Embedded Systems Security Training Course

Introduction

• Security vs embedded systems security

Characteristics of Embedded Application Security

• Embedded network transactions
• Automotive security
• Android devices
• Next-generation software-defined radio

Critical Aspects of an Embedded System

• Microkernel vs monolith
• Independent security levels
• Core security requirements
• Access control
• I/O virtualization

Performing Threat Modeling and Assessment  

• Attackers and assets
• Attack surface
• Attack trees
• Establishsing a security policy

Developing Secure Embedded Software

• Secure coding principles
• Secure program design
• Minimal Implementation
• Component architecture
• Least privilege
• Secure development process
• Independent expert validation
• Model-driven design
• Code review and static analysis
• Security testing
• Peer code reviews

Understanding and Implementing Cryptography

• Cryptographic modes
• Cryptographic hashes
• Cryptographic certifications
• Managing keys
• Block ciphers
• Message Authentication Codes
• Random Number Generation

Data Protection

• Data-in-motion protocols
• Securing data in motion
• Data-at-rest protocols
• Securing data at rest

Mitigating Attacks

• Common software attacks
• Preventing side-channel attacks

Retrofitting Security in Existing Projects

• Securing bootloaders and firmware updates

Summary and Conclusion