Barr Group FacebookBarr Group TwitterBarr Group LinkedInBarr Group Vimeo

Course Overview

Course Length: 
4 Days

 Printable PDF

Barr Group's Embedded Security Boot Camp® is a 4-day immersion into the unique challenges of building security into embedded devices. Through lectures and hands-on exercises, this intense, fun, and information-rich program will lead engineers through the steps of architecting and implementing secure embedded systems applications, including preventing electronics, firmware, and network attacks using only the processing power and memory of resource-constrained embedded devices. This course is best suited for experienced embedded systems design engineers. All exercises are done using an ST Microelectronics target development board.

Topics covered in this course include:

  • How to perform threat modeling and assessment
  • A set of software development processes to detect and prevent security bugs
  • How to secure data at rest with encryption and authentication
  • How to secure data in motion with a secure protocol and how to manage keys securely
  • Best practice mechanical and electrical security design techniques
  • Considerations for secure bootloaders and secure the firmware update

Attendees will receive a fully equipped development board kit with the hardware and resources necessary to develop a secure embedded system.

  • STMicroelectronics ARM Cortex-M4 STM32F417IG Processor with Crypto Accelerator (external link)
  • An electronic copy of all lecture slides
  • An electronic Exercise Manual with instructions for all programming exercises,
  • A USB thumb drive containing:
  • Source code starting points for the exercises
  • An electronic copy of the book Programming Embedded Systems with C and GNU Development Tools (link is external) by Michael Barr and Anthony Massa
  • An electronic copy of the book Embedded C Coding Standard by Michael Barr
  • An electronic copy of the book Embedded Systems Dictionary (link is external) by Jack Ganssle and Michael Barr
  • Datasheets and User's Manuals for all of the hardware and tools

A certificate of course completion is provided.


  • Introduction
    • Embedded Systems Attacks
    • Uniquely Embedded Concerns
    • Reliability and Security
    • Security Arms Race
    • Role of Obscurity
  • Threat Assessment
    • Attackers and Assets
    • Attack Surface
    • Attack Trees
    • Security Policy
  • Random Numbers and Entropy
    • Random Numbers’ Role in Security
    • Entropy
    • Random Number Generators
  • Protecting Data At Rest
    • Block Ciphers
    • Cipher Modes
    • Hashes
    • Message Authentication Codes
  • Common Firmware Vulnerabilities
    • Backdoors
    • Common Programming Bugs
    • C++ Techniques
    • Change of Execution Attacks
    • Denial of Service (DOS)
  • Defensive Software Architectures
    • Combating Complexity
    • Secure RTOS
    • Memory Partitioning and Protection
    • CPU Time Partitioning
    • Locking Down Firmware
  • Defensive Hardware Interfaces
    • Exception Handling
    • Race Conditions
    • User Interface
    • Case Study: A/D Converters
    • FPGAs and Security
  • Public Key Cryptography
    • Key Exchange
    • RSA Cryptosystem
    • Elliptic Curve Cryptography
    • Digital Signatures and Certificates
    • Key Management
  • Protecting Data In Motion
    • Concerns
    • Secure Protocols
    • SSL / TLS
  • Secure Software Process
    • Capturing Security Requirements
    • Secure Coding Standard
    • Peer Code Reviews
    • Static Analysis


Attendees should be comfortable with writing code that interfaces with microcontroller hardware.


Each student will need a computer, such as a laptop, running XP or a newer version of Windows with an available USB port and administrator privileges. (Windows over Mac OS X generally works.)

Related Courses

Upcoming Sessions

Date(s) Location PRICE Register
Apr 16 to Apr 19
Embedded Security Boot Camp
Germantown, Maryland, United States $2,499.00 *

Find out More

To find out more about our upcoming public trainings, go to our Training Calendar.

Contact Us to find out more about this course or to enquire about an on-site training at your company.

Recording Policy

All Barr Group Training Public and On-site courses may not be audiotaped, videotaped or photographed without consent from Barr Group's executive team.  Barr Group reserves the right to record portions or all of a training course for instructional purposes.  As a result, attendees present may also appear on the recording.