Assessment of Buffer Overflow Based Attacks On an IoT Operating System

摘要

The vulnerability of electronic systems to attacks from hostile agents over the Internet is a matter of growing concern as the digital world becomes increasingly interconnected. Many countermeasures have been put in place to address these concerns, but the computational burden they impose may be excessive for low-power devices. In particular, the devices which comprise The Internet of Things are particularly vulnerable. This paper provides numerical assessments of their vulnerability to a class of attacks based on triggering buffer overflows. We focus on two such attacks, namely return-to-lib-c and code injection, for IoT devices using the FreeRTOS (V9.0.0) operating system. We show the deficiencies of the prevention measures provided in FreeRTOS to prevent these kinds of attacks, and compare them to the more robust mechanisms available in a mainstream OS (Ubuntu 16.04.1). The paper concludes with suggestions of how to mitigate these vulnerabilities in FreeRTOS - further investigation will be required to determine whether similar vulnerabilities exist in other IoT operating systems.