Study of Analyzing and Mitigating Vulnerabilities in uC/OS Real-Time Operating System

Abstract

Programmable Logic Controllers (PLCs) have been widely used in real-time and embedded control applications including safety-critical control systems. Due to their ubiquity and network connectivity, PLCs are prone to various security attacks. Buffer overflow attacks, which target software vulnerabilities in operating system (OS) and application software, are the most common security attacks because of their relatively easy exploitation. Therefore, it is important to have knowledge about software vulnerabilities in OSs for PLCs in order to prevent or mitigate them in PLC design and implementation. Many PLCs use Micrium uC/OS as their OS. In this paper, we present an approach to analyzing and mitigating some software two vulnerabilities, buffer overflows and integer overflows in uC/OS. We first check if there are vulnerable functions in uC/OS system. We then propose a technique to prevent or mitigate the vulnerabilities associated with the functions.