• Corpus ID: 239050176

On the Effectiveness of Clone Detection for Detecting IoT-related Vulnerable Clones

  title={On the Effectiveness of Clone Detection for Detecting IoT-related Vulnerable Clones},
  author={Kentaro Ohno and Norihiro Yoshida and Wenqing Zhu and Hiroaki Takada},
Since IoT systems provide services over the Internet, they must continue to operate safely even if malicious users attack them. Since the computational resources of edge devices connected to the IoT are limited, lightweight platforms and network protocols are often used. Lightweight platforms and network protocols are less resistant to attacks, increasing the risk that developers will embed vulnerabilities. The code clone research community has been developing approaches to fix buggy (e.g… 


IoT Bugs and Development Challenges
  • Amir Makhshari, Ali Mesbah
  • Computer Science
    2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE)
  • 2021
This work provides the first systematic study of bugs and challenges that IoT developers face in practice, through a large-scale empirical investigation, and proposes the first bug taxonomy for IoT systems.
Software systems at risk: An empirical study of cloned vulnerabilities in practice
VUDDY is proposed, an approach for the scalable detection of vulnerable code clones, which is capable of detecting security vulnerabilities in large software programs efficiently and accurately and designed a vulnerability-preserving abstraction technique that renders VudDY resilient to common modifications in cloned code, while preserving the vulnerable conditions even after the abstraction is applied.
An Experimental Analysis of Security Vulnerabilities in Industrial IoT Devices
This work examines the attack surfaces of a networked embedded system, composed of devices representative of those typically used in the IIoT field, and proposes a couple of variations of Mirai attack specifically tailored for attacking industrial environments.
Detecting recurring and similar software vulnerabilities
The preliminary evaluation with case studies showed the potential usefulness of SecureSync, an automatic approach to detect and provide suggested resolutions for recurring software vulnerabilities on multiple systems sharing/using similar code or API libraries.
Comparison and evaluation of code clone detection techniques and tools: A qualitative approach
A qualitative comparison and evaluation of the current state-of-the-art in clone detection techniques and tools is provided, and a taxonomy of editing scenarios that produce different clone types and a qualitative evaluation of current clone detectors are evaluated.
The NiCad Clone Detector
  • J. Cordy, C. Roy
  • Computer Science
    2011 IEEE 19th International Conference on Program Comprehension
  • 2011
The NiCad Clone Detector is a scalable, flexible clone detection tool designed to implement the NiCad (Automated Detection of Near-Miss Intentional Clones) hybrid clone detection method in a
CCFinderSW: Clone Detection Tool with Flexible Multilingual Tokenization
This paper proposes a clone detection tool CCFinderSW that has extension mechanism to handle addition language on demand from practitioners because many practitioners need to analyze source code written in various languages.
Multilingual Detection of Code Clones Using ANTLR Grammar Definitions
A clone detection tool CCFinderSW is extended with an approach for the multilingual detection of code clones using grammar files for a parser generator ANTLR and the files for 39 out of the 43 languages can be analyzed correctly by the extended CCF FinderSW.
Finding similar defects using synonymous identifier retrieval
This paper proposes a novel system to find similar defects in the large collection of source code, which takes a code fragment containing a defect as the query input, and returns code fragments containing the same or synonymous identifiers which appear in the input fragment.
Towards a definition of the Internet of Things ( IoT )
  • 2015
ion Yes No Partly Availability / Mobility No No No Fault tolerance Partly No Partly Flexibility/Event based Yes Partly Partly Uncertainty of Information No No No