Säker C/C++-utveckling för inbyggda system
Säkerheten i inbyggda system är avgörande idag – och ännu viktigare i framtiden.
Lär dig använda C/C++ på ett säkert sätt i kritiska system, med fokus på bästa praxis för minneshantering, indatavalidering och felhantering.
Säkra inbyggda system bygger på en kombination av strategier och metoder för att samordna cybersäkerhet i både programvara och hårdvara inom inbyggda plattformar.
I kursen får du kunskap om säkerhet i inbyggda system och aktuella industristandarder, inklusive ISO/SAE 21434, IEC 62443, NIST SP 800-53, Common Criteria och OWASP.
Utbildningen innehåller även en introduktion till programmeringsspråket Rust och dess inbyggda säkerhetsfunktioner, såsom minnessäkerhet och typsäkerhet.
Utbildningsformat
3 dagars onlineutbildning: 18 timmar totalt, fördelat på 3 tillfällen à 6 timmar.
Kursen genomförs via videokonferenssystemet Microsoft Teams.
Kursmål
Introduction to embedded security and industry standards, including ISO/SAE 214341, IEC 62443, NIST SP 800-53, Common Criteria, and OWASP.
Learn about secure coding practices for C/C++ programming languages, including best practices for memory management, input validation, and error handling.
Introduce the RUST programming language and its built-in security features, including memory safety and type safety.
Learn about secure software development methodologies, including threat modelling, secure design principles, and secure coding standards.
Introduce techniques for ensuring security in embedded systems, including security testing, security provisioning, and secure boot processes.
Introduce cryptography in embedded system.
The course covers the design and implementation of secure embedded system hardware architecture, including secure boot processes and secure communication protocols.
Learn about secure communication in embedded systems, including network protocols, secure communication protocols, and secure data transfer.
Get an overview of security issues and best practices for Internet of Things (IoT) devices and systems.
Praktiska övningar
During exercises you will connect remotely to Linux PC to performing the activities.
The trainer has access to trainees’ Online PCs for technical and pedagogical assistance.
Downloadable preconfigured virtual machine for post-course practical activities.
Dag 1
Embedded Security and programming languages C/C++, RUST
Introduktion till embedded security
Embedded Security Trends
Embedded Systems Complexity
Sophisticated Attacks
Processor consolidation
Security policies
Perfect Security?
Embedded Security Challenges
Confidentiality, Integrity, and Availability
Isolation
Information Flow Control
Physical Security Policies
Security Threats
Summary of issues
Cyberattack exploits
Legacy Systems
Updatability
Securing Legacy Systems
Project Requirements
Performance?
Security standards
ISO/IEC
IEEE
UL 2900-2-2
IoT recommended Security standards
Secure C/C++ Code
Secure C
Preprocessor and macros
Compilation, Declaration, definition, and initialization
Types
Pointers and arrays
Structure and unions
Expressions
Conditional and iterative structures
Functions
Memory Management
Error handling
Standard Libraries
Secure C++
Declarations and Initialization
Expressions
Integers
Containers
Characters and Strings
Memory Management
Input Output
Exceptions and Error Handling
Object Oriented Programming
Concurrency
Miscellaneous
Exercise: Debugging Memory Problems
Security in RUST
Development environment
Libraries
Language generalities
Memory management
Type system
Foreign function interface (FFI)
Recommendations
Dag 2
Dag 3
Nohau Training Partner
Den här kursen tillhandahålls av en Nohau Training Partner, en pålitlig leverantör av utbildning för yrkesverksamma inom inbyggda system, mjukvaruutveckling och ingenjörskonst.
