety-related Xilinx tools conforming to the standard IEC 61508},
  author={Gracic, Emil and Hayek, Ali and B{\"o}rcs{\"o}k, Josef},
  booktitle={2016 International Conference on System Reliability and Science (ICSRS)},
  pages={78--83},
  year={2016},
  organization={IEEE}
}

@inproceedings{gracic2017evaluation,
  title={Evaluation of FPGA design tools for safety systems with on-chip redundancy referring to the standard IEC 61508},
  author={Gracic, Emil and Hayek, Ali and B{\"o}rcs{\"o}k, Josef},
  booktitle={2017 2nd International Conference on System Reliability and Safety (ICSRS)},
  pages={386--390},
  year={2017},
  organization={IEEE}
}

    @ARTICLE{2016arXiv160805742Z,
   author = {{Zamora}, I. and {Gonzalez Lopez}, N. and {Mayoral Vilches}, V. and
	{Hernandez Cordero}, A.},
    title = "{Extending the OpenAI Gym for robotics: a toolkit for reinforcement learning using ROS and Gazebo}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1608.05742},
 primaryClass = "cs.RO",
 keywords = {Computer Science - Robotics},
     year = 2016,
    month = aug,
   adsurl = {http://adsabs.harvard.edu/abs/2016arXiv160805742Z},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@ARTICLE{2018arXiv180204082M,
   author = {{Mayoral}, V. and {Kojcev}, R. and {Etxezarreta}, N. and {Hern{\'a}ndez}, A. and
	{Zamalloa}, I.},
    title = "{Towards self-adaptable robots: from programming to training machines}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1802.04082},
 primaryClass = "cs.RO",
 keywords = {Computer Science - Robotics},
     year = 2018,
    month = feb,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180204082M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@ARTICLE{2016arXiv160302199L,
   author = {{Levine}, S. and {Pastor}, P. and {Krizhevsky}, A. and {Quillen}, D.
	},
    title = "{Learning Hand-Eye Coordination for Robotic Grasping with Deep Learning and Large-Scale Data Collection}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1603.02199},
 primaryClass = "cs.LG",
 keywords = {Computer Science - Learning, Computer Science - Artificial Intelligence, Computer Science - Computer Vision and Pattern Recognition, Computer Science - Robotics},
     year = 2016,
    month = mar,
   adsurl = {http://adsabs.harvard.edu/abs/2016arXiv160302199L},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{1606.01540,
  Author = {Greg Brockman and Vicki Cheung and Ludwig Pettersson and Jonas Schneider and John Schulman and Jie Tang and Wojciech Zaremba},
  Title = {OpenAI Gym},
  Year = {2016},
  Eprint = {arXiv:1606.01540},
}

@inproceedings{todorov2012mujoco,
  title={Mujoco: A physics engine for model-based control},
  author={Todorov, Emanuel and Erez, Tom and Tassa, Yuval},
  booktitle={Intelligent Robots and Systems (IROS), 2012 IEEE/RSJ International Conference on},
  pages={5026--5033},
  year={2012},
  organization={IEEE}
}


@inproceedings{koenig2004design,
  title={Design and use paradigms for gazebo, an open-source multi-robot simulator},
  author={Koenig, Nathan and Howard, Andrew},
  booktitle={Intelligent Robots and Systems, 2004.(IROS 2004). Proceedings. 2004 IEEE/RSJ International Conference on},
  volume={3},
  pages={2149--2154},
  year={2004},
  organization={IEEE}
}

@inproceedings{Quigley09,
author="Morgan Quigley and Brian Gerkey and Ken Conley and Josh Faust and
Tully Foote and Jeremy Leibs and Eric Berger and Rob Wheeler and Andrew Ng",
title="ROS: an open-source Robot Operating System",
booktitle="Proc. of the IEEE Intl. Conf. on Robotics and Automation (ICRA)
Workshop on Open Source Robotics",
month = may,
year=2009,
address="Kobe, Japan"
}

@article{stooke2018accelerated,
  title={Accelerated Methods for Deep Reinforcement Learning},
  author={Stooke, Adam and Abbeel, Pieter},
  journal={arXiv preprint arXiv:1803.02811},
  year={2018}
}

@ARTICLE{2017arXiv171209381L,
   author = {{Liang}, E. and {Liaw}, R. and {Moritz}, P. and {Nishihara}, R. and
	{Fox}, R. and {Goldberg}, K. and {Gonzalez}, J.~E. and {Jordan}, M.~I. and
	{Stoica}, I.},
    title = "{Ray RLlib: A Framework for Distributed Reinforcement Learning}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1712.09381},
 primaryClass = "cs.AI",
 keywords = {Computer Science - Artificial Intelligence, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Learning},
     year = 2017,
    month = dec,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv171209381L},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{pytorchrl,
  author = {Kostrikov, Ilya},
  title = {PyTorch Implementations of Reinforcement Learning Algorithms},
  year = {2018},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/ikostrikov/pytorch-a2c-ppo-acktr}},
}

@misc{baselines,
  author = {Dhariwal, Prafulla and Hesse, Christopher and Klimov, Oleg and Nichol, Alex and Plappert, Matthias and Radford, Alec and Schulman, John and Sidor, Szymon and Wu, Yuhuai},
  title = {OpenAI Baselines},
  year = {2017},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/openai/baselines}},
}

@ARTICLE{2017arXiv170902878H,
   author = {{Hafner}, D. and {Davidson}, J. and {Vanhoucke}, V.},
    title = "{TensorFlow Agents: Efficient Batched Reinforcement Learning in TensorFlow}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1709.02878},
 primaryClass = "cs.LG",
 keywords = {Computer Science - Learning, Computer Science - Artificial Intelligence},
     year = 2017,
    month = sep,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv170902878H},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{caspi_itai_2017_1134899,
  author       = {Caspi, Itai and
                  Leibovich, Gal and
                  Novik, Gal},
  title        = {Reinforcement Learning Coach},
  month        = dec,
  year         = 2017,
  doi          = {10.5281/zenodo.1134899},
  url          = {https://doi.org/10.5281/zenodo.1134899}
}

@ARTICLE{2017arXiv171205889M,
   author = {{Moritz}, P. and {Nishihara}, R. and {Wang}, S. and {Tumanov}, A. and
	{Liaw}, R. and {Liang}, E. and {Paul}, W. and {Jordan}, M.~I. and
	{Stoica}, I.},
    title = "{Ray: A Distributed Framework for Emerging AI Applications}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1712.05889},
 primaryClass = "cs.DC",
 keywords = {Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Artificial Intelligence, Computer Science - Learning, Statistics - Machine Learning},
     year = 2017,
    month = dec,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv171205889M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@inproceedings{brewer2015kubernetes,
  title={Kubernetes and the path to cloud native},
  author={Brewer, Eric A},
  booktitle={Proceedings of the Sixth ACM Symposium on Cloud Computing},
  pages={167--167},
  year={2015},
  organization={ACM}
}
@article{buyya1999high,
  title={High performance cluster computing},
  author={Buyya, Rajkumar},
  journal={New Jersey: F’rentice},
  year={1999}
}
@article{rosen2006bgp,
  title={BGP/MPLS IP virtual private networks (VPNs)},
  author={Rosen, Eric C and Rekhter, Yakov},
  year={2006}
}

@INPROCEEDINGS{8046383,
author={V. Mayoral and A. Hernández and R. Kojcev and I. Muguruza and I. Zamalloa and A. Bilbao and L. Usategi},
booktitle={2017 NASA/ESA Conference on Adaptive Hardware and Systems (AHS)},
title={The shift in the robotics paradigm: The Hardware Robot Operating System (H-ROS); an infrastructure to create interoperable robot components},
year={2017},
volume={},
number={},
pages={229-236},
keywords={control engineering computing;operating systems (computers);robots;H-ROS;building robots;hardware robot operating system;internal representation model;robot components;robot hardware components;robotics paradigm;software infrastructure;Hardware;Robot kinematics;Robot sensing systems;Service robots;Software;Standards;ROS;hardware;real-time Ethernet;robotics;standard},
doi={10.1109/AHS.2017.8046383},
ISSN={},
month={July},}

@techreport{hackerreport2018,
     title = {The 2018 hacker report},
     author = {hackerone},
     year = {2018},
     url = {https://www.hackerone.com/sites/default/files/2018-01/2018_Hacker_Report.pdf}
}

@techreport{hackerreport2017,
     title = {The hacker-powered security report},
     author = {hackerone},
     year = {2017},
     url = {https://www.hackerone.com/sites/default/files/2017-06/The%20Hacker-Powered%20Security%20Report.pdf}
}

@mastersthesis{shyvakov2017developing,
  title={Developing a security framework for robots},
  author={Shyvakov, Oleksandr},
  year={2017},
  school={University of Twente}
}

@article{park2017security,
  title={Security assessment framework for IoT service},
  author={Park, Keon Chul and Shin, Dong-Hee},
  journal={Telecommunication Systems},
  volume={64},
  number={1},
  pages={193--209},
  year={2017},
  publisher={Springer}
}

@techreport{hackingbeforeskynet,
     title = {Hacking Robots Before Skynet},
     author = {Cerrudo, Cesar and Apa, Lucas},
     year = {2017},
     url = {https://ioactive.com/wp-content/uploads/2018/05/Hacking-Robots-Before-Skynet-Paper_Final.pdf}
}

@techreport{hackingbeforeskynet2,
     title = {Hacking Robots Before Skynet:  Technical Appendix},
     author = {Cerrudo, Cesar and Apa, Lucas},
     year = {2017},
     url = {https://ioactive.com/pdfs/Hacking-Robots-Before-Skynet-Technical-Appendix.pdf}
}

@INPROCEEDINGS{SecurecomROS,
author={B. Breiling and B. Dieber and P. Schartner},
booktitle={2017 Annual IEEE International Systems Conference (SysCon)},
title={Secure communication for the robot operating system},
year={2017},
volume={},
number={},
pages={1-6},
keywords={message authentication;middleware;operating systems (computers);peer-to-peer computing;robot programming;ROS;authenticity;confidentiality;data loss;monetary damage;peer-to-peer basis;publishers-subscribers interaction;robot operating system;robotics software;robotics technologies;secure communication channel;Authentication;Authorization;Communication channels;Peer-to-peer computing;Service robots},
doi={10.1109/SYSCON.2017.7934755},
ISSN={},
month={April},}

}




@INPROCEEDINGS{ApplicationSecROS,
author={B. Dieber and S. Kacianka and S. Rass and P. Schartner},
booktitle={2016 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS)},
title={Application-level security for ROS-based applications},
year={2016},
volume={},
number={},
pages={4477-4482},
keywords={control engineering computing;cryptography;industrial robots;operating systems (computers);production control;production engineering computing;risk analysis;ROS;application-level security;cryptographic methods;industrial applications;production process;risk safety;robot operating system;Authentication;Cryptography;Digital signatures;Production;Service robots},
doi={10.1109/IROS.2016.7759659},
ISSN={},
month={Oct},}

}

@misc{usbhacks,
  title = {Top 5 USB Hacks that PWN You},
  author = {Singh, Tarandeep},
  howpublished = {\url{http://geeknizer.com/top-usb-hacks-pwn/}},
  note = {Accessed: 2018-05-18}
}

@misc{pepperdocs,
  title = {Aldebaran Software 2.1.0.18 documentation},
  author = {{Aldebaran Robotics}},
  howpublished = {\url{http://doc.aldebaran.com/2-0/family/juliette_user_guide/webpage_access.html}},
  note = {Accessed: 2018-05-18}
}

@misc{rethinkdocs,
  title = {Baxter Research Robot Wiki},
  author = {{Rethink Robotics}},
  howpublished = {\url{http://sdk.rethinkrobotics.com/wiki/Robot_Hostname}},
  note = {Accessed: 2018-05-18}
}



@article{articlefinger,
author = {Smart, Matthew and Robert Malan, G and Jahanian, Farnam},
year = {2000},
month = {01},
pages = {},
title = {Defeating TCP/IP stack fingerprinting}
}

@article{iso2017iec,
  title={Systems and software engineering—Vocabulary ISO/IEC/IEEE 24765: 2017},
  author={IEEE Standards Association and others},
  journal={ISO/IEC/IEEE},
  volume={24765},
  year={2017}
}

@article{Dieber:2017:SRO:3165321.3165569,
 author = {Dieber, Bernhard and Breiling, Benjamin and Taurer, Sebastian and Kacianka, Severin and Rass, Stefan and Schartner, Peter},
 title = {Security for the Robot Operating System},
 journal = {Robot. Auton. Syst.},
 issue_date = {December 2017},
 volume = {98},
 number = {C},
 month = dec,
 year = {2017},
 issn = {0921-8890},
 pages = {192--203},
 numpages = {12},
 url = {https://doi.org/10.1016/j.robot.2017.09.017},
 doi = {10.1016/j.robot.2017.09.017},
 acmid = {3165569},
 publisher = {North-Holland Publishing Co.},
 address = {Amsterdam, The Netherlands, The Netherlands},
 keywords = {68M14, 68N99, 68T40, 93C85, 94A60, 94A62, Industry 4.0, ROS, Robotics, Security},
}

@misc{threat0,
    title = {Jan. 25, 1979: Robot kills human},
    author={Kravets, David},
    year={2010},
    journal={Wired},
    howpublished = {\url{https://www.wired.com/2010/01/0125robot-kills-worker/}},
    url={https://www.wired.com/2010/01/0125robot-kills-worker/},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat1,
    title = {Robot kills factory worker},
    author={Whymant, Robert},
    year={2014},
    journal={TheGuardian},
    url = {https://www.theguardian.com/theguardian/2014/dec/09/robot-kills-factory-worker},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat2,
    title = {Robot kills man at Volkswagen plant in Germany},
    author={Huggler, Justin},
    year={2015},
    journal={Telegraph},
    url = {https://www.telegraph.co.uk/news/worldnews/europe/germany/11712513/Robot-kills-man-at-Volkswagen-plant-in-Germany},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat3,
    title = {Mall security bot knocks down toddler, breaks Asimov first law of robotics},
    author={Vincent, James},
    year={2016},
    journal={The Verge},
    url = {https://www.theverge.com/2016/7/13/12170640/mall-security-robot-k5-knocks-down-toddler},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat4,
    title = {Dallas deployment of robot bomb to kill suspect is “without precedent”},
    author={Farivar, Cyrus},
    year={2016},
    journal={Ars Technica},
    url = {https://arstechnica.com/tech-policy/2016/07/is-it-ok-to-send-a-police-robot-to-deliver-a-bomb-to-kill-an-active-shooter},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat5,
    title = {Robotic surgery linked to 144 deaths in the US},
    author={Unknown},
    year={2015},
    journal={BBC},
    howpublished = {http://www.bbc.com/news/technology-33609495},
    note = {Accessed: 2018-05-19}
  }

@ARTICLE{2018arXiv180504101G,
   author = {{Giaretta}, A. and {De Donno}, M. and {Dragoni}, N.},
    title = "{Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1805.04101},
 primaryClass = "cs.CR",
 keywords = {Computer Science - Cryptography and Security},
     year = 2018,
    month = may,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180504101G},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}


@techreport{IEC62443,
  title={Industrial Communication Networks Network and System Security Part 1-1: Terminology, Concepts and Models, IEC},
  author={International Electrotechnical Commission and others},
  year={2009},
  institution={TS 62443-1-1 ed1. 0, Geneva, Switzerland}
}

@techreport{sedgewick2014framework,
  title={Framework for improving critical infrastructure cybersecurity, version 1.0},
  author={Sedgewick, Adam},
  year={2014}
}

@techreport{nistframework,
  title={Framework for Improving Critical Infrastructure Cybersecurity},
  author={National Institute of Standards and Technology},
  institution={National Institute of Standards and Technology},
  year={2016},
  note={Version 1.1}
}


@article{kirschgens2018robot,
  title={Robot hazards: from safety to security},
  author={Alzola-Kirschgens, Laura  and Ugarte, Irati Zamalloa and Uriarte, Endika Gil and Rosas, Aday Muniz and Vilches, V{\'\i}ctor Mayoral},
  journal={arXiv preprint arXiv:1806.06681},
  year={2018}
}

@article{ma2001sharing,
  title={Sharing vulnerability information using a taxonomically-correct, web-based cooperative database},
  author={Ma, Lingfeng and Mandujano, Salvador and Song, Guangfeng and Meunier, Pascal},
  journal={Center for Education and Research in Information Assurance and Security, Purdue University},
  volume={3},
  year={2001}
}

@techreport{booth2013national,
  title={The National Vulnerability Database (NVD): Overview},
  author={Booth, Harold and Rike, Doug and Witte, Gregory},
  year={2013},
  institution={National Institute of Standards and Technology}
}

@inproceedings{zheng2011ivda,
  title={IVDA: International vulnerability database alliance},
  author={Zheng, Chen and Zhang, Yuqing and Sun, Yingfei and Liu, Qixu},
  booktitle={2011 Second Worldwide Cybersecurity Summit (WCS)},
  pages={1--6},
  year={2011},
  organization={IEEE}
}

@article{mcmillan2010siemens,
  title={Siemens: Stuxnet worm hit industrial systems},
  author={McMillan, Robert},
  journal={Computerworld},
  volume={14},
  year={2010}
}

@inproceedings{quigley2009ros,
  title={ROS: an open-source Robot Operating System},
  author={Quigley, Morgan and Conley, Ken and Gerkey, Brian and Faust, Josh and Foote, Tully and Leibs, Jeremy and Wheeler, Rob and Ng, Andrew Y},
  booktitle={ICRA workshop on open source software},
  volume={3},
  number={3.2},
  pages={5},
  year={2009},
  organization={Kobe, Japan}
}

@article{merkel2014docker,
  title={Docker: lightweight linux containers for consistent development and deployment},
  author={Merkel, Dirk},
  journal={Linux Journal},
  volume={2014},
  number={239},
  pages={2},
  year={2014}
}

@article{mell2006common,
  title={Common vulnerability scoring system},
  author={Mell, Peter and Scarfone, Karen and Romanosky, Sasha},
  journal={IEEE Security \& Privacy},
  volume={4},
  number={6},
  pages={85--89},
  year={2006},
  publisher={IEEE}
}

@article{vilches2018towards,
  title={Towards an open standard for assessing the severity of robot security vulnerabilities, the Robot Vulnerability Scoring System (RVSS)},
  author={Vilches, V{\'\i}ctor Mayoral and Gil-Uriarte, Endika and Ugarte, Irati Zamalloa and Mendia, Gorka Olalde and Pis{\'o}n, Rodrigo Izquierdo and Alzola-Kirschgens, Laura and Calvo, Asier Bilbao and Cordero, Alejandro Hern{\'a}ndez and Apa, Lucas and Cerrudo, C{\'e}sar},
  journal={arXiv preprint arXiv:1807.10357},
  year={2018}
}

@misc{wiki:Software_bug,
   author = "Wikipedia",
   title = "{Software bug} --- {W}ikipedia{,} The Free Encyclopedia",
   year = "2019",
   howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Software\%20bug&oldid=925790097}},
   note = "[Online; accessed 28-November-2019]"
 }

 @misc{weakness_cwe,
   author = "Common Weakness Enumeration -- MITRE",
   title = "{About CWE}",
   howpublished = {\url{https://cwe.mitre.org/about/faq.html#A.2}},
   note = "[Online; accessed 28-November-2019]"
 }

  @misc{vulnerability_cve,
   author = "Common Vulnerabilities and Exposures -- MITRE",
   title = "{What is a vulnerability?}",
   howpublished = {\url{https://cve.mitre.org/about/faqs.html#what_is_vulnerability}},
   note = "[Online; accessed 28-November-2019]"
 }

@article{meunier1999final,
  title={Final Report of the 2nd Workshop on Research with Security Vulnerability Databases, January 1999},
  author={Meunier, Pascal C and Spafford, Eugene H},
  year={1999},
  publisher={Citeseer}
}

@article{christey2013buying,
  title={Buying into the bias: Why vulnerability statistics suck},
  author={Christey, Steve and Martin, Brian},
  journal={BlackHat, Las Vegas, USA, Tech. Rep},
  volume={1},
  year={2013}
}

@inproceedings{antrobus2016simaticscan,
  title={Simaticscan: Towards a specialised vulnerability scanner for industrial control systems},
  author={Antrobus, Rob and Frey, Sylvain and Green, Benjamin and Rashid, Awais},
  year={2016},
  organization={BCS}
}

@article{brief2013vulnerability,
  title={Vulnerability threat trends},
  author={BRIEF, ANALYST},
  year={2013}
}

@article{ALHAZMI2007219,
title = "Measuring, analyzing and predicting security vulnerabilities in software systems",
journal = "Computers \& Security",
volume = "26",
number = "3",
pages = "219 - 228",
year = "2007",
issn = "0167-4048",
doi = "https://doi.org/10.1016/j.cose.2006.10.002",
url = "http://www.sciencedirect.com/science/article/pii/S0167404806001520",
author = "O.H. Alhazmi and Y.K. Malaiya and I. Ray",
keywords = "Vulnerabilities, Security holes, Risk evaluation, Quantitative security modeling, Defect density",
abstract = "In this work we examine the feasibility of quantitatively characterizing some aspects of security. In particular, we investigate if it is possible to predict the number of vulnerabilities that can potentially be present in a software system but may not have been found yet. We use several major operating systems as representatives of complex software systems. The data on vulnerabilities discovered in these systems are analyzed. We examine the results to determine if the density of vulnerabilities in a program is a useful measure. We also address the question about what fraction of software defects are security related, i.e., are vulnerabilities. We examine the dynamics of vulnerability discovery hypothesizing that it may lead us to an estimate of the magnitude of the undiscovered vulnerabilities still present in the system. We consider the vulnerability discovery rate to see if models can be developed to project future trends. Finally, we use the data for both commercial and open-source systems to determine whether the key observations are generally applicable. Our results indicate that the values of vulnerability densities fall within a range of values, just like the commonly used measure of defect density for general defects. Our examination also reveals that it is possible to model the vulnerability discovery using a logistic model that can sometimes be approximated by a linear model."
}

@ARTICLE{Shin2011Vulnerabilities,
author={Y. {Shin} and A. {Meneely} and L. {Williams} and J. A. {Osborne}},
journal={IEEE Transactions on Software Engineering},
title={Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities},
year={2011},
volume={37},
number={6},
pages={772-787},
keywords={Linux;online front-ends;program testing;public domain software;software fault tolerance;software metrics;code churn;software vulnerabilities;developer activity metrics;security inspection;software metrics;source code;vulnerable code locations;open-source projects;Mozilla Firefox Web browser;Red Hat enterprise Linux kernel;Fault diagnosis;Software security;Complexity theory;Predictive models;Charge coupled devices;Fault prediction;software metrics;software security;vulnerability prediction.},
doi={10.1109/TSE.2010.81},
ISSN={2326-3881},
month={Nov},}

@book{Pfleeger:2002:SC:579149,
 author = {Pfleeger, Charles P. and Pfleeger, Shari Lawrence},
 title = {Security in Computing},
 year = {2002},
 isbn = {0130355488},
 edition = {3rd},
 publisher = {Prentice Hall Professional Technical Reference},
}

@inproceedings {Finifter2013BugBounty,
author = {Matthew Finifter and Devdatta Akhawe and David Wagner},
title = {An Empirical Study of Vulnerability Rewards Programs},
booktitle = {Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13)},
year = {2013},
isbn = {978-1-931971-03-4},
address = {Washington, D.C.},
pages = {273--288},
url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/finifter},
publisher = {{USENIX}},
}

@INPROCEEDINGS{McQueen2009Zeroday,
author={M. A. {McQueen} and T. A. {McQueen} and W. F. {Boyer} and M. R. {Chaffin}},
booktitle={2009 42nd Hawaii International Conference on System Sciences},
title={Empirical Estimates and Observations of 0Day Vulnerabilities},
year={2009},
volume={},
number={},
pages={1-12},
keywords={risk management;security of data;0Day software vulnerability observation;0Day lifespan;public disclosure;risk assessment;Life estimation;Security;Application software;Laboratories;Educational institutions;Protection;Databases;IEEE news;Software systems;Hardware},
doi={10.1109/HICSS.2009.186},
ISSN={1530-1605},
month={Jan},}

@inproceedings{Bilge:2012:BWK:2382196.2382284,
 author = {Bilge, Leyla and Dumitra\c{s}, Tudor},
 title = {Before We Knew It: An Empirical Study of Zero-day Attacks in the Real World},
 booktitle = {Proceedings of the 2012 ACM Conference on Computer and Communications Security},
 series = {CCS '12},
 year = {2012},
 isbn = {978-1-4503-1651-4},
 location = {Raleigh, North Carolina, USA},
 pages = {833--844},
 numpages = {12},
 url = {http://doi.acm.org/10.1145/2382196.2382284},
 doi = {10.1145/2382196.2382284},
 acmid = {2382284},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {full disclosure, vulnerabilities, zero-day attacks},
}

@article{richardson2017ransomware,
  title={Ransomware: Evolution, mitigation and prevention},
  author={Richardson, Ronny and North, Max M},
  journal={International Management Review},
  volume={13},
  number={1},
  pages={10},
  year={2017}
}

@inproceedings{formby2017out,
  title={Out of control: ransomware for industrial control systems},
  author={Formby, David and Durbha, Srikar and Beyah, Raheem},
  booktitle={RSA conference},
  year={2017}
}



@article{mayoralrvd,
  title={Introducing the Robot Vulnerability Database (RVD)},
  author={Mayoral Vilches, Víctor and
        Usategui San Juan, Lander and
        Dieber, Bernhard and
        Ayucar Carbajo, Unai and
        Gil-Uriarte, Endika
  },
  journal={IEEE Robotic Computing},
  year={2020},
  note={Manuscript submitted.}
}

@misc{robo09_2018, title={Universal Robot Security Vulnerabilities}, url={https://dof.robotiq.com/discussion/1195/universal-robot-security-vulnerabilities}, journal={DoF}, author={Robo09}, year={2018}, month={Jun}}

@article{standard10218,
  title={ISO 10218-1:2011 Robots and robotic devices — Safety requirements for industrial robots — Part 1: Robots},
  author={Standard, ISO},
  journal={International Organization for Standardization},
  year={2011}
}

@inproceedings{mayoral2017shift,
  title={The shift in the robotics paradigm—The Hardware Robot Operating System (H-ROS); an infrastructure to create interoperable robot components},
  author={Mayoral, Victor and Hern{\'a}ndez, Alejandro and Kojcev, Risto and Muguruza, I{\~n}igo and Zamalloa, Irati and Bilbao, Asier and Usategi, Lander},
  booktitle={2017 NASA/ESA Conference on Adaptive Hardware and Systems (AHS)},
  pages={229--236},
  year={2017},
  organization={IEEE}
}

@article{vilches2018introducing,
  title={Introducing the robot security framework (rsf), a standardized methodology to perform security assessments in robotics},
  author={Mayoral-Vilches, V{\'\i}ctor and Kirschgens, Laura Alzola and Calvo, Asier Bilbao and Cordero, Alejandro Hern{\'a}ndez and Pis{\'o}n, Rodrigo Izquierdo and Vilches, David Mayoral and Rosas, Aday Mu{\~n}iz and Mendia, Gorka Olalde and Juan, Lander Usategi San and Ugarte, Irati Zamalloa and others},
  journal={arXiv preprint arXiv:1806.04042},
  year={2018}
}


@article{mayoral2018towardsRVSS,
  title={Towards an open standard for assessing the severity of robot security vulnerabilities, the Robot Vulnerability Scoring System (RVSS)},
  author={Mayoral Vilches, V{\'\i}ctor and Gil-Uriarte, Endika and Zamalloa Ugarte, Irati and Olalde Mendia, Gorka and Izquierdo Pis{\'o}n, Rodrigo and Alzola Kirschgens, Laura and Bilbao Calvo, Asier and Hern{\'a}ndez Cordero, Alejandro and Apa, Lucas and Cerrudo, C{\'e}sar},
  journal={arXiv preprint arXiv:1807.10357},
  year={2018}
}


@article{mcdonald2012ransomware,
  title={Ransomware: a growing menace},
  author={McDonald, G and O'Gorman, G},
  journal={DOI= http://www. 01net. it/whitepaper\_library/Symantec\_Ransomware\_Growing\_Menace. pdf},
  year={2012}
}

@inproceedings{andronio2015heldroid,
  title={Heldroid: Dissecting and detecting mobile ransomware},
  author={Andronio, Nicol{\'o} and Zanero, Stefano and Maggi, Federico},
  booktitle={International Symposium on Recent Advances in Intrusion Detection},
  pages={382--404},
  year={2015},
  organization={Springer}
}

@article{bhardwaj2016ransomware,
  title={Ransomware digital extortion: a rising new age threat},
  author={Bhardwaj, Akashdeep and Avasthi, Vinay and Sastry, Hanumat and Subrahmanyam, GVB},
  journal={Indian Journal of Science and Technology},
  volume={9},
  number={14},
  pages={1--5},
  year={2016}
}

@inproceedings{mercaldo2016ransomware,
  title={Ransomware inside out},
  author={Mercaldo, Francesco and Nardone, Vittoria and Santone, Antonella},
  booktitle={2016 11th International Conference on Availability, Reliability and Security (ARES)},
  pages={628--637},
  year={2016},
  organization={IEEE}
}


@misc{wiki:Software_bug,
   author = "Wikipedia",
   title = "{Software bug} --- {W}ikipedia{,} The Free Encyclopedia",
   year = "2019",
   howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Software\%20bug&oldid=925790097}},
   note = "[Online; accessed 28-November-2019]"
 }

 @misc{weakness_cwe,
   author = "Common Weakness Enumeration -- MITRE",
   title = "{About CWE}",
   howpublished = {\url{https://cwe.mitre.org/about/faq.html#A.2}},
   note = "[Online; accessed 28-November-2019]"
 }

  @misc{vulnerability_cve,
   author = "Common Vulnerabilities and Exposures -- MITRE",
   title = "{What is a vulnerability?}",
   howpublished = {\url{https://cve.mitre.org/about/faqs.html#what_is_vulnerability}},
   note = "[Online; accessed 28-November-2019]"
 }

@article{meunier1999final,
  title={Final Report of the 2nd Workshop on Research with Security Vulnerability Databases, January 1999},
  author={Meunier, Pascal C and Spafford, Eugene H},
  year={1999},
  publisher={Citeseer}
}

@article{christey2013buying,
  title={Buying into the bias: Why vulnerability statistics suck},
  author={Christey, Steve and Martin, Brian},
  journal={BlackHat, Las Vegas, USA, Tech. Rep},
  volume={1},
  year={2013}
}

@inproceedings{antrobus2016simaticscan,
  title={Simaticscan: Towards a specialised vulnerability scanner for industrial control systems},
  author={Antrobus, Rob and Frey, Sylvain and Green, Benjamin and Rashid, Awais},
  year={2016},
  organization={BCS}
}

@article{brief2013vulnerability,
  title={Vulnerability threat trends},
  author={BRIEF, ANALYST},
  year={2013}
}

    @ARTICLE{2016arXiv160805742Z,
   author = {{Zamora}, I. and {Gonzalez Lopez}, N. and {Mayoral Vilches}, V. and
	{Hernandez Cordero}, A.},
    title = "{Extending the OpenAI Gym for robotics: a toolkit for reinforcement learning using ROS and Gazebo}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1608.05742},
 primaryClass = "cs.RO",
 keywords = {Computer Science - Robotics},
     year = 2016,
    month = aug,
   adsurl = {http://adsabs.harvard.edu/abs/2016arXiv160805742Z},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@ARTICLE{2018arXiv180204082M,
   author = {{Mayoral}, V. and {Kojcev}, R. and {Etxezarreta}, N. and {Hern{\'a}ndez}, A. and
	{Zamalloa}, I.},
    title = "{Towards self-adaptable robots: from programming to training machines}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1802.04082},
 primaryClass = "cs.RO",
 keywords = {Computer Science - Robotics},
     year = 2018,
    month = feb,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180204082M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@ARTICLE{2016arXiv160302199L,
   author = {{Levine}, S. and {Pastor}, P. and {Krizhevsky}, A. and {Quillen}, D.
	},
    title = "{Learning Hand-Eye Coordination for Robotic Grasping with Deep Learning and Large-Scale Data Collection}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1603.02199},
 primaryClass = "cs.LG",
 keywords = {Computer Science - Learning, Computer Science - Artificial Intelligence, Computer Science - Computer Vision and Pattern Recognition, Computer Science - Robotics},
     year = 2016,
    month = mar,
   adsurl = {http://adsabs.harvard.edu/abs/2016arXiv160302199L},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{1606.01540,
  Author = {Greg Brockman and Vicki Cheung and Ludwig Pettersson and Jonas Schneider and John Schulman and Jie Tang and Wojciech Zaremba},
  Title = {OpenAI Gym},
  Year = {2016},
  Eprint = {arXiv:1606.01540},
}

@inproceedings{todorov2012mujoco,
  title={Mujoco: A physics engine for model-based control},
  author={Todorov, Emanuel and Erez, Tom and Tassa, Yuval},
  booktitle={Intelligent Robots and Systems (IROS), 2012 IEEE/RSJ International Conference on},
  pages={5026--5033},
  year={2012},
  organization={IEEE}
}


@inproceedings{koenig2004design,
  title={Design and use paradigms for gazebo, an open-source multi-robot simulator},
  author={Koenig, Nathan and Howard, Andrew},
  booktitle={Intelligent Robots and Systems, 2004.(IROS 2004). Proceedings. 2004 IEEE/RSJ International Conference on},
  volume={3},
  pages={2149--2154},
  year={2004},
  organization={IEEE}
}

@inproceedings{Quigley09,
author="Morgan Quigley and Brian Gerkey and Ken Conley and Josh Faust and
Tully Foote and Jeremy Leibs and Eric Berger and Rob Wheeler and Andrew Ng",
title="ROS: an open-source Robot Operating System",
booktitle="Proc. of the IEEE Intl. Conf. on Robotics and Automation (ICRA)
Workshop on Open Source Robotics",
month = may,
year=2009,
address="Kobe, Japan"
}

@article{stooke2018accelerated,
  title={Accelerated Methods for Deep Reinforcement Learning},
  author={Stooke, Adam and Abbeel, Pieter},
  journal={arXiv preprint arXiv:1803.02811},
  year={2018}
}

@ARTICLE{2017arXiv171209381L,
   author = {{Liang}, E. and {Liaw}, R. and {Moritz}, P. and {Nishihara}, R. and
	{Fox}, R. and {Goldberg}, K. and {Gonzalez}, J.~E. and {Jordan}, M.~I. and
	{Stoica}, I.},
    title = "{Ray RLlib: A Framework for Distributed Reinforcement Learning}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1712.09381},
 primaryClass = "cs.AI",
 keywords = {Computer Science - Artificial Intelligence, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Learning},
     year = 2017,
    month = dec,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv171209381L},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{pytorchrl,
  author = {Kostrikov, Ilya},
  title = {PyTorch Implementations of Reinforcement Learning Algorithms},
  year = {2018},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/ikostrikov/pytorch-a2c-ppo-acktr}},
}

@misc{baselines,
  author = {Dhariwal, Prafulla and Hesse, Christopher and Klimov, Oleg and Nichol, Alex and Plappert, Matthias and Radford, Alec and Schulman, John and Sidor, Szymon and Wu, Yuhuai},
  title = {OpenAI Baselines},
  year = {2017},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/openai/baselines}},
}

@ARTICLE{2017arXiv170902878H,
   author = {{Hafner}, D. and {Davidson}, J. and {Vanhoucke}, V.},
    title = "{TensorFlow Agents: Efficient Batched Reinforcement Learning in TensorFlow}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1709.02878},
 primaryClass = "cs.LG",
 keywords = {Computer Science - Learning, Computer Science - Artificial Intelligence},
     year = 2017,
    month = sep,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv170902878H},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{caspi_itai_2017_1134899,
  author       = {Caspi, Itai and
                  Leibovich, Gal and
                  Novik, Gal},
  title        = {Reinforcement Learning Coach},
  month        = dec,
  year         = 2017,
  doi          = {10.5281/zenodo.1134899},
  url          = {https://doi.org/10.5281/zenodo.1134899}
}

@ARTICLE{2017arXiv171205889M,
   author = {{Moritz}, P. and {Nishihara}, R. and {Wang}, S. and {Tumanov}, A. and
	{Liaw}, R. and {Liang}, E. and {Paul}, W. and {Jordan}, M.~I. and
	{Stoica}, I.},
    title = "{Ray: A Distributed Framework for Emerging AI Applications}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1712.05889},
 primaryClass = "cs.DC",
 keywords = {Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Artificial Intelligence, Computer Science - Learning, Statistics - Machine Learning},
     year = 2017,
    month = dec,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv171205889M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@inproceedings{brewer2015kubernetes,
  title={Kubernetes and the path to cloud native},
  author={Brewer, Eric A},
  booktitle={Proceedings of the Sixth ACM Symposium on Cloud Computing},
  pages={167--167},
  year={2015},
  organization={ACM}
}
@article{buyya1999high,
  title={High performance cluster computing},
  author={Buyya, Rajkumar},
  journal={New Jersey: F’rentice},
  year={1999}
}
@article{rosen2006bgp,
  title={BGP/MPLS IP virtual private networks (VPNs)},
  author={Rosen, Eric C and Rekhter, Yakov},
  year={2006}
}

@INPROCEEDINGS{8046383,
author={V. Mayoral and A. Hernández and R. Kojcev and I. Muguruza and I. Zamalloa and A. Bilbao and L. Usategi},
booktitle={2017 NASA/ESA Conference on Adaptive Hardware and Systems (AHS)},
title={The shift in the robotics paradigm: The Hardware Robot Operating System (H-ROS); an infrastructure to create interoperable robot components},
year={2017},
volume={},
number={},
pages={229-236},
keywords={control engineering computing;operating systems (computers);robots;H-ROS;building robots;hardware robot operating system;internal representation model;robot components;robot hardware components;robotics paradigm;software infrastructure;Hardware;Robot kinematics;Robot sensing systems;Service robots;Software;Standards;ROS;hardware;real-time Ethernet;robotics;standard},
doi={10.1109/AHS.2017.8046383},
ISSN={},
month={July},}

@techreport{hackerreport2018,
     title = {The 2018 hacker report},
     author = {hackerone},
     year = {2018},
     url = {https://www.hackerone.com/sites/default/files/2018-01/2018_Hacker_Report.pdf}
}

@techreport{hackerreport2017,
     title = {The hacker-powered security report},
     author = {hackerone},
     year = {2017},
     url = {https://www.hackerone.com/sites/default/files/2017-06/The%20Hacker-Powered%20Security%20Report.pdf}
}

@mastersthesis{shyvakov2017developing,
  title={Developing a security framework for robots},
  author={Shyvakov, Oleksandr},
  year={2017},
  school={University of Twente}
}

@article{park2017security,
  title={Security assessment framework for IoT service},
  author={Park, Keon Chul and Shin, Dong-Hee},
  journal={Telecommunication Systems},
  volume={64},
  number={1},
  pages={193--209},
  year={2017},
  publisher={Springer}
}


@misc{usbhacks,
  title = {Top 5 USB Hacks that PWN You},
  author = {Singh, Tarandeep},
  howpublished = {\url{http://geeknizer.com/top-usb-hacks-pwn/}},
  note = {Accessed: 2018-05-18}
}

@misc{pepperdocs,
  title = {Aldebaran Software 2.1.0.18 documentation},
  author = {{Aldebaran Robotics}},
  howpublished = {\url{http://doc.aldebaran.com/2-0/family/juliette_user_guide/webpage_access.html}},
  note = {Accessed: 2018-05-18}
}

@misc{rethinkdocs,
  title = {Baxter Research Robot Wiki},
  author = {{Rethink Robotics}},
  howpublished = {\url{http://sdk.rethinkrobotics.com/wiki/Robot_Hostname}},
  note = {Accessed: 2018-05-18}
}



@article{articlefinger,
author = {Smart, Matthew and Robert Malan, G and Jahanian, Farnam},
year = {2000},
month = {01},
pages = {},
title = {Defeating TCP/IP stack fingerprinting}
}

@article{iso2017iec,
  title={Systems and software engineering—Vocabulary ISO/IEC/IEEE 24765: 2017},
  author={IEEE Standards Association and others},
  journal={ISO/IEC/IEEE},
  volume={24765},
  year={2017}
}

@misc{threat0,
    title = {Jan. 25, 1979: Robot kills human},
    author={Kravets, David},
    year={2010},
    journal={Wired},
    howpublished = {\url{https://www.wired.com/2010/01/0125robot-kills-worker/}},
    url={https://www.wired.com/2010/01/0125robot-kills-worker/},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat1,
    title = {Robot kills factory worker},
    author={Whymant, Robert},
    year={2014},
    journal={TheGuardian},
    url = {https://www.theguardian.com/theguardian/2014/dec/09/robot-kills-factory-worker},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat2,
    title = {Robot kills man at Volkswagen plant in Germany},
    author={Huggler, Justin},
    year={2015},
    journal={Telegraph},
    url = {https://www.telegraph.co.uk/news/worldnews/europe/germany/11712513/Robot-kills-man-at-Volkswagen-plant-in-Germany},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat3,
    title = {Mall security bot knocks down toddler, breaks Asimov first law of robotics},
    author={Vincent, James},
    year={2016},
    journal={The Verge},
    url = {https://www.theverge.com/2016/7/13/12170640/mall-security-robot-k5-knocks-down-toddler},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat4,
    title = {Dallas deployment of robot bomb to kill suspect is “without precedent”},
    author={Farivar, Cyrus},
    year={2016},
    journal={Ars Technica},
    url = {https://arstechnica.com/tech-policy/2016/07/is-it-ok-to-send-a-police-robot-to-deliver-a-bomb-to-kill-an-active-shooter},
    note = {Accessed: 2018-05-19}
  }
  @misc{threat5,
    title = {Robotic surgery linked to 144 deaths in the US},
    author={Unknown},
    year={2015},
    journal={BBC},
    howpublished = {http://www.bbc.com/news/technology-33609495},
    note = {Accessed: 2018-05-19}
  }

@ARTICLE{2018arXiv180504101G,
   author = {{Giaretta}, A. and {De Donno}, M. and {Dragoni}, N.},
    title = "{Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1805.04101},
 primaryClass = "cs.CR",
 keywords = {Computer Science - Cryptography and Security},
     year = 2018,
    month = may,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180504101G},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}


@techreport{IEC62443,
  title={Industrial Communication Networks Network and System Security Part 1-1: Terminology, Concepts and Models, IEC},
  author={International Electrotechnical Commission and others},
  year={2009},
  institution={TS 62443-1-1 ed1. 0, Geneva, Switzerland}
}

@techreport{sedgewick2014framework,
  title={Framework for improving critical infrastructure cybersecurity, version 1.0},
  author={Sedgewick, Adam},
  year={2014}
}

@techreport{nistframework,
  title={Framework for Improving Critical Infrastructure Cybersecurity},
  author={National Institute of Standards and Technology},
  institution={National Institute of Standards and Technology},
  year={2016},
  note={Version 1.1}
}

@ARTICLE{2016arXiv160805742Z,
   author = {{Zamora}, I. and {Gonzalez Lopez}, N. and {Mayoral Vilches}, V. and
	{Hernandez Cordero}, A.},
    title = "{Extending the OpenAI Gym for robotics: a toolkit for reinforcement learning using ROS and Gazebo}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1608.05742},
 primaryClass = "cs.RO",
 keywords = {Computer Science - Robotics},
     year = 2016,
    month = aug,
   adsurl = {http://adsabs.harvard.edu/abs/2016arXiv160805742Z},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@ARTICLE{2018arXiv180204082M,
   author = {{Mayoral}, V. and {Kojcev}, R. and {Etxezarreta}, N. and {Hern{\'a}ndez}, A. and
	{Zamalloa}, I.},
    title = "{Towards self-adaptable robots: from programming to training machines}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1802.04082},
 primaryClass = "cs.RO",
 keywords = {Computer Science - Robotics},
     year = 2018,
    month = feb,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180204082M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@ARTICLE{2016arXiv160302199L,
   author = {{Levine}, S. and {Pastor}, P. and {Krizhevsky}, A. and {Quillen}, D.
	},
    title = "{Learning Hand-Eye Coordination for Robotic Grasping with Deep Learning and Large-Scale Data Collection}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1603.02199},
 primaryClass = "cs.LG",
 keywords = {Computer Science - Learning, Computer Science - Artificial Intelligence, Computer Science - Computer Vision and Pattern Recognition, Computer Science - Robotics},
     year = 2016,
    month = mar,
   adsurl = {http://adsabs.harvard.edu/abs/2016arXiv160302199L},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{1606.01540,
  Author = {Greg Brockman and Vicki Cheung and Ludwig Pettersson and Jonas Schneider and John Schulman and Jie Tang and Wojciech Zaremba},
  Title = {OpenAI Gym},
  Year = {2016},
  Eprint = {arXiv:1606.01540},
}

@inproceedings{todorov2012mujoco,
  title={Mujoco: A physics engine for model-based control},
  author={Todorov, Emanuel and Erez, Tom and Tassa, Yuval},
  booktitle={Intelligent Robots and Systems (IROS), 2012 IEEE/RSJ International Conference on},
  pages={5026--5033},
  year={2012},
  organization={IEEE}
}


@inproceedings{koenig2004design,
  title={Design and use paradigms for gazebo, an open-source multi-robot simulator},
  author={Koenig, Nathan and Howard, Andrew},
  booktitle={Intelligent Robots and Systems, 2004.(IROS 2004). Proceedings. 2004 IEEE/RSJ International Conference on},
  volume={3},
  pages={2149--2154},
  year={2004},
  organization={IEEE}
}

@inproceedings{Quigley09,
author="Morgan Quigley and Brian Gerkey and Ken Conley and Josh Faust and
Tully Foote and Jeremy Leibs and Eric Berger and Rob Wheeler and Andrew Ng",
title="ROS: an open-source Robot Operating System",
booktitle="Proc. of the IEEE Intl. Conf. on Robotics and Automation (ICRA)
Workshop on Open Source Robotics",
month = may,
year=2009,
address="Kobe, Japan"
}

@article{stooke2018accelerated,
  title={Accelerated Methods for Deep Reinforcement Learning},
  author={Stooke, Adam and Abbeel, Pieter},
  journal={arXiv preprint arXiv:1803.02811},
  year={2018}
}

@ARTICLE{2017arXiv171209381L,
   author = {{Liang}, E. and {Liaw}, R. and {Moritz}, P. and {Nishihara}, R. and
	{Fox}, R. and {Goldberg}, K. and {Gonzalez}, J.~E. and {Jordan}, M.~I. and
	{Stoica}, I.},
    title = "{Ray RLlib: A Framework for Distributed Reinforcement Learning}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1712.09381},
 primaryClass = "cs.AI",
 keywords = {Computer Science - Artificial Intelligence, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Learning},
     year = 2017,
    month = dec,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv171209381L},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{pytorchrl,
  author = {Kostrikov, Ilya},
  title = {PyTorch Implementations of Reinforcement Learning Algorithms},
  year = {2018},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/ikostrikov/pytorch-a2c-ppo-acktr}},
}

@misc{baselines,
  author = {Dhariwal, Prafulla and Hesse, Christopher and Klimov, Oleg and Nichol, Alex and Plappert, Matthias and Radford, Alec and Schulman, John and Sidor, Szymon and Wu, Yuhuai},
  title = {OpenAI Baselines},
  year = {2017},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/openai/baselines}},
}

@ARTICLE{2017arXiv170902878H,
   author = {{Hafner}, D. and {Davidson}, J. and {Vanhoucke}, V.},
    title = "{TensorFlow Agents: Efficient Batched Reinforcement Learning in TensorFlow}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1709.02878},
 primaryClass = "cs.LG",
 keywords = {Computer Science - Learning, Computer Science - Artificial Intelligence},
     year = 2017,
    month = sep,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv170902878H},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{caspi_itai_2017_1134899,
  author       = {Caspi, Itai and
                  Leibovich, Gal and
                  Novik, Gal},
  title        = {Reinforcement Learning Coach},
  month        = dec,
  year         = 2017,
  doi          = {10.5281/zenodo.1134899},
  url          = {https://doi.org/10.5281/zenodo.1134899}
}

@ARTICLE{2017arXiv171205889M,
   author = {{Moritz}, P. and {Nishihara}, R. and {Wang}, S. and {Tumanov}, A. and
	{Liaw}, R. and {Liang}, E. and {Paul}, W. and {Jordan}, M.~I. and
	{Stoica}, I.},
    title = "{Ray: A Distributed Framework for Emerging AI Applications}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1712.05889},
 primaryClass = "cs.DC",
 keywords = {Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Artificial Intelligence, Computer Science - Learning, Statistics - Machine Learning},
     year = 2017,
    month = dec,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv171205889M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@inproceedings{brewer2015kubernetes,
  title={Kubernetes and the path to cloud native},
  author={Brewer, Eric A},
  booktitle={Proceedings of the Sixth ACM Symposium on Cloud Computing},
  pages={167--167},
  year={2015},
  organization={ACM}
}
@article{buyya1999high,
  title={High performance cluster computing},
  author={Buyya, Rajkumar},
  journal={New Jersey: F’rentice},
  year={1999}
}
@article{rosen2006bgp,
  title={BGP/MPLS IP virtual private networks (VPNs)},
  author={Rosen, Eric C and Rekhter, Yakov},
  year={2006}
}

@INPROCEEDINGS{8046383,
author={V. Mayoral and A. Hernández and R. Kojcev and I. Muguruza and I. Zamalloa and A. Bilbao and L. Usategi},
booktitle={2017 NASA/ESA Conference on Adaptive Hardware and Systems (AHS)},
title={The shift in the robotics paradigm: The Hardware Robot Operating System (H-ROS); an infrastructure to create interoperable robot components},
year={2017},
pages={229-236},
keywords={control engineering computing;operating systems (computers);robots;H-ROS;building robots;hardware robot operating system;internal representation model;robot components;robot hardware components;robotics paradigm;software infrastructure;Hardware;Robot kinematics;Robot sensing systems;Service robots;Software;Standards;ROS;hardware;real-time Ethernet;robotics;standard},
doi={10.1109/AHS.2017.8046383},
month={July},
}

@techreport{hackerreport2018,
     title = {The 2018 hacker report},
     author = {hackerone},
     year = {2018},
     url = {https://www.hackerone.com/sites/default/files/2018-01/2018_Hacker_Report.pdf}
}

@techreport{hackerreport2017,
     title = {The hacker-powered security report},
     author = {hackerone},
     year = {2017},
     url = {https://www.hackerone.com/sites/default/files/2017-06/The%20Hacker-Powered%20Security%20Report.pdf}
}

@mastersthesis{shyvakov2017developing,
  title={Developing a security framework for robots},
  author={Shyvakov, Oleksandr},
  year={2017},
  school={University of Twente}
}

@article{park2017security,
  title={Security assessment framework for IoT service},
  author={Park, Keon Chul and Shin, Dong-Hee},
  journal={Telecommunication Systems},
  volume={64},
  number={1},
  pages={193--209},
  year={2017},
  publisher={Springer}
}


@misc{usbhacks,
  title = {Top 5 USB Hacks that PWN You},
  howpublished = {\url{http://geeknizer.com/top-usb-hacks-pwn/}},
  note = {Accessed: 2018-05-18}
}

@misc{pepperdocs,
  title = {Aldebaran Software 2.1.0.18 documentation},
  howpublished = {\url{http://doc.aldebaran.com/2-0/family/juliette_user_guide/webpage_access.html}},
  note = {Accessed: 2018-05-18}
}

@misc{rethinkdocs,
  title = {Baxter Research Robot Wiki},
  howpublished = {\url{http://sdk.rethinkrobotics.com/wiki/Robot_Hostname}},
  note = {Accessed: 2018-05-18}
}



@article{articlefinger,
author = {Smart, Matthew and Robert Malan, G and Jahanian, Farnam},
year = {2000},
month = {01},
pages = {},
title = {Defeating TCP/IP stack fingerprinting}
}

@article{iso2017iec,
  title={Systems and software engineering—Vocabulary ISO/IEC/IEEE 24765: 2017},
  author={IEEE Standards Association and others},
  journal={ISO/IEC/IEEE},
  volume={24765},
  year={2017}
}

@misc{threat0,
  title = {Jan. 25, 1979: Robot kills human},
  howpublished = {\url{https://www.wired.com/2010/01/0125robot-kills-worker/}},
  note = {Accessed: 2018-05-19}
}

@misc{threat1,
  title = {Robot kills factory worker},
  howpublished = {\url{https://www.theguardian.com/theguardian/2014/dec/09/robot-kills-factory-worker}},
  note = {Accessed: 2018-05-19}
}


@misc{threat2,
  title = {Robot kills man at Volkswagen plant in Germany},
  howpublished = {\url{https://www.telegraph.co.uk/news/worldnews/europe/germany/11712513/Robot-kills-man-at-Volkswagen-plant-in-Germany.html}},
  note = {Accessed: 2018-05-19}
}

@misc{threat3,
  title = {Mall security bot knocks down toddler, breaks Asimov's first law of robotics},
  howpublished = {\url{https://www.theverge.com/2016/7/13/12170640/mall-security-robot-k5-knocks-down-toddler}},
  note = {Accessed: 2018-05-19}
}

@misc{threat4,
  title = {Dallas deployment of robot bomb to kill suspect is “without precedent”},
  howpublished = {\url{https://arstechnica.com/tech-policy/2016/07/is-it-ok-to-send-a-police-robot-to-deliver-a-bomb-to-kill-an-active-shooter}},
  note = {Accessed: 2018-05-19}
}

@misc{threat5,
  title = {Robotic surgery linked to 144 deaths in the US},
  howpublished = {\url{http://www.bbc.com/news/technology-33609495}},
  note = {Accessed: 2018-05-19}
}

@ARTICLE{2018arXiv180504101G,
   author = {{Giaretta}, A. and {De Donno}, M. and {Dragoni}, N.},
    title = "{Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1805.04101},
 primaryClass = "cs.CR",
 keywords = {Computer Science - Cryptography and Security},
     year = 2018,
    month = may,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180504101G},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{safetysecurity,
  title = {The interaction between safety and security},
  author = {Swinscow-Hall, Duncan},
  howpublished = {\url{https://wwwf.imperial.ac.uk/blog/security-institute/2017/01/03/the-relationship-between-safety-and-security/}},
  year = 2017,
  note = {Accessed: 2018-05-31}
}

@ARTICLE{1673343,
author={G. Stoneburner},
journal={Computer},
title={Toward a Unified Security-Safety Model},
year={2006},
volume={39},
number={8},
pages={96-97},
keywords={risk management;safety;security;real-world computing systems;risk management common language;unified security-safety risk framework;FAA;Hazards;Humans;Laboratories;NIST;Physics;Risk management;Safety;Security;Taxonomy;risk taxonomy;security},
doi={10.1109/MC.2006.283},
ISSN={0018-9162},
month={Aug},}

@misc{vulnstudy,
  title = {Vulnerability study questions accuracy of CVSS scores},
  howpublished = {\url{https://searchsecurity.techtarget.com/news/4500247643/Vulnerability-study-questions-accuracy-of-CVSS-scores}},
  note = {Accessed: 2018-06-2}
}

@misc{cvssiot,
  title = {https://insights.sei.cmu.edu/cert/2015/09/cvss-and-the-internet-of-things.html},
  howpublished = {\url{https://insights.sei.cmu.edu/cert/2015/09/cvss-and-the-internet-of-things.html}},
  note = {Accessed: 2018-06-2}
}

@unknown{cvss2,
author = {Attila, Horvath and Erdősi, Péter Máté and Kiss, Ferenc},
year = {2016},
month = {01},
pages = {137-153},
title = {The Common Vulnerability Scoring System (CVSS) generations – usefulness and deficiencies},
isbn = {978-615-80061-5-6}
}

@article{RUOHONEN2017,
title = "A look at the time delays in CVSS vulnerability scoring",
journal = "Applied Computing and Informatics",
year = "2017",
issn = "2210-8327",
doi = "https://doi.org/10.1016/j.aci.2017.12.002",
url = "http://www.sciencedirect.com/science/article/pii/S2210832717302995",
author = "Jukka Ruohonen",
keywords = "Software vulnerability, Vulnerability severity, Severity scoring, Database maintenance, Cyber security"
}

https://www.first.org/cvss/v1/

@misc{cvssv1,
  title = {Common Vulnerability Scoring System v1 Archive},
  howpublished = {\url{https://www.first.org/cvss/v1/}},
  note = {Accessed: 2018-06-5}
}

@ARTICLE{RSF,
   author = {{Mayoral Vilches}, V. and {Alzola-Kirschgens}, L. and {Bilbao Calvo}, A. and
	{Hernández Cordero}, A. and {Izquierdo Pisón}, R. and
	{Mayoral Vilches}, D. and {Muñiz Rosas}, A. and {Olalde Mendia}, G. and
	{Usategi San Juan}, L. and {Zamalloa Ugarte}, I. and {Gil-Uriarte}, E. and
	{Tews}, E. and {Peter}, A.},
    title = {Introducing the Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics},
  journal = {ArXiv e-prints},
archivePrefix = {arXiv},
   eprint = {1806.04042},
 primaryClass = {cs.CR},
 keywords = {Computer Science - Cryptography and Security, Computer Science - Robotics},
     year = 2018,
    month = jun,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180604042M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System},
  url = {https://arxiv.org/abs/1806.04042}
}

@misc{cvss3improvements,
  author = {Nazira Carlage},
  title = {List of Potential Future CVSS Improvements},
  howpublished = {\url{https://www.first.org/cvss/workitems}},
  note = {Accessed: 2018-07-14}
}



@ARTICLE{2018arXiv180504101G,
   author = {{Giaretta}, A. and {De Donno}, M. and {Dragoni}, N.},
    title = "{Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1805.04101},
 primaryClass = "cs.CR",
 keywords = {Computer Science - Cryptography and Security},
     year = 2018,
    month = may,
   adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180504101G},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@misc{Surgery,
title = {Robotic surgery linked to 144 deaths in the US},
howpublished = {\url{http://www.bbc.com/news/technology-33609495}},
  year = {2015},
  journal = {BBC},
  note = {Accessed: 2018-06-2},
}


@misc{1606.01540,
  Author = {Greg Brockman and Vicki Cheung and Ludwig Pettersson and Jonas Schneider and John Schulman and Jie Tang and Wojciech Zaremba},
  Title = {OpenAI Gym},
  Year = {2016},
  Eprint = {arXiv:1606.01540},
}






@ARTICLE{2017arXiv171205889M,
   author = {{Moritz}, P. and {Nishihara}, R. and {Wang}, S. and {Tumanov}, A. and
	{Liaw}, R. and {Liang}, E. and {Paul}, W. and {Jordan}, M.~I. and
	{Stoica}, I.},
    title = "{Ray: A Distributed Framework for Emerging AI Applications}",
  journal = {ArXiv e-prints},
archivePrefix = "arXiv",
   eprint = {1712.05889},
 primaryClass = "cs.DC",
 keywords = {Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Artificial Intelligence, Computer Science - Learning, Statistics - Machine Learning},
     year = 2017,
    month = dec,
   adsurl = {http://adsabs.harvard.edu/abs/2017arXiv171205889M},
  adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}

@inproceedings{brewer2015kubernetes,
  title={Kubernetes and the path to cloud native},
  author={Brewer, Eric A},
  booktitle={Proceedings of the Sixth ACM Symposium on Cloud Computing},
  pages={167--167},
  year={2015},
  organization={ACM}
}
@article{buyya1999high,
  title={High performance cluster computing},
  author={Buyya, Rajkumar},
  journal={New Jersey: F’rentice},
  year={1999}
}
@article{rosen2006bgp,
  title={BGP/MPLS IP virtual private networks (VPNs)},
  author={Rosen, Eric C and Rekhter, Yakov},
  year={2006}
}

@INPROCEEDINGS{8046383,
author={V. Mayoral and A. Hernández and R. Kojcev and I. Muguruza and I. Zamalloa and A. Bilbao and L. Usategi},
booktitle={2017 NASA/ESA Conference on Adaptive Hardware and Systems (AHS)},
title={The shift in the robotics paradigm: The Hardware Robot Operating System (H-ROS); an infrastructure to create interoperable robot components},
year={2017},
volume={},
number={},
pages={229-236},
keywords={control engineering computing;operating systems (computers);robots;H-ROS;building robots;hardware robot operating system;internal representation model;robot components;robot hardware components;robotics paradigm;software infrastructure;Hardware;Robot kinematics;Robot sensing systems;Service robots;Software;Standards;ROS;hardware;real-time Ethernet;robotics;standard},
doi={10.1109/AHS.2017.8046383},
ISSN={},
month={July},}

@techreport{hackerreport2018,
     title = {The 2018 hacker report},
     author = {hackerone},
     year = {2018},
     url = {https://www.hackerone.com/sites/default/files/2018-01/2018_Hacker_Report.pdf}
}

@techreport{hackerreport2017,
     title = {The hacker-powered security report},
     author = {hackerone},
     year = {2017},
     url = {https://www.hackerone.com/sites/default/files/2017-06/The%20Hacker-Powered%20Security%20Report.pdf}
}

@mastersthesis{shyvakov2017developing,
  title={Developing a security framework for robots},
  author={Shyvakov, Oleksandr},
  year={2017},
  school={University of Twente}
}

@article{park2017security,
  title={Security assessment framework for IoT service},
  author={Park, Keon Chul and Shin, Dong-Hee},
  journal={Telecommunication Systems},
  volume={64},
  number={1},
  pages={193--209},
  year={2017},
  publisher={Springer}
}

@misc{usbhacks,
  title = {Top 5 USB Hacks that PWN You},
  howpublished = {\url{http://geeknizer.com/top-usb-hacks-pwn/}},
  note = {Accessed: 2018-05-18}
}

@misc{pepperdocs,
  title = {Aldebaran Software 2.1.0.18 documentation},
  howpublished = {\url{http://doc.aldebaran.com/2-0/family/juliette_user_guide/webpage_access.html}},
  note = {Accessed: 2018-05-18}
}

@misc{rethinkdocs,
  title = {Baxter Research Robot Wiki},
  howpublished = {\url{http://sdk.rethinkrobotics.com/wiki/Robot_Hostname}},
  note = {Accessed: 2018-05-18}
}



@article{articlefinger,
author = {Smart, Matthew and Robert Malan, G and Jahanian, Farnam},
year = {2000},
month = {01},
pages = {},
title = {Defeating TCP/IP stack fingerprinting}
}

@article{iso2017iec,
  title={Systems and software engineering—Vocabulary ISO/IEC/IEEE 24765: 2017},
  author={IEEE Standards Association and others},
  journal={ISO/IEC/IEEE},
  volume={24765},
  year={2017}
}

@misc{threat0,
  title = {Jan. 25, 1979: Robot kills human},
  howpublished = {\url{https://www.wired.com/2010/01/0125robot-kills-worker/}},
  year = {2010},
  author = {Kravets, David},
  journal = {Wired},
  note = {Accessed: 2018-05-19}
}


@misc{threat4,
  title = {Dallas deployment of robot bomb to kill suspect is “without precedent”},
  howpublished = {\url{https://arstechnica.com/tech-policy/2016/07/is-it-ok-to-send-a-police-robot-to-deliver-a-bomb-to-kill-an-active-shooter}},
  note = {Accessed: 2018-05-19}
}

@misc{threat5,
  title = {Robotic surgery linked to 144 deaths in the US},
  howpublished = {\url{http://www.bbc.com/news/technology-33609495}},
  year = {2015},
  author = {BBC},
  note = {Accessed: 2018-05-19},
}

@misc{firstkiller,
  title = {The first 'Killer robot' was around back in 1979},
  author={Young, Bryan},
  howpublished = {\url{https://science.howstuffworks.com/first-killer-robot-was-around-back-in-1979.htm}},
  year = {2018},
  note = {Accessed: 2018-05-19}
}


@misc{deathjapan,
  title = {From the archive, 9 December 1981: Robot kills factory worker},
  howpublished = {\url{https://www.theguardian.com/theguardian/2014/dec/09/robot-kills-factory-worker}},
  year = {2014},
  author = {Whymant, Robert},
  journal = {The Guardian},
  note = {Accessed: 2018-06-05}
}


@misc{historyofrobotics,
  title = {The History of Robotics in Manufacturing},
  howpublished =
  {\url{http://cerasis.com/2014/10/06/robotics-in-manufacturing/}},
  year = {2014},
  author = {Robinson, Adam},
  journal = {Cerasis},
  note = {Accessed: 2018-06-05}
}

@misc{33death,
  title = {As robotics advances, worries about killer robots rise},
  howpublished = {\url{https://mobile.nytimes.com/2014/06/17/upshot/danger-robots-working.html?smid=tw-nytimes&_r=1&referrer=}},
  year = {2014},
  author = {Markoff, John and Cain Miller, Claire},
  journal = {The New York Times},
  note = {Accessed: 2018-06-05}
}

@misc{Alabama,
  title = {Alabama auto parts supplier fined 2,5 million dollar fine after woman was crushed to death by robotic machine},
  howpublished = {\url{https://www.al.com/business/index.ssf/2016/12/alabama_auto_supplier_agencies.html}},
  year = {2016},
  author = {Thornton, William},
  journal = {Alabama Business},
  note = {Accessed: 2018-06-05}
}

@misc{threat2,
  title = {Robot kills man at Volkswagen plant in Germany},
  author = {Telegraph News},
  howpublished = {\url{https://www.telegraph.co.uk/news/worldnews/europe/germany/11712513/Robot-kills-man-at-Volkswagen-plant-in-Germany.html}},
  note = {Accessed: 2018-05-19}
}

@misc{hundredgermany,
  title = {Industrieroboter: Hundert Umfälle im Jahr},
  howpublished = {\url{https://www.tagesspiegel.de/wissen/industrieroboter-100-unfaelle-im-jahr/8700888.html}},
  year = {2013},
  author = {Donner, Susanne},
  journal = {Alabama Business},
  note = {Accessed: 2018-05-19}
}

@misc{water,
  title = {Robot al agua: ojos inteligentes pero no para las escaleras},
  howpublished = {\url{https://www.nytimes.com/es/2017/07/18/knightscope-k5-accidente/}},
  year = {2017},
  author = {Mele, Christopher},
  journal = {The New York Times},
  note = {Accessed: 2018-05-19}
}

@misc{threat3,
  title = {Mall security bot knocks down toddler, breaks Asimov's first law of robotics},
  howpublished = {\url{https://www.theverge.com/2016/7/13/12170640/mall-security-robot-k5-knocks-down-toddler}},
  year = {2016},
  author = {James, Vincent},
  journal = {The Verge},
  note = {Accessed: 2018-05-19}
}

@misc{creepy,
  title = {Laguardia airport security robot is giving women the creeps},
  howpublished = {\url{https://nypost.com/2018/05/03/laguardia-airports-security-robot-is-giving-women-the-creeps/}},
  year = {2018},
  author = {Kevin Sheehan,  Danielle Furfaro and Brown, Ruth},
  journal = {New York Post},
  note = {Accessed: 2018-05-19}
}

@inproceedings{denning2009spotlight,
  title={A spotlight on security and privacy risks with future household robots: attacks and lessons},
  author={Denning, Tamara and Matuszek, Cynthia and Koscher, Karl and Smith, Joshua R and Kohno, Tadayoshi},
  booktitle={Proceedings of the 11th international conference on Ubiquitous computing},
  pages={105--114},
  year={2009},
  organization={ACM}
}

@misc{patrol,
  title = {11 police robots patrolling around the world},
  howpublished = {\url{https://www.wired.com/2016/07/11-police-robots-patrolling-around-world/}},
  note = {Accessed: 2018-06-03}
}

@inproceedings{arkin2008governing,
  title={Governing lethal behavior: embedding ethics in a hybrid deliberative/reactive robot architecture},
  author={Arkin, Ronald C},
  booktitle={Proceedings of the 3rd ACM/IEEE international conference on Human robot interaction},
  pages={121--128},
  year={2008},
  organization={ACM}
}

@misc{mediavw,
  title = {Tödlicher Roboter-Umfall bei VW: 29 Jähriger angeklagt},
  howpublished =  {\url{https://bit.ly/2JB0mJ1}},
  year = {2017},
  author = {Kühling, Sven},
  journal = {Hessisch Niedersächsische Allgemeine Zeitung},
  note = {Accessed: 2018-06-03}
}

@misc{chinarestaurants,
  title = {Restaurants in China are replacing waiters with robots},
  howpublished =  {\url{http://www.businessinsider.com/chinese-restaurant-robot-waiters-2016-7}},
  note = {Accessed: 2018-06-03}
}

@inproceedings{ifr,
  title={The impact of robots on productivity, employment or jobs},
  author={IFR},
  booktitle={},
  pages={},
  year={2017},
  organization={IFR}
}


@misc{10million,
  title = {10 million awarded to family of plant worker killed by robot},
  howpublished =  {\url{https://news.google.com/newspapers?id=7KMyAAAAIBAJ&sjid=Bu8FAAAAIBAJ&pg=3301,87702&dq=flat-rock+williams+robot&hl=en}},
  year = {1983},
  author = {Knight-Ridder},
  note = {Accessed: 2018-06-01}
}

@misc{davinci,
  title = {Robot surgery firm from Sunnyvale facing lawsuits, reports of death and injury},
  howpublished = {\url{https://bayareane.ws/2JrGbRP}},
  year = {2017},
  author = {Baron, Ethan},
  journal = {The Mercury News},
  note = {Accessed: 2018-06-01}
}


@incollection{Matellan2017,
author = {Vicente Matellan and Camino Fernández-Llamas and Ángel Manuel Guerrero-Higueras and Francisco Javier Rodríguez-Lera},
title = {Cybersecurity of Robotics and Autonomous Systems: Privacy and Safety},
booktitle = {Robotics},
publisher = {InTech},
address = {Rijeka},
year = {2017},
editor = {Dekoulis, George},
chapter = {5},
doi = {10.5772/intechopen.69796},
url = {https://doi.org/10.5772/intechopen.69796}
}


@misc{elonmusk,
title = {Elon Musk Is Right: You Should Worry More About Robots Threatening Your Life Than Your Job},
howpublished = {\url{https://www.forbes.com/sites/forbestechcouncil/2017/12/11/elon-musk-is-right-you-should-worry-more-about-robots-threatening-your-life-than-your-job/#3fcbcaa2401b}},
  note = {Accessed: 2018-06-8}
}

@misc{iso,
title = {International Standard ISO 10218-1:Robots and robotic devices — Safety requirements for industrial robots — Part 1: Robots},
howpublished = {\url{https://www.iso.org/standard/51330.html?browse=tc}},
  note = {Accessed: 2018-06-8}
}

@misc{indiakill,
title = {Worker killed by robot in welding accident at car parts factory in India},
howpublished = {\url{https://ind.pn/2sZpjqC}},
  year = {2015},
  author = {Dearden, Lizzie},
  journal = {Independent},
  note = {Accessed: 2018-06-9}
}

@misc{wordstomorrow,
    title = {The Words of Tomorrow},
    author = {Silverman, Rachel Emma},
    year = {2000},
    journal = {Wall Street Journal},
    howpublished = {\url{https://www.wsj.com/millennium/articles/SB944517141695981261.htm}},
    url = {https://www.wsj.com/millennium/articles/SB944517141695981261.htm},
    note = {Accessed: 2018-06-9}
}

@article{lera2016ciberseguridad,
  title={Ciberseguridad en robots aut{\'o}nomos: An{\'a}lisis y evaluaci{\'o}n multiplataforma del bastionado ROS},
  author={Lera, Francisco Javier Rodr{\i}guez and Matell{\'a}n, Vicente and Balsa, Jes{\'u}s and Casado, Fernando},
  journal={Actas Jornadas Sarteco},
  pages={571--578},
  year={2016}
}

@article{lera2016cybersecurity,
  title={Cybersecurity in Autonomous Systems: Evaluating the performance of hardening ROS},
  author={Lera, Francisco Javier Rodr{\i}guez and Balsa, Jes{\'u}s and Casado, Fernando and Fern{\'a}ndez, Camino and Rico, Francisco Mart{\i}n and Matell{\'a}n, Vicente},
  journal={M{\'a}laga, Spain},
  volume={47},
  year={2016}
}

@article{lera2017cybersecurity,
  title={Cybersecurity of robotics and autonomous systems: privacy and safety},
  author={Lera, Francisco J Rodr{\'\i}guez and Llamas, Camino Fern{\'a}ndez and Guerrero, {\'A}ngel Manuel and Olivera, Vicente Matell{\'a}n},
  journal={Robotics-Legal, Ethical and Socioeconomic Impacts},
  year={2017},
  publisher={IntechOpen}
}

@article{guerrero2017empirical,
  title={Empirical analysis of cyber-attacks to an indoor real time localization system for autonomous robots},
  author={Guerrero-Higueras, {\'A}ngel Manuel and DeCastro-Garc{\'\i}a, Noem{\'\i} and Rodr{\'\i}guez-Lera, Francisco Javier and Matell{\'a}n, Vicente},
  journal={Computers \& Security},
  volume={70},
  pages={422--435},
  year={2017},
  publisher={Elsevier}
}

@article{rodriguez2018message,
  title={Message encryption in robot operating system: Collateral effects of hardening mobile robots},
  author={Rodr{\'\i}guez-Lera, Francisco J and Matell{\'a}n-Olivera, Vicente and Balsa-Comer{\'o}n, Jes{\'u}s and Guerrero-Higueras, {\'A}ngel Manuel and Fern{\'a}ndez-Llamas, Camino},
  journal={Frontiers in ICT},
  volume={5},
  pages={2},
  year={2018},
  publisher={Frontiers}
}

@inproceedings{balsa2017cybersecurity,
  title={Cybersecurity in autonomous systems: hardening ROS using encrypted communications and semantic rules},
  author={Balsa-Comer{\'o}n, Jes{\'u}s and Guerrero-Higueras, {\'A}ngel Manuel and Rodr{\'\i}guez-Lera, Francisco Javier and Fern{\'a}ndez-Llamas, Camino and Matell{\'a}n-Olivera, Vicente},
  booktitle={Iberian Robotics Conference},
  pages={67--78},
  year={2017},
  organization={Springer}
}

@article{white2016sros,
  title={SROS: Securing ROS over the wire, in the graph, and through the kernel},
  author={White, Ruffin and Christensen, Dr and Henrik, I and Quigley, Dr and others},
  journal={arXiv preprint arXiv:1611.07060},
  year={2016}
}

@inproceedings{white2018procedurally,
  title={Procedurally provisioned access control for robotic systems},
  author={White, Ruffin and Christensen, Henrik I and Caiazza, Gianluca and Cortesi, Agostino},
  booktitle={2018 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS)},
  pages={1--9},
  year={2018},
  organization={IEEE}
}

@incollection{white2019sros1,
  title={Sros1: Using and developing secure ros1 systems},
  author={White, Ruffin and Caiazza, Gianluca and Christensen, Henrik and Cortesi, Agostino},
  booktitle={Robot Operating System (ROS)},
  pages={373--405},
  year={2019},
  publisher={Springer}
}

@mastersthesis{caiazza2017security,
  title={Security Enhancements of Robot Operating Systems},
  author={Caiazza, Gianluca},
  type={{B.S.} thesis},
  year={2017},
  school={Universit{\`a} Ca'Foscari Venezia}
}

@inproceedings{white2019network,
  title={Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems},
  author={White, Ruffin and Caiazza, Gianluca and Jiang, Chenxu and Ou, Xinyue and Yang, Zhiyue and Cortesi, Agostino and Christensen, Henrik},
  booktitle={2019 IEEE European Symposium on Security and Privacy Workshops (EuroS\&PW)},
  pages={57--66},
  year={2019},
  organization={IEEE}
}

@incollection{caiazza2019enhancing,
  title={Enhancing security in ROS},
  author={Caiazza, Gianluca and White, Ruffin and Cortesi, Agostino},
  booktitle={Advanced Computing and Systems for Security},
  pages={3--15},
  year={2019},
  publisher={Springer}
}

@article{white2019black,
  title={Black Block Recorder: Immutable Black Box Logging for Robots via Blockchain},
  author={White, Ruffin and Caiazza, Gianluca and Cortesi, Agostino and Im Cho, Young and Christensen, Henrik I},
  journal={IEEE Robotics and Automation Letters},
  volume={4},
  number={4},
  pages={3812--3819},
  year={2019},
  publisher={IEEE}
}

@inproceedings{dieber2016application,
  title={Application-level security for ROS-based applications},
  author={Dieber, Bernhard and Kacianka, Severin and Rass, Stefan and Schartner, Peter},
  booktitle={2016 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS)},
  pages={4477--4482},
  year={2016},
  organization={IEEE}
}

@inproceedings{taurer2018secure,
  title={Secure data recording and bio-inspired functional integrity for intelligent robots},
  author={Taurer, Sebastian and Dieber, Bernhard and Schartner, Peter},
  booktitle={2018 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS)},
  pages={8723--8728},
  year={2018},
  organization={IEEE}
}

@article{dieber2017safety,
  title={Safety \& Security--Erfolgsfaktoren von sensitiven Robotertechnologien},
  author={Dieber, Bernhard and Schlotzhauer, Andreas and Brandst{\"o}tter, Mathias},
  journal={e \& i Elektrotechnik und Informationstechnik},
  volume={134},
  number={6},
  pages={299--303},
  year={2017},
  publisher={Springer}
}

@incollection{dieber2020penetration,
  title={Penetration testing ROS},
  author={Dieber, Bernhard and White, Ruffin and Taurer, Sebastian and Breiling, Benjamin and Caiazza, Gianluca and Christensen, Henrik and Cortesi, Agostino},
  booktitle={Robot Operating System (ROS)},
  pages={183--225},
  year={2020},
  publisher={Springer}
}

@inproceedings{dieber2019security,
  title={Security considerations in modular mobile manipulation},
  author={Dieber, Bernhard and Breiling, Benjamin},
  booktitle={2019 Third IEEE International Conference on Robotic Computing (IRC)},
  pages={70--77},
  year={2019},
  organization={IEEE}
}

@article{lecun2015deep,
  title={Deep learning},
  author={LeCun, Yann and Bengio, Yoshua and Hinton, Geoffrey},
  journal={nature},
  volume={521},
  number={7553},
  pages={436--444},
  year={2015},
  publisher={Nature Publishing Group}
}


@article{rescorla2005finding,
  title={Is finding security holes a good idea?},
  author={Rescorla, Eric},
  journal={IEEE Security \& Privacy},
  volume={3},
  number={1},
  pages={14--19},
  year={2005},
  publisher={IEEE}
}

@misc{ivers_2017, title={Security vs. Quality: What's the Difference?}, url={https://www.securityweek.com/security-vs-quality-what’s-difference}, journal={SecurityWeek}, author={Ivers, Jim}, year={2017}, month={Mar}}

@misc{vamosi_2017, title={Does Software Quality Equal Software Security?: Synopsys}, url={https://www.synopsys.com/blogs/software-security/does-software-quality-equal-software-security/}, journal={Software Integrity Blog}, author={Vamosi, Robert}, year={2017}, month={Mar}}

@article{ward2006misra,
  title={MISRA standards for automotive software},
  author={Ward, David D},
  year={2006},
  publisher={IET}
}


@article{bagnara2017misra,
  title={MISRA C, for Security's Sake!},
  author={Bagnara, Roberto},
  journal={arXiv preprint arXiv:1705.03517},
  year={2017}
}

@techreport{misra2016amendment1,
  title={MISRA C:2012 Amendment 1:“Additional security guidelines for MISRA C: 2012,”},
  author={MISRA},
  year={2016},
  institution={HORIBA MIRA Limited, Nuneaton, Warwickshire, UK, April}
}

@techreport{misra2016addendum2,
  title={MISRA C:2012 Addendum 2 — Coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 “C Secure”.},
  author={MISRA},
  year={2016},
  institution={HORIBA MIRA Limited, Nuneaton, Warwickshire, UK, April}
}

@inproceedings{goertzel2009software,
  title={Software survivability: where safety and security converge},
  author={Goertzel, Karen Mercedes and Feldman, Larry},
  booktitle={AIAA Infotech@ Aerospace Conference and AIAA Unmanned... Unlimited Conference},
  pages={1922},
  year={2009}
}

@inproceedings{pichler2019can,
  title={Can I depend on you? Mapping the dependency and quality landscape of ROS packages},
  author={Pichler, Marc and Dieber, Bernhard and Pinzger, Martin},
  booktitle={2019 Third IEEE International Conference on Robotic Computing (IRC)},
  pages={78--85},
  year={2019},
  organization={IEEE}
}

@article{nguyen2019deep,
  title={Deep Reinforcement Learning for Cyber Security},
  author={Nguyen, Thanh Thi and Reddi, Vijay Janapa},
  journal={arXiv preprint arXiv:1906.05799},
  year={2019}
}

@article{center2013apt1,
  title={Apt1: Exposing one of chinas cyber espionage units},
  author={Center, Mandiant Intelligence},
  journal={Mandian. com},
  year={2013}
}

@article{assante2015industrial,
  title={The industrial control system cyber kill chain},
  author={Assante, Michael J and Lee, Robert M},
  journal={SANS Institute InfoSec Reading Room},
  volume={1},
  year={2015}
}

@article{bryant2017novel,
  title={A novel kill-chain framework for remote security log analysis with SIEM software},
  author={Bryant, Blake D and Saiedian, Hossein},
  journal={computers \& security},
  volume={67},
  pages={198--210},
  year={2017},
  publisher={Elsevier}
}

@techreport{strom2017finding,
  title={Finding cyber threats with ATT\&CK-based analytics},
  author={Strom, Blake E and Battaglia, Joseph A and Kemmerer, Michael S and Kupersanin, William and Miller, Douglas P and Wampler, Craig and Whitley, Sean M and Wolf, Ross D},
  year={2017},
  institution={Technical Report MTR170202, MITRE}
}

@inproceedings{mayoral2014towards,
  title={Towards an Open Source Linux autopilot for drones},
  author={Mayoral, V{\'\i}ctor and Purohit, Siddharth and Rowse, Philip and Hern{\'a}ndez, Alejandro and Mazzolai, Barbara},
  booktitle={LibreCon 2014},
  pages={10},
  year={2014}
}

@phdthesis{mayoral2013creando,
  title={Creando una plataforma rob{\'o}tica a{\'e}rea de bajo coste},
  author={Mayoral, V{\'\i}ctor},
  year={2013},
  school={Universidad Rey Juan Carlos}
}

@article{zamora2016extending,
  title={Extending the openai gym for robotics: a toolkit for reinforcement learning using ros and gazebo},
  author={Zamora, Iker and Lopez, Nestor Gonzalez and Vilches, Victor Mayoral and Cordero, Alejandro Hernandez},
  journal={arXiv preprint arXiv:1608.05742},
  year={2016}
}

@article{zamalloa2017dissecting,
  title={Dissecting robotics-historical overview and future perspectives},
  author={Zamalloa, Irati and Kojcev, Risto and Hern{\'a}ndez, Alejandro and Muguruza, I{\~n}igo and Usategui, Lander and Bilbao, Asier and Mayoral, V{\'\i}ctor},
  journal={arXiv preprint arXiv:1704.08617},
  year={2017}
}


@article{zamalloa2018information,
  title={An information model for modular robots: the hardware robot information model (hrim)},
  author={Zamalloa, Irati and Muguruza, I{\~n}igo and Hern{\'a}ndez, Alejandro and Kojcev, Risto and Mayoral, V{\'\i}ctor},
  journal={arXiv preprint arXiv:1802.01459},
  year={2018}
}

@article{kojcev2018evaluation,
  title={Evaluation of deep reinforcement learning methods for modular robots},
  author={Kojcev, Risto and Etxezarreta, Nora and Hern{\'a}ndez, Alejandro and Mayoral, V{\'\i}ctor},
  journal={arXiv preprint arXiv:1802.02395},
  year={2018}
}

@article{mayoral2018towards,
  title={Towards self-adaptable robots: from programming to training machines},
  author={Mayoral, V{\'\i}ctor and Kojcev, Risto and Etxezarreta, Nora and Hern{\'a}ndez, Alejandro and Zamalloa, Irati},
  journal={arXiv preprint arXiv:1802.04082},
  year={2018}
}

@article{kojcev2018hierarchical,
  title={Hierarchical Learning for Modular Robots},
  author={Kojcev, Risto and Etxezarreta, Nora and Hern{\'a}ndez, Alejandro and Mayoral, V{\'\i}ctor},
  journal={arXiv preprint arXiv:1802.04132},
  year={2018}
}

@article{vilches2017envisioning,
  title={Envisioning the future of robotics},
  author={Vilches, V{\'\i}ctor Mayoral},
  journal={Image},
  year={2017}
}

@article{gutierrez2018time,
  title={Time-sensitive networking for robotics},
  author={Guti{\'e}rrez, Carlos San Vicente and Juan, Lander Usategui San and Ugarte, Irati Zamalloa and Vilches, V{\'\i}ctor Mayoral},
  journal={arXiv preprint arXiv:1804.07643},
  year={2018}
}

@article{vilches2018robot_gym,
  title={Robot\_gym: accelerated robot training through simulation in the cloud with ROS and Gazebo},
  author={Mayoral-Vilches, V{\'\i}ctor and Cordero, Alejandro Hern{\'a}ndez and Calvo, Asier Bilbao and Ugarte, Irati Zamalloa and Kojcev, Risto},
  journal={arXiv preprint arXiv:1808.10369},
  year={2018}
}

@article{gutierrez2018real,
  title={Real-time Linux communications: an evaluation of the Linux communication stack for real-time robotic applications},
  author={Guti{\'e}rrez, Carlos San Vicente and Juan, Lander Usategui San and Ugarte, Irati Zamalloa and Mayoral-Vilches, V{\'\i}ctor},
  journal={arXiv preprint arXiv:1808.10821},
  year={2018}
}

@article{gutierrez2018towards,
  title={Towards a distributed and real-time framework for robots: Evaluation of ROS 2.0 communications for real-time robotic applications},
  author={Guti{\'e}rrez, Carlos San Vicente and Juan, Lander Usategui San and Ugarte, Irati Zamalloa and Mayoral-Vilches, V{\'\i}ctor},
  journal={arXiv preprint arXiv:1809.02595},
  year={2018}
}

@article{gutierrez2018time,
  title={Time Synchronization in modular collaborative robots},
  author={Guti{\'e}rrez, Carlos San Vicente and Juan, Lander Usategui San and Ugarte, Irati Zamalloa and Goenaga, I{\~n}igo Muguruza and Alzola-Kirschgens, Laura  and Mayoral-Vilches, V{\'\i}ctor},
  journal={arXiv preprint arXiv:1809.07295},
  year={2018}
}

@inproceedings{zamalloa2018hrim,
  title={HRIM: the Hardware Robot Information Model},
  author={Zamalloa, Irati and Hernandez, Alejandro and Kojcev, Risto and Muguruza, Inigo and Mayoral, Victor},
  booktitle={ISR 2018; 50th International Symposium on Robotics},
  pages={1--4},
  year={2018},
  organization={VDE}
}

@article{mendia2018robotics,
  title={Robotics CTF (RCTF), a playground for robot hacking},
  author={Mendia, Gorka Olalde and Juan, Lander Usategui San and Bascaran, Xabier Perez and Calvo, Asier Bilbao and Cordero, Alejandro Hern{\'a}ndez and Ugarte, Irati Zamalloa and Rosas, Aday Mu{\~n}iz and Vilches, David Mayoral and Carbajo, Unai Ayucar and Kirschgens, Laura Alzola and others},
  journal={arXiv preprint arXiv:1810.02690},
  year={2018}
}

@inproceedings{mayoral2018modular,
  title={Modular And Self-Adaptable (MASA) strategy for building robots},
  author={Mayoral, V{\'\i}ctor and Kojcev, Risto and Hern{\'a}ndez, Alejandro and Zamalloa, Irati and Bilbao, Asier},
  booktitle={2018 NASA/ESA Conference on Adaptive Hardware and Systems (AHS)},
  pages={90--95},
  year={2018},
  organization={IEEE}
}


@article{vilches2018aztarna,
  title={aztarna, a footprinting tool for robots},
  author={Vilches, V{\'\i}ctor Mayoral and Mendia, Gorka Olalde and Baskaran, Xabier Perez and Cordero, Alejandro Hern{\'a}ndez and Juan, Lander Usategui San and Gil-Uriarte, Endika and de Urabain, Odei Olalde Saez and Alzola-Kirschgens, Laura },
  journal={arXiv preprint arXiv:1812.09490},
  year={2018}
}

@article{nuin2019ros2learn,
  title={ROS2Learn: a reinforcement learning framework for ROS 2},
  author={Nuin, Yue Leire Erro and Lopez, Nestor Gonzalez and Moral, Elias Barba and Juan, Lander Usategui San and Rueda, Alejandro Solano and Vilches, V{\'\i}ctor Mayoral and Kojcev, Risto},
  journal={arXiv preprint arXiv:1903.06282},
  year={2019}
}

@article{lopez2019gym,
  title={gym-gazebo2, a toolkit for reinforcement learning using ROS 2 and Gazebo},
  author={Lopez, Nestor Gonzalez and Nuin, Yue Leire Erro and Moral, Elias Barba and Juan, Lander Usategui San and Rueda, Alejandro Solano and Vilches, V{\'\i}ctor Mayoral and Kojcev, Risto},
  journal={arXiv preprint arXiv:1903.06278},
  year={2019}
}

@article{mayoral2019industrial,
  title={Industrial robot ransomware: Akerbeltz},
  author={Mayoral-Vilches, V{\'\i}ctor and San Juan, Lander Usategui and Carbajo, Unai Ayucar and Campo, Rub{\'e}n and de C{\'a}mara, Xabier S{\'a}ez and Urzelai, Oxel and Garc{\'\i}a, Nuria and Gil-Uriarte, Endika},
  journal={arXiv preprint arXiv:1912.07714},
  year={2019}
}

@article{vilches2019introducing,
  title={Introducing the robot vulnerability database (rvd)},
  author={Vilches, V{\'\i}ctor Mayoral and Juan, Lander Usategui San and Dieber, Bernhard and Carbajo, Unai Ayucar and Gil-Uriarte, Endika},
  journal={arXiv preprint arXiv:1912.11299},
  year={2019}
}

@masterthesis{niculaelearning2018,
    author = {Niculae, Stefan},
    institution = {Universitatea din Bucureşt},
    pages = 58,
    school = {Facultatea de Matematica ̆ s ̧i Informatica ̆̆i},
    title = {Applying Reinforcement Learning and Genetic Algorithms
in Game-Theoretic Cyber-Security},
    year = 2018
}

@inproceedings{applebaum2017analysis,
  title={Analysis of automated adversary emulation techniques},
  author={Applebaum, Andy and Miller, Doug and Strom, Blake and Foster, Henry and Thomas, Cody},
  booktitle={Proceedings of the Summer Simulation Multi-Conference},
  pages={16},
  year={2017},
  organization={Society for Computer Simulation International}
}

@phdthesis{elderman2016adversarial,
  title={Adversarial reinforcement learning in a cyber security simulation},
  author={Elderman, Richard and Pater, Leon JJ and Thie, Albert S},
  year={2016},
  school={Faculty of Science and Engineering}
}

@incollection{nguyen2016towards,
  title={Towards a science of security games},
  author={Nguyen, Thanh Hong and Kar, Debarun and Brown, Matthew and Sinha, Arunesh and Jiang, Albert Xin and Tambe, Milind},
  booktitle={Mathematical Sciences with Multidisciplinary Applications},
  pages={347--381},
  year={2016},
  publisher={Springer}
}

@inproceedings{ghanem2018reinforcement,
  title={Reinforcement Learning for Intelligent Penetration Testing},
  author={Ghanem, Mohamed C and Chen, Thomas M},
  booktitle={2018 Second World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4)},
  pages={185--192},
  year={2018},
  organization={IEEE}
}

@article{schwartz2019autonomous,
  title={Autonomous Penetration Testing using Reinforcement Learning},
  author={Schwartz, Jonathon and Kurniawati, Hanna},
  journal={arXiv preprint arXiv:1905.05965},
  year={2019}
}

@inproceedings{applebaum2016intelligent,
  title={Intelligent, automated red team emulation},
  author={Applebaum, Andy and Miller, Doug and Strom, Blake and Korban, Chris and Wolf, Ross},
  booktitle={Proceedings of the 32nd Annual Conference on Computer Security Applications},
  pages={363--373},
  year={2016},
  organization={ACM}
}

@article{zhou2019nig,
  title={NIG-AP: a new method for automated penetration testing},
  author={Zhou, Tian-yang and Zang, Yi-chao and Zhu, Jun-hu and Wang, Qing-xian},
  journal={Frontiers of Information Technology \& Electronic Engineering},
  volume={20},
  number={9},
  pages={1277--1288},
  year={2019},
  publisher={Springer}
}

@article{rege2018machine,
  title={Machine learning for cyber defense and attack},
  author={Rege, Manjeet and Mbah, Raymond Blanch K},
  journal={DATA ANALYTICS 2018},
  pages={83},
  year={2018}
}

@incollection{vinayakumar2019deep,
  title={A Deep-dive on Machine Learning for Cyber Security Use Cases},
  author={Vinayakumar, R and Soman, KP and Poornachandran, Prabaharan and Menon, Vijay Krishna},
  booktitle={Machine Learning for Computer and Cyber Security},
  pages={122--158},
  year={2019},
  publisher={CRC Press}
}

@article{schneier1999attack,
  title={Attack trees},
  author={Schneier, Bruce},
  journal={Dr. Dobb’s journal},
  volume={24},
  number={12},
  pages={21--29},
  year={1999}
}

@inproceedings{sheyner2002automated,
  title={Automated generation and analysis of attack graphs},
  author={Sheyner, Oleg and Haines, Joshua and Jha, Somesh and Lippmann, Richard and Wing, Jeannette M},
  booktitle={Proceedings 2002 IEEE Symposium on Security and Privacy},
  pages={273--284},
  year={2002},
  organization={IEEE}
}

@inproceedings{roberts2011personalized,
  title={Personalized vulnerability analysis through automated planning},
  author={Roberts, Mark and Howe, Adele and Ray, Indrajit and Urbanska, Malgorzata and Byrne, Zinta S and Weidert, Janet M},
  booktitle={Working Notes for the 2011 IJCAI Workshop on Intelligent Security (SecArt)},
  pages={50},
  year={2011}
}

@article{obes2013attack,
  title={Attack planning in the real world},
  author={Obes, Jorge Lucangeli and Sarraute, Carlos and Richarte, Gerardo},
  journal={arXiv preprint arXiv:1306.4044},
  year={2013}
}

@article{sarraute2013penetration,
  title={Penetration Testing== POMDP Solving?},
  author={Sarraute, Carlos and Buffet, Olivier and Hoffmann, J{\"o}rg},
  journal={arXiv preprint arXiv:1306.4714},
  year={2013}
}

@article{ghanem2020reinforcement,
  title={Reinforcement Learning for Efficient Network Penetration Testing},
  author={Ghanem, Mohamed C and Chen, Thomas M},
  journal={Information},
  volume={11},
  number={1},
  pages={6},
  year={2020},
  publisher={Multidisciplinary Digital Publishing Institute}
}

@inproceedings{bozic2017planning,
  title={Planning the attack! or how to use ai in security testing?},
  author={Bozic, Josip and Wotawa, Franz},
  booktitle={IWAISe: First International Workshop on Artificial Intelligence in Security},
  volume={50},
  year={2017}
}

@inproceedings{chung2014learning,
  title={Learning obstacles in the capture the flag model},
  author={Chung, Kevin and Cohen, Julian},
  booktitle={2014 $\{$USENIX$\}$ Summit on Gaming, Games, and Gamification in Security Education (3GSE 14)},
  year={2014}
}


@article{mayoral2020devsecops,
  title={DevSecOps in Robotics},
  author={Mayoral-Vilches, V{\'\i}ctor and Garc{\'\i}a-Maestro, Nuria and Towers, McKenna and Gil-Uriarte, Endika},
  journal={arXiv preprint arXiv:2003.10402},
  year={2020}
}

@article{lacava2020current,
  title={Current Research Issues on Cyber security in Robotics},
  author={Lacava, G and Marotta, A and Martinelli, F and Saracino, A and La Marra, A and Gil-Uriarte, E and Mayoral-Vilches, V},
  year={2020}
}

@inproceedings{mayoral2020industrial,
  title={Industrial robot ransomware: Akerbeltz},
  author={Mayoral-Vilches, V{\'\i}ctor and Carbajo, Unai Ayucar and Gil-Uriarte, Endika},
  booktitle={2020 Fourth IEEE International Conference on Robotic Computing (IRC)},
  pages={432--435},
  year={2020},
  organization={IEEE}
}

@article{mayoral2020alurity,
  title={alurity, a toolbox for robot cybersecurity},
  author={Mayoral-Vilches, V{\'\i}ctor and Abad-Fern{\'a}ndez, Irati and Pinzger, Martin and Rass, Stefan and Dieber, Bernhard and Cunha, Alcino and Rodr{\'\i}guez-Lera, Francisco J and Lacava, Giovanni and Marotta, Angelica and Martinelli, Fabio and others},
  journal={arXiv preprint arXiv:2010.07759},
  year={2020}
}

@article{mayoral2020can,
  title={Can ROS be used securely in industry? Red teaming ROS-Industrial},
  author={Mayoral-Vilches, V{\'\i}ctor and Pinzger, Martin and Rass, Stefan and Dieber, Bernhard and Gil-Uriarte, Endika},
  journal={arXiv preprint arXiv:2009.08211},
  year={2020}
}

@article{vilches2018volatile,
  title={Volatile memory forensics for the robot operating system},
  author={Mayoral-Vilches, V{\'\i}ctor and Kirschgens, Laura Alzola and Gil-Uriarte, Endika and Hern{\'a}ndez, Alejandro and Dieber, Bernhard},
  journal={arXiv preprint arXiv:1812.09492},
  year={2018}
}

@article{mayoral2019introducing,
  title={Introducing the robot vulnerability database (RVD)},
  author={Mayoral-Vilches, V{\'\i}ctor and Usategui San Juan, Lander and Dieber, Bernhard and Ayucar Carbajo, Unai and Gil-Uriarte, Endika},
  journal={arXiv e-prints},
  pages={arXiv--1912},
  year={2019}
}

@inproceedings{meier2015px4,
  title={PX4: A node-based multithreaded open source robotics framework for deeply embedded platforms},
  author={Meier, Lorenz and Honegger, Dominik and Pollefeys, Marc},
  booktitle={2015 IEEE international conference on robotics and automation (ICRA)},
  pages={6235--6240},
  year={2015},
  organization={IEEE}
}


@article{ROB-061,
url = {http://dx.doi.org/10.1561/2300000061},
year = {2021},
volume = {9},
journal = {Foundations and Trends® in Robotics},
title = {Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice},
doi = {10.1561/2300000061},
issn = {1935-8253},
number = {1},
pages = {1-129},
author = {Quanyan Zhu and Stefan Rass and Bernhard Dieber and Víctor Mayoral Vilches}
}

@article{zhu2021cybersecurity,
  title={An introduction to Robot System Cybersecurity},
  author={Zhu, Quanyan and Rass, Stefan and Dieber, Bernhard and Vilches, Victor Mayoral},
  journal={arXiv preprint arXiv:2103.05789},
  year={2021}
}

@article{mayoral2021hacking,
  title={Hacking planned obsolescense in robotics, towards security-oriented robot teardown},
  author={Mayoral-Vilches, Victor and Glera-Pic{\'o}n, Alfonso and Ay{\'u}car-Carbajo, Unai and Rass, Stefan and Pinzger, Martin and Maggi, Federico and Gil-Uriarte, Endika},
  journal={Electronic Communications of the EASST},
  volume={80},
  year={2021}
}