Blue Chip Training and Consulting

Embedded Systems Security Training Course

Overview

This instructor-led, live training introduces the system architectures, operating systems, networking, storage, and cryptographic issues that should be considered when designing secure embedded systems.

By the end of this course, participants will have a solid understanding of security principles, concerns, and technologies. More importantly, participants will be equipped with the techniques needed for developing safe and secure embedded software.

Format of the course

  • Interactive lecture and discussion.
  • Lots of exercises and practice.
  • Hands-on implementation in a live-lab environment.

Course Customization Options

  • To request a customized training for this course, please contact us to arrange.

Requirements

  • Experience with embedded systems development.

Audience

  • Embedded systems professionals
  • Security professionals

Course Outline

Introduction

  • Security vs embedded systems security

Characteristics of Embedded Application Security

  • Embedded network transactions
  • Automotive security
  • Android devices
  • Next-generation software-defined radio

Critical Aspects of an Embedded System

  • Microkernel vs monolith
  • Independent security levels
  • Core security requirements
  • Access control
  • I/O virtualization

Performing Threat Modeling and Assessment  

  • Attackers and assets
  • Attack surface
  • Attack trees
  • Establishsing a security policy

Developing Secure Embedded Software

  • Secure coding principles
  • Secure program design
  • Minimal Implementation
  • Component architecture
  • Least privilege
  • Secure development process
  • Independent expert validation
  • Model-driven design
  • Code review and static analysis
  • Security testing
  • Peer code reviews

Understanding and Implementing Cryptography

  • Cryptographic modes
  • Cryptographic hashes
  • Cryptographic certifications
  • Managing keys
  • Block ciphers
  • Message Authentication Codes
  • Random Number Generation

Data Protection

  • Data-in-motion protocols
  • Securing data in motion
  • Data-at-rest protocols
  • Securing data at rest

Mitigating Attacks

  • Common software attacks
  • Preventing side-channel attacks

Retrofitting Security in Existing Projects

  • Securing bootloaders and firmware updates

Summary and Conclusion

Categories:
, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *