         Embedded Systems Security培训

Introduction

Security vs embedded systems security
Characteristics of Embedded Application Security

Embedded network transactions
Automotive security
Android devices
Next-generation software-defined radio
Critical Aspects of an Embedded System

Microkernel vs monolith
Independent security levels
Core security requirements
Access control
I/O virtualization
Performing Threat Modeling and Assessment

Attackers and assets
Attack surface
Attack trees
Establishsing a security policy
Developing Secure Embedded Software

Secure coding principles
Secure program design
Minimal Implementation
Component architecture
Least privilege
Secure development process
Independent expert validation
Model-driven design
Code review and static analysis
Security testing
Peer code reviews
Understanding and Implementing Cryptography

Cryptographic modes
Cryptographic hashes
Cryptographic certifications
Managing keys
Block ciphers
Message Authentication Codes
Random Number Generation
Data Protection

Data-in-motion protocols
Securing data in motion
Data-at-rest protocols
Securing data at rest
Mitigating Attacks

Common software attacks
Preventing side-channel attacks
Retrofitting Security in Existing Projects

Securing bootloaders and firmware updates
Summary and Conclusion