A Survey of the Security Challenges and Requirements for IoT Operating Systems

TL;DR

This survey reviews security challenges in IoT operating systems, emphasizing the need for a unified, secure platform to ensure reliable IoT deployment across critical domains.

Contribution

It classifies IoT security challenges, specifies security requirements for a unifying OS, and analyzes existing IoT OSs to identify gaps in security architecture.

Findings

Current IoT OSs lack a unified security architecture

Security approaches vary widely among IoT OSs

A comprehensive security framework is needed for IoT OSs

Abstract

The Internet of Things (IoT) is becoming an integral part of our modern lives as we converge towards a world surrounded by ubiquitous connectivity. The inherent complexity presented by the vast IoT ecosystem ends up in an insufficient understanding of individual system components and their interactions, leading to numerous security challenges. In order to create a secure IoT platform from the ground up, there is a need for a unifying operating system (OS) that can act as a cornerstone regulating the development of stable and secure solutions. In this paper, we present a classification of the security challenges stemming from the manifold aspects of IoT development. We also specify security requirements to direct the secure development of an unifying IoT OS to resolve many of those ensuing challenges. Survey of several modern IoT OSs confirm that while the developers of the OSs have taken many alternative approaches to implement security, we are far from engineering an adequately secure and unified architecture. More broadly, the study presented in this paper can help address the growing need for a secure and unified platform to base IoT development on and assure the safe, secure, and reliable operation of IoT in critical domains.