Português

Authors

  • Gabriel Thiago Henrique Dos Santos Universidade Estadual de Maringá
  • Luciana Andreia Fondazzi Martimiano Universidade Estadual de Maringá (UEM)

Keywords:

internet of things security, internet of things operating systems, C/C static analysis, Vulnerabilities

Abstract

This paper describes a static code analysis that was carried out using three static analysis tools, RATS, CppCheck and FlawFinder, in operating systems (OS) for IoT device. Six OS were analyzed: RIOT, Contiki, FreeRTOS, AmazonFreeRTOS, Particle and Zephyr. After the analysis, it was possible to list the possible vulnerabilities and erros in such systems and the total number of errors found out in the selected versions of the OSs, as well as the errors every 1K of line of code

Downloads

Download data is not yet available.

References

Al-Boghdady, A., Wassif, K., and El-Ramly, M. (2021). The presence, trends, and causes

of security vulnerabilities in operating systems of iot’s low-end devices. Sensors, pages 1–21.

Arusoaie, A., Ciobaca, S., Craciun, V., Gavrilut, D., and Lucanu, D. (2017). A comparison of open-source static analysis tools for vulnerability detection in c/c++ code. In 19th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), pages 161–168.

Cavoukian, A. and Stoainov, A. (2007). Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security and Privacy. Information and Privacy Commissioner of Ontario. Acessado em Janeiro de 2022.

Marjamaki, D. (2007). A tool for static C/C++ code analysis. ¨ https://cppcheck.sourceforge.io/. Acessado em Janeiro de 2022.

Pereira, J. D. and Vieira, M. (2020). On the use of open-source c/c++ static analysis tools in large projects. European Dependable Computing Conference, 16.

Shiraishi, S., Mohan, V., and Marimuthu, H. (2015). Test suites for benchmarks of static analysis tools. In IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pages 12–15.

Solutions, S. S. (2001). Rats. https://security.web.cern.ch/recommendations/en/codetools/rats.shtml. Acessado em Janeiro de

Wheeler, D. (2001). Flawfinder. https://dwheeler.com/flawfinder/. Acessado em Janeiro de 2022.

Wohlin, C., Runeson, P., Host, M., Ohlsson, M. C., Regnell, B., and Wesslen, A. (2012).

Experimentation in Software Engineering. Springer Publishing Company, Incorporated.

Downloads

Published

2023-05-29

How to Cite

Henrique Dos Santos, G. T., & Fondazzi Martimiano, L. A. (2023). Português. Eletronic Journal of Undergraduate Research on Computing, 21(1). Retrieved from https://journals-sol.sbc.org.br/index.php/reic/article/view/2853

Issue

Vol. 21 No. 1 (2023)

Section

Full Papers