Skip to main content

Security Analysis of Contiki IoT Operating System

McBride, Jack and Arief, Budi and Hernandez-Castro, Julio C. (2018) Security Analysis of Contiki IoT Operating System. In: EWSN ’18 Proceedings of the 2018 International Conference on Embedded Wireless Systems and Networks. Junction Publishing, Canada, pp. 278-283. ISBN 978-0-9949886-2-1. (KAR id:67379)

PDF Author's Accepted Manuscript
Language: English
Download (511kB)
[thumbnail of SecurityAnalysisOfContiki.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format


The Internet of Things (IoT) has introduced a myriad of ways in which devices can interact with each other. The IoT concept provides opportunities for novel and useful applications but at the same time, concerns have been raised over potential security issues caused by buggy IoT software. It is therefore imperative to detect and fix these bugs in order to minimise the risk of IoT devices becoming the target or source of attacks. In this paper, we focus our investigation on the underlying IoT operating system (OS), which is critical for the overall security of IoT devices. We picked Contiki as our case study since it is a very popular IoT OS and we have access to part of the development team, allowing us to discuss potential vulnerabilities with them so that fixes can be implemented quickly. Using static program analysis tools and techniques, we are able to scan the source code of the Contiki OS systematically in order to identify, analyse and patch vulnerabilities. Our main contribution is a holistic and systematic analysis of Contiki, starting with an exploration of its metrics, fundamental architecture, and finally some of its vulnerabilities. Our analysis produced relevant data on the number of unsafe functions in use, as well as the bug density; both of which provide an indication of the overall security of the inspected system. Our effort led to the finding of two major issues, described in two Common Vulnerabilities and Exposures (CVE) reports.

Item Type: Book section
Uncontrolled keywords: Security, operating systems, static analysis, Contiki, Internet of Things
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 20 Jun 2018 12:44 UTC
Last Modified: 09 Dec 2022 00:56 UTC
Resource URI: (The current URI for this page, for reference purposes)
Arief, Budi:
Hernandez-Castro, Julio C.:
  • Depositors only (login required):


Downloads per month over past year