5g
Factories of the Future
Media & Entertainment
Smart Cities
Smart Energy
Smart Ports
SME Opportunities
Societal Impacts
Technology Development
Telecoms Providers
5G CAM
5G Automotive
5G CAM KPIs
5G CAM Standardisation
5G Corridors
5G Multimodal Connectivity
5G Transport Network
Artificial Intelligence & Machine Learning
Artificial Intelligence & Machine Learning in big data
Artificial Intelligence & Machine Learning technologies
Big data
Big data algorithms
Big data analytics
Collaborative Classification and Models
Business Models, Process Improvement, Contract Management, KPIs and Benchmarking Indexes
Collaboration Risk and Value Sharing
Collaborative Planning and Synchromodality
Customs & Regulatory Compliance
Environmental Performance Management
Logistics Optimisation
Stock Optimisation
Supply Chain Corrective and Preventive Actions (CAPA)
Supply Chain Financing
Supply Chain Visibility
Common Information Objects
Booking
Customs Declarations
Transport Service Description
Transport Status
Waybills
Computing and Processing
Big Data Management and Analytics
Cloud
Edge
Fog
Knowledge Graphs
Machine Learning
MIST
Stream Processing
Connectivity
Architecture
Blockchain
Connectivity Interfaces
Technologies (Bluetooth, Ethernet, Wifi)
Data Management, Simulation and Dashboards
Dashboards
Data Fusion
Data Governance, Integrity, Quality Management and Harmonization
Event Handling
Open Data
Simulation
Statistics and Key Performance Indicators (KPIs)
Data market
Data ecosystem
Data marketplace
Data Platform
Data Providers
Devices
IoT Controllers
IoT Gateways
IoT Sensors
Tracking Sensors
Digitisation Frameworks
Control Towers
Data Pipelines
e-Freight
e-Maritime
National Single Windows
Port Community Systems
Federation
Data Federation
Platform Federation
Industrial IoT Sectors
Rail Sector Active Predictive Maintenance
Interoperability
Data interoperability
Data interoperability mechanisms
Interoperability solutions
Platform interoperability
IoT Secuirty, Privacy and Safety Systems
PKI Technology
Privacy-preservation
Data privacy preserving technologies
Privacy preserving technologies
Project Results
5G-SOLUTIONS Deliverables
5G-SOLUTIONS Publications
CHARIOT Capacity Building and Trainings
CHARIOT Deliverables
CHARIOT Publications
SELIS Deliverables
SELIS Publications and Press Releases
Project Results - 5g Routes
5G-ROUTES Deliverables
5G-ROUTES Innovation
5G-ROUTES Publications
Project Results - TRUSTS
TRUSTS Deliverable
TRUSTS Publications
Safety, Security and Privacy Systems
Access Management
Coordinated Border Management
Information Security
International Organisations
Risk Assessment and Management
Risk Management
Safety and Security Assessment
Source Code Analysis
Sectors and Stakeholders
Airports and Air Transport
Banks, investors and other funding providers
Custom Authorities
Facilities, Warehouses
Freight Forwarders
Inland Waterways
Multimodal Operators
Ports and Terminals
Railway
Retailers
Road Transport
Shippers
Shipping
Smart Buildings
Trusties and other Intermediary Organizations
Urban and Countryside Logistics
Urban Logistics
Sectors and Stakeholders - TRUSTS
Audit & Law firms
Corporate offices
Enterprises
Financial Institutions
Telecommunications
Security
Secured Data
Secured Infrastructure
Secured Platform
Sovereignty
Data sovereignty
Standards
Good Distribution Practices
International data standards
International Organization for Standardization (ISO)
UN/CEFACT
World Customs Organization (WCO)
Supply Chain Management
Business Models, Process Improvement, Contract Management, KPIs and Benchmarking Indexes
Risk Management
Risk-Based Controls
Screening and tracking
Supervision Approach
Technologies
5g
Agile Deployment, Configuration Management
Business Applications
Business Integration Patterns, Publish-Subscribe
Cloud Technologies/Computing, Services Virtualisation
Cognitive
Community Node Platform and Application Monitoring
Connectivity Technologies (Interfaces and Block Chain)
Hybrid S/T Communication and Navigation Platforms
IoT (Sensors, platforms)
Mobile
Physical Internet (PI)
Public key infrastructure (PKI)
Radio-frequency identification (RFID)

CHARIOT Deliverables

D1.5 Specialized Static Analysis tools for more secure and safer IoT software development (ver.2)
CEA 16/07/2020 00:00:00

1 Executive Summary

The objective of this deliverable is to describe the tooling developed during the CHARIOT project concerning the
static analyses of firmware for IoT. Two toolboxes, BISMON-Source-Verifier and BISMON-Security-Checker, have
been developed in CHARIOT with two complementary objectives in mind. This deliverable mainly focuses on
BISMON-Source-Verifier, also named BISMON, because BISMON-Security-Checker is still in development with a
design elaborated in 2020 following the rescoping decision. An early description is present in section 5.4. The full
description of BISMON-Security-Checker will be presented in deliverable D1.7.
The BISMON description has evolved continuously since the beginning of the project and it continues to evolve
since it is part of the continuous development process of the BISMON tool2.

This document describes the BISMON vision on static source code (mostly of C and C++ code for IoT firmware
and application) analysis. It proposes a simple static analysis framework leveraging on the powerful recent GCC
[cross-]compiler. A persistent monitor (tentatively named bismon) has been designed and implemented as a
GPLv3+ free software for Linux. BISMON uses meta-programming techniques to generate GCC plugins. It keeps
some intermediate results (of compilation or static analysis) during the entire life of the IoT project, and gives to
the IoT developers (through a web interface) a whole-program view of the source code along with its static
analysis properties. That framework is configurable and scriptable by static analysis experts, hence permitting
different IoT projects to address various concerns, while keeping the usual IoT development workflow (running
as usual their GCC cross-compiler on Linux, with extra plugin-related compilation flags). The deliverable has been
structured starting from the identification of the software and tool users and the document expected audience
as well as the vision on specialized source code analysis towards more secure and safer IoT software
development. The report then describes its strong alignment to adding capabilities to GCC as well as the driving
principles of the tools. Data and their persistence character are also described including mutable and nonmutable values/types while persistence is considered to start by loading some previous persisted state, usually
dumping its current state before termination and loading the next state on the next load-up. The framework for
static code analysis is also defined as part of the GCC compilation process. The described work is also analyzed
in terms of contributing to other free software projects.

Static analysis aims to detect bugs that have impact on the quality, the safety and the security of the firmware.
Nevertheless, it is often late in the development process – during the test phases in a continuous integration
environment. The persistent monitor enables to add earlier interactions with the Static Analyses, in particular
during the various compilation steps that occur before the tests in continuous integration. The developer should
then be more efficient for correcting his own bugs when he writes his code. The persistent monitor also has an
historical context of the code, which enables to provide more pertinent analysis messages.

Reference Link

Attached Documents

Related Articles

The “CHARIOT IoT Search Index” aims to provide a web location where publications, articles, and relevant documents can be centralized hosted in a well-structured and easily accessed way.

read more

Tags

Contact Us
Enter Text
Copyright (c) CHARIOT - All rights reserved
Designed and Developed by eBOS Technologies
Contact our department
123movie