Cargando…
The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices
Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report the results of our investigations of the security...
Autores principales: | , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2021
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8037610/ https://www.ncbi.nlm.nih.gov/pubmed/33810605 http://dx.doi.org/10.3390/s21072329 |
_version_ | 1783677184038141952 |
---|---|
author | Al-Boghdady, Abdullah Wassif, Khaled El-Ramly, Mohammad |
author_facet | Al-Boghdady, Abdullah Wassif, Khaled El-Ramly, Mohammad |
author_sort | Al-Boghdady, Abdullah |
collection | PubMed |
description | Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report the results of our investigations of the security status and the presence of security vulnerabilities in the source code of the most popular open source IoT OSs. Through this research, three Static Analysis Tools (Cppcheck, Flawfinder and RATS) were used to examine the code of sixteen different releases of four different C/C++ IoT OSs, with 48 examinations, regarding the presence of vulnerabilities from the Common Weakness Enumeration (CWE). The examination reveals that IoT OS code still suffers from errors that lead to security vulnerabilities and increase the opportunity of security breaches. The total number of errors in IoT OSs is increasing from version to the next, while error density, i.e., errors per 1K of physical Source Lines of Code (SLOC) is decreasing chronologically for all IoT Oss, with few exceptions. The most prevalent vulnerabilities in IoT OS source code were CWE-561, CWE-398 and CWE-563 according to Cppcheck, (CWE-119!/CWE-120), CWE-120 and CWE-126 according to Flawfinder, and CWE-119, CWE-120 and CWE-134 according to RATS. Additionally, the CodeScene tool was used to investigate the development of the evolutionary properties of IoT OSs and the relationship between them and the presence of IoT OS vulnerabilities. CodeScene reveals strong positive correlation between the total number of security errors within IoT OSs and SLOC, as well as strong negative correlation between the total number of security errors and Code Health. CodeScene also indicates strong positive correlation between security error density (errors per 1K SLOC) and the presence of hotspots (frequency of code changes and code complexity), as well as strong negative correlation between security error density and the Qualitative Team Experience, which is a measure of the experience of the IoT OS developers. |
format | Online Article Text |
id | pubmed-8037610 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2021 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-80376102021-04-12 The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices Al-Boghdady, Abdullah Wassif, Khaled El-Ramly, Mohammad Sensors (Basel) Article Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report the results of our investigations of the security status and the presence of security vulnerabilities in the source code of the most popular open source IoT OSs. Through this research, three Static Analysis Tools (Cppcheck, Flawfinder and RATS) were used to examine the code of sixteen different releases of four different C/C++ IoT OSs, with 48 examinations, regarding the presence of vulnerabilities from the Common Weakness Enumeration (CWE). The examination reveals that IoT OS code still suffers from errors that lead to security vulnerabilities and increase the opportunity of security breaches. The total number of errors in IoT OSs is increasing from version to the next, while error density, i.e., errors per 1K of physical Source Lines of Code (SLOC) is decreasing chronologically for all IoT Oss, with few exceptions. The most prevalent vulnerabilities in IoT OS source code were CWE-561, CWE-398 and CWE-563 according to Cppcheck, (CWE-119!/CWE-120), CWE-120 and CWE-126 according to Flawfinder, and CWE-119, CWE-120 and CWE-134 according to RATS. Additionally, the CodeScene tool was used to investigate the development of the evolutionary properties of IoT OSs and the relationship between them and the presence of IoT OS vulnerabilities. CodeScene reveals strong positive correlation between the total number of security errors within IoT OSs and SLOC, as well as strong negative correlation between the total number of security errors and Code Health. CodeScene also indicates strong positive correlation between security error density (errors per 1K SLOC) and the presence of hotspots (frequency of code changes and code complexity), as well as strong negative correlation between security error density and the Qualitative Team Experience, which is a measure of the experience of the IoT OS developers. MDPI 2021-03-26 /pmc/articles/PMC8037610/ /pubmed/33810605 http://dx.doi.org/10.3390/s21072329 Text en © 2021 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) ). |
spellingShingle | Article Al-Boghdady, Abdullah Wassif, Khaled El-Ramly, Mohammad The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices |
title | The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices |
title_full | The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices |
title_fullStr | The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices |
title_full_unstemmed | The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices |
title_short | The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices |
title_sort | presence, trends, and causes of security vulnerabilities in operating systems of iot’s low-end devices |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8037610/ https://www.ncbi.nlm.nih.gov/pubmed/33810605 http://dx.doi.org/10.3390/s21072329 |
work_keys_str_mv | AT alboghdadyabdullah thepresencetrendsandcausesofsecurityvulnerabilitiesinoperatingsystemsofiotslowenddevices AT wassifkhaled thepresencetrendsandcausesofsecurityvulnerabilitiesinoperatingsystemsofiotslowenddevices AT elramlymohammad thepresencetrendsandcausesofsecurityvulnerabilitiesinoperatingsystemsofiotslowenddevices AT alboghdadyabdullah presencetrendsandcausesofsecurityvulnerabilitiesinoperatingsystemsofiotslowenddevices AT wassifkhaled presencetrendsandcausesofsecurityvulnerabilitiesinoperatingsystemsofiotslowenddevices AT elramlymohammad presencetrendsandcausesofsecurityvulnerabilitiesinoperatingsystemsofiotslowenddevices |