Course Outline

Introduction

  • Security vs embedded systems security

Characteristics of Embedded Application Security

  • Embedded network transactions
  • Automotive security
  • Android devices
  • Next-generation software-defined radio

Critical Aspects of an Embedded System

  • Microkernel vs monolith
  • Independent security levels
  • Core security requirements
  • Access control
  • I/O virtualization

Performing Threat Modeling and Assessment  

  • Attackers and assets
  • Attack surface
  • Attack trees
  • Establishsing a security policy

Developing Secure Embedded Software

  • Secure coding principles
  • Secure program design
  • Minimal Implementation
  • Component architecture
  • Least privilege
  • Secure development process
  • Independent expert validation
  • Model-driven design
  • Code review and static analysis
  • Security testing
  • Peer code reviews

Understanding and Implementing Cryptography

  • Cryptographic modes
  • Cryptographic hashes
  • Cryptographic certifications
  • Managing keys
  • Block ciphers
  • Message Authentication Codes
  • Random Number Generation

Data Protection

  • Data-in-motion protocols
  • Securing data in motion
  • Data-at-rest protocols
  • Securing data at rest

Mitigating Attacks

  • Common software attacks
  • Preventing side-channel attacks

Retrofitting Security in Existing Projects

  • Securing bootloaders and firmware updates

Summary and Conclusion

Requirements

  • Experience with embedded systems development.

Audience

  • Embedded systems professionals
  • Security professionals
 21 Hours

Testimonials (5)

Related Categories