Criteria for Securing Operating Systems Supporting Low-End Devices in the Internet of Things

As the Internet of Things (IoT) continues to grow, specialized IoT operating systems (OSs) become increasingly important to facilitate rapid development of secure and portable applications. However, supporting the subset of low-end devices called for in resource-constrained environments introduces additional design challenges, particularly with respect to security. In this thesis, we propose eight criteria to encapsulate important aspects and considerations for securing OSs supporting low-end devices in the IoT. We present three main contributions, each building upon one another to inform and end in our proposed criteria. First, we review foundational hardware- and software-based mechanisms relating to OS security, discussing the need for such mechanisms and examining several real-world examples relating to IoT OSs. Second, we experimentally examine the use of such mechanisms in two actively developed IoT OSs, RIOT and Tock. Finally, we combine these contributions with a literature review to derive, support, and propose eight criteria for securing OSs supporting low-end devices, evaluating each against the aforementioned IoT OSs.