Embedded System Security for C/C++ Developers Online

"Embedded System Security for C/C++ Developers" is aimed at electronic hardware, software and system-on-chip engineers who need to gain a working knowledge of the software and hardware security issues affecting a microcontroller-based embedded system. Note that this is not a course on the security issues affecting embedded Linux applications - delegates wishing to learn more about that topic are recommended to take the Doulos “Comprehensive Embedded Linux Security” course. 

• Identifying the main security threats and vulnerabilities for an embedded system
• How to use common encryption and decryption standards for data-at-rest and data-in-motion
• Key management and use of certificates for authentication
• How to secure communication with TLS
• Writing secure C code
• How to use a coding standard with static analysis tools to identify security issues in C code
• Using a Secure Software Development methodology and framework
• Embedded system hardware features for security
• Approaches to test security of embedded applications

Delegates should have knowledge of the C or C++ programming language and embedded system architecture. In particular a basic level of familiarity with functions, variables, data types, operators, and statements. The Doulos C Programming for Embedded Systems or C++ Programming for Embedded Systems courses provide appropriate preparation for engineers who lack this experience.

Please contact Doulos directly to discuss and assess your specific experience against the pre-requisites.

Doulos training materials are renowned for being the most comprehensive and user-friendly available. Their style, content and coverage are unique in the Embedded Systems training world, and have made them sought after resources in their own right. The materials include:

• Fully indexed class notes creating a complete reference manual
• Workbook full of practical examples and solutions to help you apply your knowledge

Introduction to Security

Why is security necessary • What are vulnerabilities • Overview of Secure Software Development Lifecycle

Writing Secure C/C++ Code 1 - Memory Vulnerabilities and Attacks

Safe use of pointers • Memory allocation and corruption • Buffer overflow • Return Oriented Programming

Writing Secure C/C++ Code 2 - Vulnerabilities and Mitigations

String and format functions • Integer security • Concurrency • File I/O
Lab - Memory Overflow-based attacks

Secure Software Development Lifecycle

Software design goals and threats • Threat modelling
Lab - Creating a Threat Model

Cryptography

Encryption and Decryption • Hashes • Block encryption • Block Cipher Modes • AES • Streaming Ciphers • ChaCha20+Poly1305 • AEAD
Lab - Message encryption/decryption

Cryptography in Action

Key management • Signing • Certificate and Certificate Agencies • Pre-shared secrets
Lab - Installing and using certificates

Transport Layer Security

Secure communications • Random Number Generators • Authentication • IoT Protocols • MQTT • DTLS • HTTPS • TLS Implementation • Wireless LAN Security and Threats
Lab - Sending secure messages

Rules for Secure Coding

Common Criteria • CWE and CVE • The Role of Coding Standards • CERT C and MISRA-C • Dynamic and Static Analysis
Lab - Use of static analysis tools

Secure Embedded System Software Architecture

Secure software architecture goals • Traditional guiding principles • Side channel & timing attacks • Least privilege, trust and secure processes • Arm Platform Security Architecture (PSA)
Lab - Side-channel timing attack

Secure Embedded System Hardware Architecture

Security in hardware • Crypto-Accelerator Overview • Arm TrustZone • Secure boot and update • Hardware options for security

Testing for Security

Unit tests and frameworks • Tools • Penetration Testing • Protocol Fuzzing • Disassembly • Simple Power Analysis (SPA) • Differential Power Analysis (DPA)

For on-site, team-based training, please contact Doulos about tailoring this course to suit your hardware and software environment.