Secure C/C++ Development for Embedded Systems
The security of embedded systems is important today and even more in the future.
Learn how to safely use C/C++ in critical systems, including best practices for memory management, input validation, and error handling. Secure embedded systems combine numerous strategies and procedures for the complete coordination of cyber security in the programming and hardware of embedded frameworks.
You will learn about embedded security and industry standards, including ISO/SAE 214341, IEC 62443, NIST SP 800-53, Common Criteria, and OWASP. You also get an introduction to the RUST programming language and its built-in security features, including Memory-safety and Type-safety.
Training format
3 days online training: 18 hours, 3 sessions, 6 hours each
Course dispensed using the Teams video-conferencing system.
Course Objectives
Introduction to embedded security and industry standards, including ISO/SAE 214341, IEC 62443, NIST SP 800-53, Common Criteria, and OWASP.
Learn about secure coding practices for C/C++ programming languages, including best practices for memory management, input validation, and error handling.
Introduce the RUST programming language and its built-in security features, including memory safety and type safety.
Learn about secure software development methodologies, including threat modelling, secure design principles, and secure coding standards.
Introduce techniques for ensuring security in embedded systems, including security testing, security provisioning, and secure boot processes.
Introduce cryptography in embedded system.
The course covers the design and implementation of secure embedded system hardware architecture, including secure boot processes and secure communication protocols.
Learn about secure communication in embedded systems, including network protocols, secure communication protocols, and secure data transfer.
Get an overview of security issues and best practices for Internet of Things (IoT) devices and systems.
Theoretical course
PDF course material (in English)
Course dispensed using the Teams video-conferencing system.
The trainer to answer trainees’ questions during the training and provide technical and pedagogical assistance through the Teams video-conferencing system.
Practical activities
During exercises you will connect remotely to Linux PC to performing the activities.
The trainer has access to trainees’ Online PCs for technical and pedagogical assistance.
Downloadable preconfigured virtual machine for post-course practical activities.
Day 1
Day oneEmbedded Security and programming languages C/C++, RUST
Introduction to embedded security
Embedded Security Trends
Embedded Systems Complexity
Sophisticated Attacks
Processor consolidation
Security policies
Perfect Security?
Embedded Security Challenges
Confidentiality, Integrity, and Availability
Isolation
Information Flow Control
Physical Security Policies
Security Threats
Summary of issues
Cyberattack exploits
Legacy Systems
Updatability
Securing Legacy Systems
Project Requirements
Performance?
Security standards
ISO/IEC
IEEE
UL 2900-2-2
IoT recommended Security standards
Secure C/C++ Code
Secure C
Preprocessor and macros
Compilation, Declaration, definition, and initialization
Types
Pointers and arrays
Structure and unions
Expressions
Conditional and iterative structures
Functions
Memory Management
Error handling
Standard Libraries
Secure C++
Declarations and Initialization
Expressions
Integers
Containers
Characters and Strings
Memory Management
Input Output
Exceptions and Error Handling
Object Oriented Programming
Concurrency
Miscellaneous
Exercise: Debugging Memory Problems
Security in RUST
Development environment
Libraries
Language generalities
Memory management
Type system
Foreign function interface (FFI)
Recommendations
Day 2
Day 3
Nohau Training Partner
This course is provided by a Nohau Training Partner, a trusted provider of hands-on training for professionals in embedded systems, software development, and engineering.
