Best Practices for Designing Safe & Secure Embedded Systems

Course Overview

Best Practices for Designing Safe & Secure Embedded Systems

Course Length

4 Days

CEUs

3.00

Format

Lecture

In today’s explosive growth of interconnectivity, the importance of developing of safe and security-hardened embedded systems has never been more critical. In this lecture series, attendees will learn the best design practices for developing both safe and secure embedded systems. This course will dive deep into critical security issues such as embedded crypto and retrofitting security and the use of coding standards, static analysis, and other best practices to increase reliability, safety, and security in embedded devices.

Series Prerequisites: Attendees should have prior experience in the design of one or more embedded systems.

This course is split into two sections. Sections can also be taught as individual courses.

SECTION I: Best Practices for Designing Secure Embedded Systems

Vulnerabilities in products ranging from medical devices to industrial control systems and automobiles are being exploited by attackers. However, these systems can be hardened by following a variety of best practices. This two-day training gives you the skills to harden your embedded system to prevent vulnerabilities and defend against the most common attacks.

Topics covered in this section include:

Threat Assessment
Protecting Data at Rest
Protecting Data in Motion
Defenses in Software
Defenses in Hardware

SECTION 2: Best Practices for Designing Safe Embedded Systems

Embedded systems are pervasive: from implantable medical devices to self-driving cars. The risks of human injury are also rising as more embedded systems connect to the internet and each other - becoming open to hacking as well as malfunction.

In this 2-day section, attendees will learn "what, why and how" of approximately a dozen practical, lightweight techniques for designing safer and more reliable embedded systems. We will focus on minimizing hazards and malfunctions though a combination of lightweight, demonstrably-effective design techniques. Architectural, process and cultural aspects will also be covered.

Topics covered in this section include:

System Partitioning for Designing Safe, Robust Systems
Run-Time Monitoring
Design for Test
Managing Time for Safe Product Operation
Run-time Logging
Safety Case Requirements
Managing Software Complexity
Coding Standards
Static Analysis
Code Inspections
Issue Tracking
Post Mortems

Syllabus

SECTION I: Best Practices for Designing Secure Embedded Systems

Length: 2 Day
Format: Lecture

CEUs: 1.5

Topics covered in this section include:

Introduction

Embedded Systems Attacks
Uniquely Embedded Concerns
Reliability and Security
Obscurity and Security
Entropy and Random Numbers

Threat Assessment

Attackers and Assets
Attack Surface
Attack Trees
Security Policy

Protecting Data at Rest

Block Ciphers
Cipher Modes
Hashes
Message Authentication Codes

Protecting Data in Motion

Public-Key Cryptography
Secure Protocols
TLS/SSL

Defenses in Software

Common Firmware Vulnerabilities
Defensive Software Architectures
Defensive Hardware Interfaces

Defenses in Hardware

Securing External Memory
JTAG/Debug Port Considerations
Other Physical Attack Vectors
Tamper Detection and Logging

Wrap-up and Discussion

SECTION 2: Best Practices for Designing Safe Embedded Systems

Length: 2 Days
Format: Lecture

CEUs: 1.5

This course explains several key design techniques that you can employ to develop safer and more reliable embedded systems. Through our consulting with many companies in a range of industries, we are continually surprised that such techniques -- including the techniques you will learn in this course -- are not more widely known and practiced.

Topics covered in this section include:

System Partitioning for Designing Safe, Robust Systems

Hardware / software partitioning
Fault containment
Real-time considerations

Run-Time Monitoring

Power-on and run-time self-tests
Hard and soft errors
CPU load monitoring

Design for Test

Benefits
Adding controllability and observability into a system
Using test results to identify root causes of defects

Managing Time for Safe Product Operation

Defining real-time systems
Scheduling strategies
Rate monotonic algorithm
Schedulable bound
CPU utilization
Task priority assignment

Run-time Logging

Benefits
Logging strategies
Configurability
Timestamping
Data exfiltration
Real-world case study

Safety Case Requirements

Benefits
Essential components
Safety case example
Fault tree analysis (FTA)
Failure modes & effects analysis (FMEA)

Managing Software Complexity

Benefits
Measuring techniques
Techniques for reducing complexity
Metrics, including McCabe Cyclomatic complexity

Coding Standards

Benefits
Coding standard rules to minimize code defects
Introducing and enforcing coding standard rules
Examples of prescriptive coding rules that reduce defects

Static Analysis

Benefits
Examples of defects caught only through static analysis
Tool configuration
Reducing false positives

Code Inspections

Benefits
Approaches to code inspections
Metrics
Best practices

Issue Tracking

Benefits
Best practices
Data-driven planning

Post Mortems

Benefits
Understanding root causes of problems
Identifying areas for improvement

Reviews

Find out More

Recording Policy

Barr Group's courses may not be audiotaped, videotaped, or photographed without consent from Barr Group's executive team.

Best Practices for Designing Safe & Secure Embedded Systems

Course Overview