Secure C/C++ Development for Embedded Systems
Learn how to safely use C/C++ in critical systems, including best practices for memory management, input validation, and error handling. Secure embedded systems combine numerous strategies and procedures for the complete coordination of cyber security in the programming and hardware of embedded frameworks.
You will learn about embedded security and industry standards, including ISO/SAE 214341, IEC 62443, NIST SP 800-53, Common Criteria, and OWASP. You also get an introduction to the RUST programming language and its built-in security features, including Memory-safety and Type-safety.
Training format
3 days online training: 18 hours, 3 sessions, 6 hours each
Course dispensed using the Teams video-conferencing system.
Course Objectives
Introduction to embedded security and industry standards, including ISO/SAE 214341, IEC 62443, NIST SP 800-53, Common Criteria, and OWASP.
Learn about secure coding practices for C/C++ programming languages, including best practices for memory management, input validation, and error handling.
Introduce the RUST programming language and its built-in security features, including memory safety and type safety.
Learn about secure software development methodologies, including threat modelling, secure design principles, and secure coding standards.
Introduce techniques for ensuring security in embedded systems, including security testing, security provisioning, and secure boot processes.
Introduce cryptography in embedded system.
The course covers the design and implementation of secure embedded system hardware architecture, including secure boot processes and secure communication protocols.
Learn about secure communication in embedded systems, including network protocols, secure communication protocols, and secure data transfer.
Get an overview of security issues and best practices for Internet of Things (IoT) devices and systems.
Theoretical course
PDF course material (in English)
Course dispensed using the Teams video-conferencing system.
The trainer to answer trainees’ questions during the training and provide technical and pedagogical assistance through the Teams video-conferencing system.
Practical activities
During exercises you will connect remotely to Linux PC to performing the activities.
The trainer has access to trainees’ Online PCs for technical and pedagogical assistance.
Downloadable preconfigured virtual machine for post-course practical activities.
Day 1
Embedded Security and programming languages C/C++, RUST
Introduction to embedded security
Embedded Security Trends
Embedded Systems Complexity
Sophisticated Attacks
Processor consolidation
Security policies
Perfect Security?
Embedded Security Challenges
Confidentiality, Integrity, and Availability
Isolation
Information Flow Control
Physical Security Policies
Security Threats
Summary of issues
Cyberattack exploits
Legacy Systems
Updatability
Securing Legacy Systems
Project Requirements
Performance?
Security standards
ISO/IEC
IEEE
UL 2900-2-2
IoT recommended Security standards
Secure C/C++ Code
Secure C
Preprocessor and macros
Compilation, Declaration, definition, and initialization
Types
Pointers and arrays
Structure and unions
Expressions
Conditional and iterative structures
Functions
Memory Management
Error handling
Standard Libraries
Secure C++
Declarations and Initialization
Expressions
Integers
Containers
Characters and Strings
Memory Management
Input Output
Exceptions and Error Handling
Object Oriented Programming
Concurrency
Miscellaneous
Exercise: Debugging Memory Problems
Security in RUST
Development environment
Libraries
Language generalities
Memory management
Type system
Foreign function interface (FFI)
Recommendations
Day 2
Secure Software Development and Testing
Secure Software Development
Threat modelling
Introduction to threat modelling
Example threat models
Risk analysis
Software Assurance Maturity Model (SAMM)
Platform Security architecture (PSA)
Frameworks and Standards
NIST SP 800-160: Developing Cyber-Resilient Systems
ISO/SAE 214341: Road vehicles & Cybersecurity engineering
ISO/IEC 15408: Security, cybersecurity and privacy protection
IEC 651508: Functional Safety of electrical/electronic/programmable electronic safety-related systems
UL 2900-2-2: Software cybersecurity for network-connectable products
Security Knowledge Framework and Certifications
Ensuring security in Embedded Systems
Introduction
Security Testing
Penetration testing
Vulnerability scanning
Risk assessment
Static Analysis
Dynamic analysis
Protocol fuzzing
Security provisioning
Security configuration management
Identity and access management
Incident response and management
Compliance and regulatory requirements
Security Testing Tools overview
Cryptography introduction
Overview of cryptography
Classic Cryptography
Information assurance
Symmetric encryption
Asymmetric encryption
Random number generation
Integrity and authentication
Access authentication
Elliptic Curve cryptography
Certificates and Public Key infrastructures
Rules and recommendations
Exercise: Encryption/Decryption
Exercise: Private/Public Keys
Exercise: Authentication and Integrity on IoT Devices
Day 3
Hardware Architecture, Transport Layer Security and IoT security recommendations
Secure Embedded System Hardware Architecture
Crypto-Accelerator Overview
ARM TrustZone
Intel Software Guard eXtensions
SoC Security overview
Memory Protection
Trusted Boot and Firmware update overview
Secure Elements
Trusted Platform Module (TPM)
Hardware Security Module (HSM)
Exercise: Secure boot
Exercise: ARM TrustZone application (secure/non secure)
Overview of Secure Communication in embedded Systems (3 hours)
Introduction
Transport Layer Security (TLS)
IPsec/IKE
Network layer
Bluetooth
WiFi
5G
NFC
RFID
SigFox
IoT security
Secured IoT architecture
IoT standard and recommendations
Software development architecture and practices
Cryptology
Software security
Hardware protection
Network security
Life cycle and support
Nohau Training Partner
This course is provided by a Nohau Training Partner, a trusted provider of hands-on training for professionals in embedded systems, software development, and engineering.
