Course Overview

Course Length: 
4 Days
CEUs: 
3.0
Format: 
Hands-on/Lecture

Barr Group's Embedded Security Boot Camp® is a 4-day immersion into the unique challenges of building security into embedded devices. Through lectures and hands-on exercises, this intense, fun, and information-rich program will lead engineers through the steps of architecting and implementing secure embedded systems applications, including preventing electronics, firmware, and network attacks using only the processing power and memory of resource-constrained embedded devices. This course is best suited for experienced embedded systems design engineers. All exercises are done using an ST Microelectronics target development board.

Topics covered in this course include:

  • How encryption works and how to manage secret keys
  • How to secure data at rest
  • How to implement secure authentication
  • How to secure data in motion, including via secure protocols
  • How to perform threat modelling and assessment
  • Best practice software development processes to prevent security holes
  • Best practice mechanical and electrical design techniques for secure systems
  • Considerations for secure bootloader designs and secure firmware updates

Attendees will receive a fully equipped ST Micro development board with crypto acceleration hardware in an ARM-Cortex-M4 processor as well as:

  • An electronic copy of all lecture slides
  • An electronic Exercise Manual with instructions for all programming exercises
  • Source code starting points for the exercises
  • An electronic copy of the book Programming Embedded Systems with C and GNU Development Tools (link is external) by Michael Barr and Anthony Massa
  • An electronic copy of the book Embedded C Coding Standard by Michael Barr
  • An electronic copy of the book Embedded Systems Dictionary (link is external) by Jack Ganssle and Michael Barr
  • Datasheets and User's Manuals for all of the hardware and tools

Requirements:  Attendees must bring a laptop running Windows XP, Windows Vista, Windows 7, Windows 8 or Windows 10, with an available USB port. Windows over Mac OS X is also a viable option. 

A certificate of course completion is provided.

Explore this course:

Find out more:

Syllabus

Introduction

  • Embedded Systems Attacks
  • Uniquely Embedded Concerns
  • Reliability and Security
  • Security Arms Race
  • Role of Obscurity

Threat Assessment

  • Attackers and Assets
  • Attack Surface
  • Attack Trees
  • Security Policy

Random Numbers and Entropy

  • Random Numbers’ Role in Security
  • Entropy
  • Random Number Generators

Protecting Data At Rest

  • Block Ciphers
  • Cipher Modes
  • Hashes
  • Message Authentication Codes

Common Firmware Vulnerabilities

  • Backdoors
  • Common Programming Bugs
  • C++ Techniques
  • Change of Execution Attacks
  • Denial of Service (DOS)

Defensive Software Architectures

  • Combating Complexity
  • Secure RTOS
  • Memory Partitioning and Protection
  • CPU Time Partitioning
  • Locking Down Firmware

Defensive Hardware Interfaces

  • Exception Handling
  • Race Conditions
  • User Interface
  • Case Study: A/D Converters
  • FPGAs and Security

Public Key Cryptography

  • Key Exchange
  • RSA Cryptosystem
  • Elliptic Curve Cryptography
  • Digital Signatures and Certificates
  • Key Management

Protecting Data In Motion

  • Concerns
  • Secure Protocols
  • SSL / TLS

Secure Software Process

  • Capturing Security Requirements
  • Secure Coding Standard
  • Peer Code Reviews
  • Static Analysis

Reviews

"This is my 2nd Barr Group course.  These are the best training courses I have taken with lots of information I can directly apply to my work." -Attendee, Embedded Software Engineer, 2018

"Learned more about embedded security in 4 days than during the rest of my career." -Attendee, Embedded Software Engineer, 2018

"This class was a great mix of lecture, real world examples, and interactive exercises, providing a 360-degree view of embedded security." -Attendee, Embedded Software Engineer, 2018

"This class was an eye opening experienced to the world of embedded cyber security" -Attendee, Embedded Software Engineer, 2018

 

Related Courses

Find out More

Contact us now to find out more about this course or to enquire about an on-site training at your company.

Recording Policy

Barr Group's courses may not be audiotaped, videotaped, or photographed without consent from Barr Group's executive team.