Global training solutions for engineers creating the world's electronics products

Embedded Linux Security - KnowHow Workshop

Get a full day of hands-on, workshop-style training in key subject areas, presented by Doulos expert trainers.

With valuable takeaway resources and live interaction with industry organisations and professionals, this is not an event to miss...

Who should attend & What you need

Who should attend & pre-requisites

This event is for embedded engineers looking for a practical introduction to these key topics.

Minimal knowledge of the topic areas will be sufficient to attend the workshops (unless otherwise stated below).

What will I need?

The workshops have been created to be accessible by a wide audience with standard technology requirements. Full details of how to login and what you will need to participate will be provided in plenty of time before the event.

Find out more about how Doulos runs Live Online Training

What will I learn

The following presentations will be complemented by practical hands-on exercises and instructions on their use with software development tools. Details of how this will work online will be provided soon.

Presentation 1: Common Attacks and Mitigations

This session introduces the most common vulnerabilities in embedded Linux software and shows ways that you can protect your system against them. We will discuss fundamental software vulnerabilities, including security problems introduced during the design and implementation of software. This can lead to issues such as stack and heap attacks, string format attacks, integer overflow and memory management issues. Secure Embedded Logo
Practical 1:
In this exercise we will investigate how binary code is structured and also take a look at common vulnerabilities in applications written in C.
We examine examples of common attacks like buffer overflow and command injection and see how to use debugging tools like GDB to analyse potential weaknesses.

Presentation 2: Coding Standards and Defensive Programming

C is the most widely used programming language for embedded application.
Although a powerful language, it is widely understood that this power has the downside that unsafe, insecure and unreliable code is all too easy to write.

A good solution is to develop code that is compliant with an appropriate set of guidelines that help avoid the pitfalls.MISRA C and CERT C are two examples of such guidelines. In this presentation these two standards are introduced, compared and contrasted, so you have opportunity to make an informed choice for your specific project. Each of the two standards has some excellent characteristics, but every embedded project is different; one size does not fit all!

Practical 2:
In this exercise we will investigate how a dynamic fuzzing tool can help identify weaknesses in software. For this we will setup the popular open source ALF fuzzer to help track crashes and memory leaks in conjunction with the Address Sanitizer compiler framework (ASAN).

Stream sponsor: 

Looking for team-based training, or other locations?

Complete an enquiry form and a Doulos representative will get back to you.

Enquiry FormPrice on request