Since IoT systems provide services over the Internet, they must continue to operate safely even if malicious users attack them. Since the computational resources of edge devices connected to the IoT are limited, lightweight platforms and network protocols are often used. Lightweight platforms and network protocols are less resistant to attacks, increasing the risk that developers will embed vulnerabilities. The code clone research community has been developing approaches to fix buggy (e.g., vulnerable) clones simultaneously. However, there has been little research on IoT-related vulnerable clones. It is unclear whether existing code clone detection techniques can perform simultaneous fixes of the vulnerable clones. In this study, we first created two datasets of IoT-related vulnerable code. We then conducted a preliminary investigation to show whether existing code clone detection tools (e.g., NiCaD, CCFinderSW) are capable of detecting IoT-related vulnerable clones by applying them to the created datasets. The preliminary result shows that the existing tools can detect them partially.
翻译:由于IoT系统在互联网上提供服务,即使恶意用户攻击它们,它们也必须继续安全运作。由于连接IoT的边缘装置的计算资源有限,常常使用轻量平台和网络协议。轻量平台和网络协议对攻击的抵抗力较小,增加了开发者将隐含脆弱性的风险。代码克隆研究界一直在制定办法,同时修正与IoT有关的易变克隆(例如脆弱),但对与IoT有关的易变克隆很少进行研究。尚不清楚现有的代码克隆探测技术能否同时修正易变的克隆。在本研究中,我们首先创建了两套IoT相关易变码的数据集。我们随后进行了初步调查,以显示现有的代码克隆探测工具(例如NiCaD、CCInderSW)是否有能力通过将它们应用到创建的数据集来检测与IoT有关的易变克隆。初步结果显示现有工具可以部分检测到它们。