Abstract
The 5G communication network will underpin a vast number of new and emerging services, paving the way for unprecedented performance and capabilities in mobile networks. In this setting, the Internet of Things (IoT) will proliferate, and IoT devices will be included in many 5G application contexts, including the Smart Grid. Even though 5G technology has been designed by taking security into account, design provisions may be undermined by software-rooted vulnerabilities in IoT devices that allow threat actors to compromise the devices, demote confidentiality, integrity and availability, and even pose risks for the operation of the power grid critical infrastructures. In this paper, we assess the current state of the vulnerabilities in IoT software utilized in smart grid applications from a source code point of view. To that end, we identified and analyzed open-source software that is used in the power grid and the IoT domain that varies in characteristics and functionality, ranging from operating systems to communication protocols, allowing us to obtain a more complete view of the vulnerability landscape. The results of this study can be used in the domain of software development, to enhance the security of produced software, as well as in the domain of automated software testing, targeting improvements to vulnerability detection mechanisms, especially with a focus on the reduction of false positives.
Highlights
The 5G communication network will enable new applications to emerge in many societal and economic functions such as energy, transport, and health by providing improved and new features over its predecessors with respect to capacity, delay, service development, energy consumption, connectivity, and more
We identified and analyzed open-source software that is used in the power grid and the Internet of Things (IoT) domain that varies in characteristics and functionality, ranging from operating systems to communication protocols, allowing us to obtain a more complete view of the vulnerability landscape
The results were processed and organized according to security issue categories; to build the categorization scheme we examined the software issue categories recorded in Open Web Application Security Project (OWASP) top-10 [31] as well as the MITRE Common Weakness Enumeration (CWE) categorization scheme [35]
Summary
The 5G communication network will enable new applications to emerge in many societal and economic functions such as energy, transport, and health by providing improved and new features over its predecessors with respect to capacity, delay, service development, energy consumption, connectivity, and more. We identified and analyzed open-source software that is used in the power grid and the IoT domain that varies in characteristics and functionality, ranging from operating systems to communication protocols, allowing us to obtain a more complete view of the vulnerability landscape. The comprehensiveness of the landscape is further supported by using a wide multitude of tools for automated security scanning, which includes all scanners used by the platforms used in our experiments for the software security faults analysis, namely Codacy (Codacy scanners: https://docs.codacy.com/gettingstarted/supported-languages-and-tools/) and SonarCloud (languages and scanner rules for SonarCloud: https://www.sonarqube.org/features/multi-languages/) It provides a classification of software faults into standardized categories, supporting the awareness of developers and researchers on the types of software security issues that may appear in software within the target domain.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
