Advanced Embedded Systems Security
In this course you will learn how to secure your embedded system. You will learn how to protect your program from malicious user input. You will also understand the use of hypervisors and virtualization of the system, and discover controls and tools for embedded security. You will also have hands-on exercises with topics such as memory protection unit (MPU) and secure boot.
Advanced Security for Embedded Systems
Course objectives
Understand the fundamental concepts and importance of embedded security, and recognize the key standards related to embedded systems security.
Comprehend the hardware security features in embedded systems
Analyze the concepts of key management in embedded devices
Identify the operating system security overview
Evaluate the advanced data protection and secure communication techniques
Apply testing for security in embedded systems.
Develop strategies to mitigate security threats and vulnerabilities
Prerequisities
Familiarity with computer architecture
Programming skills: Some programming experience, particularly in C
Knowledge of embedded systems implementations
Basic understanding of Security Algorithms and Secure coding
See also: – Secure C/C++ Development for Embedded Systems
Course environment
Instructor-led training online.
Students will be given access to a shared filesystem to save and share their work.
PDF course material (in English)
Day One
System Software Consideration
The Operating System
Multiple Independent Levels of Security
Information Flow
Data Isolation
Damage Limitation
Periods Processing
Tamper Proof
Evaluable
Core embedded Operating system Security Requirements
Memory Protection
Virtual Memory
Guard Pages
Location obfuscation
Fault Recovery
Impact of Determinism
Secure Scheduling
Hypervisors and System Virtualization
Introduction to System Virtualization
Applications of System Virtualization
Environment Sandboxing
Virtual Security Appliances
Hypervisor Architectures
Paravirtualization
Leveraging Hardware Assists for Virtualization
ARM TrustZone
Hypervisor Security
I/O Virtualization
Remote Management
Assuring Integrity of the TCB
Trusted Hardware and Supply Chain
Secure Boot
Static versus Dynamic Root of Trust
Remote Attestation
Exercise: | Memory Protection (MPU) |
Exercise: | ARM TrustZone |
Exercise: | Secure Boot |
Day Two
Data Protection Protocols for Embedded Systems
Data-in-Motion Protocols
Generalized Model
Choosing the Network Layer for Security
Ethernet Security Protocols
IPsec versus SSL
IPsec
SSL/TLS
Embedded VPN Clients
DTLS
SSH
Custom Network Security Protocols
Secure Multimedia Protocols
Broadcast Security
Data-at-Rest Protocols
Choosing the Storage Layer for Security
Symmetric Encryption Algorithm Selection
Managing the Storage Encryption Key
Testing for Security
Basic Testing Methods
White-Box Testing
Black-Box Testing
Grey-Box Testing
Fuzz-Testing
Nohau Training Partner
This course is provided by a Nohau Training Partner, a trusted provider of hands-on training for professionals in embedded systems, software development, and engineering.
