IoT devices often employ a Real-Time Operating System (RTOS) for process and memory management, as well as utility services supporting messaging and other communications. The selection of each RTOS is based on needed performance, security, and functional requirements of the product. There are many RTOS available, including those noted here:
|
TinyOS |
Optimized for low-power embedded systems. A framework that incorporates components that support development of an application-specific operating system. Written in NesC, which supports event-driven concurrency. Refer to http://www.ann.ece.ufl.edu/courses/ee16935_10spr/papers/tinyos.pdf. |
|
Contiki |
Supports IP, UDP, TCP, and HTTP, as well as 6loWPAN and CoAP. Designed for operation in low-power systems. Supports link layer encryption for 802.15.4 communications. |
|
Mantis |
Embedded operating systems for wireless sensor platforms. Includes a kernel, scheduler, and networking stack. Supports remote update and remote login. Incorporates a sleep mode for power savings. Refer to: Sha, Carlson, et al. Mantis OS: An Embedded Multithreaded Operating System for Wireless Micro Sensor Platforms. ACM Digital Library. |
|
Nano-RK |
Tailored for surveillance and environmental monitoring applications. Supports energy-efficient mode of operation and preemptive multitasking. Runs on 2 KB RAM and 18 KB ROM. |
|
Lite-OS |
Supports a wirelessly accessible shell and a remote debugging system. Runs on 10 KB. |
|
FreeRTOS |
A general purpose RTOS. Supports add-on TCP networking and secure communications (TLS). Implementers can use cryptographic libraries such as WolfSSL with FreeRTOS. |
|
SapphireOS |
Supports mesh networking and device discovery. Includes Python tools and a RESTful API server. |
|
BrilloOS |
Runs on 32 to 64 MB RAM and optimized for consumer/home-based IoT devices. |
|
uCLinux |
Embedded Linux supports a variety of user applications, libraries, and tools. Learn more about uCLinux at http://www.uclinux.org/pub/uClinux/FAQ.shtml. |
|
ARM Mbed OS |
Incorporates a supervisory kernel (uVisor) that supports creation of isolated security domains on ARM Cortex M3, M4, and M7 MCUs with a Memory Protection Unit (MPU). Refer to https://www.mbed.com/en/technologies/security/uvisor/. |
|
RIOT OS |
Runs on 8-, 16-, and 32-bit platforms. Includes TCP/IP stack and supports 6LoWPAN, IPv6, UDP, and CoAP. Supports multithreading and requires 1.5 KB RAM and 5KB ROM. |
|
VxWorks |
Here are the two versions (VxWorks and VxWorks+). Includes optional add-on security profile with secure partitioning, secure boot, secure runtime, loader, and advanced user management. Supports encrypted containers and secure networking. |
|
LynxOS |
Supports TCP/IP, IPv6, and cellular communications. Supports 802.11 WiFi, ZigBee, and Bluetooth. Includes encryption support, access controls, and auditing and account management features. |
|
Zephyr |
Open source designed for resource-constrained systems. Project included a heavy focus on secure development practices. Implements nano-kernel and micro-kernel and supports Bluetooth, Bluetooth-LE, and 802.15.4 6LoWPAN. |
|
Windows 10 IoT |
Supports bitlocker encryption and secure boot. Includes DeviceGuard and CredentialGuard features. Supports updates through Windows Server Update Service (WSUS). |
|
QNX (Neutrino) |
Operating System often used in vehicle infotainment systems. Includes security features such as sandboxing and fine-grained access controls. |
|
Ubuntu Core |
A read-only root file system, security sandbox for applications and separate (independent) update of applications from the OS. Allows categorization of applications as trusted or untrusted and supports Unified Extensible Firmware Interface (UEFI) secure boot. Learn more at https://developer.ubuntu.com/en/snappy/guides/security-whitepaper. |
|
OpenWRT |
A popular open source OS used often in wireless routers. |
|
GreenHills IntegrityOS |
A higher-assurance operating system. |
Many IoT device profiles are shrinking to small but powerful SoC units, capable of running a variety of secured-boot operating systems, featuring strict access controls, process isolation, trusted execution environments, kernel separation, information flow control, and tightly integrated cryptographic security architectures. Safety-critical IoT devices employ RTOS that meet industry-specific standards. Examples of these include the following:
- DO-178B: Software considerations in airborne systems and equipment certification for avionics systems
- IEC 61508: Functional safety for industrial control systems
- ISO 62304: Medical device software
- SIL3/SIL4: Safety integrity level for transportation and nuclear systems
Other critical security attributes pertain to security configuration and the storage of security sensitive parameters. Often configuration settings that are applied to an operating system are lost upon power cycle without battery-backed RAM or some other persistent storage. In many instances, a configuration file is kept within persistent memory to provide the various network and other settings necessary to allow the device to perform its functions and communicate. Of even greater interest are the handling of the root password, other account passwords, and the cryptographic keys stored on the devices when the device is power-cycled. Each of these issues has one or more security implications and requires the attention of security engineers.