Enhancing the Quality and Security of IoT Software Systems Using Cloud-Based Vulnerability Detector

Abstract

AbstractThe increased prevalence of open-source software has become an integral component in many common IoT devices. Open-source software has helped companies and individuals alike implement tools that may not have been within their budget to license or develop. Open-source software allows for code to be audited and viewed by many eyes. In an audit, one can search through code to find non-compliant code, dead code, and vulnerabilities. A cloud-based static analysis tool that has the potential to help the IoT community test and improve their source code concerning source code security is presented. The implementation of known C/C ++ coding patterns susceptible to vulnerabilities within open-source projects is described in this paper as well. The source code of these projects will be transformed into XML and then will be analyzed for these potentially dangerous coding patterns. The coding pattern analysis will search for known unsafe functions, race conditions, buffer overflows, divide by zero errors, implicit typecasting, deallocated memory dereferencing, potential memory corruption, uninitialized variables, and memory leaks. Although many of these dangerous patterns have been made known to the public for years, the results show that the usage of these patterns within C/C++ source code written for IoT devices and applications is still present. The findings also prove the importance and effectiveness of the tool and its checkers within the IoT domain.KeywordsIoTSecurityVulnerabilitiesStatic tool