A Preliminary Study on the Characteristic and Detectability of Vulnerabilities in Real-Time Operating Systems
Paschal Amusuo, Aravind Machiry, James Davis
Embedded systems are everywhere – from microwave ovens to airplanes. They are computer systems designed to achieve a single task. Their activities are usually controlled by Real-Time Operating Systems (RTOS). Unlike general-purpose operating systems like Linux, these RTOS operate in resource-constrained environments (low memory, processing power, etc) and are expected to respond in a real-time manner. Because these RTOS interact with the physical environment, vulnerabilities in them can cause malfunctioning of the device, leading to catastrophic consequences. These vulnerabilities in them still remain under-studied, under-detected and under-reported. In this work, we are studying the characteristics and detectability of the vulnerabilities in RTOS. To do this, we will characterize RTOS-related vulnerabilities in the National Vulnerability Database, while also studying various metrics in the vulnerable source codes. Our results and findings would enable future research opportunities for dynamic analysis and vulnerability detection for RTOS and embedded systems.