الفهرس | Only 14 pages are availabe for public view |
Abstract The Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is essential to secure the source code for IoT OSs, especially if deployed on devices used for human care and safety. IoT devices can be high-end devices that are operated by traditional operating systems, such as Linux, or low-end devices with limited resources, e.g., very limited memory, computational power, and power supply. The scope of this study is low-end IoT OSs, which play a vital role in operating and running low-end devices. The main objective of this research is to create a supervised Machine Learning (ML) model for vulnerability detection of IoT OSs source code. First, we created a labeled dataset of IoT OS{u2019}s vulnerability regarding Common Weakness Enumeration (CWE) as a benchmark by exploiting Static Analysis Tools (SATs). We applied SATS to four IoT OSs to identify vulnerabilities and to investigate the growth of IoT OSs total errors, the growth of errors per 1 K SLOC, and identify the most prevalent vulnerabilities within the IoT OSs source code. Additionally, CodeScene tool was used to investigate the development of evolutionary properties of IoT OSs and address the relationship between the evolutionary properties and the presence of IoT OS vulnerabilities. As a result, we created a labeled dataset of vulnerable and benign code snippets and trained three ML models on detecting CWE vulnerabilities present in IoT OSs.Then, we chose the ML with the best training accuracy to be our detection model for IoT OSs vulnerabilities detection |