Introduction
Security and trust • Attack model - threats, vulnerabilities, and exploits • CVEs and CWEs • Software development lifecycle and processes • Embedded System Security
Practicals: Look at the CVEs found in a Yocto build system with cve-check enabled. Find the severity of the vulnerabilities flagged as "unpatched".
Linux Security
Permissions • Filesystem and extended attributes • Process Privileges • Capabilities • Primitive operations • Syscall filtering with seccomp
Practicals: Explore the impact of the GTFOBins binaries when associated with elevated privileges or capabilities. Look at how access control lists can further limit access to files. Experiment with syscall filtering with seccomp.
Code Vulnerability
CWE Top 25 • Stack-based attacks • Improper input validation • Other vulnerabilities and useful tools
Practicals: Investigate several common code vulnerabilities including stack overflows and improper input validation, using tools like GDB to examine the effects. Use the checksec script to analyse compiler options for security.
Cryptography
Basic terminology • Encryption Plain text (P) and Cipher text (C) • Random Number Generators • Cipher modes • Integrity (cryptographic hashes) • Public Key Cryptography • Key exchange protocols • Software Signing
Practicals: Work through the process of sending an encrypted message using a Diffie-Hellman key exchange, monitoring the integrity of the data with a message authentication code.
Kernel Security
Kernel and CVE • Kernel hardening • Kernel security features • Extra: SoC security features implementation
Practicals: Test the security status of a kernel using CVE checking and the kconfig-hardened-check script. Use module signing to prevent the loading of a malicious kernel module. If you have time, experiment with the LoadPin LSM to prevent module loading from unauthorised locations.
Access Control Models and Mechanisms
Access Control (Discretionary, Mandatory) • LSM and MAC in Linux (SMACK,SELinux)
Practicals: First we will use a custom SMACK policy rule to limit access to a file. We next explore how certain SELinux policy rules can be tuned with Boolean values. Finally we extend a targeted policy by building a custom SELinux policy to control accesses for a new application. If you have time, other SELinux exceptions can be found and resolved.
Containers
Sandboxing • Namespaces and Cgroups • Characteristics of an Embedded Container • The LXC tools • Creating Containers in Yocto
Practical: Creating and comparing the effectiveness of full containers and application containers, when isolating a vulnerable FTP server.
Platform Security
Secure & measured boot • Trusted execution environments (Trustzone) • Trusted execution environments (OP-TEE) • Arm Trusted Firmware (TF-A) • U-boot hardening configurations
Practicals: Looking at the OP-TEE build system, modify an existing TA to decrement a counter and run it on the QEMU emulator.
Filesystem Integrity and Updates
Linux Filesystem Integrity Checks – IMA, EVM • Integrity and encryption for block devices (dm-verity, dm-integrity, dm-crypt) • Integrity and encryption for filesystems (fs-verity, fscrypt) • OTA update frameworks
Practical: Experiment with fscrypt to encrypt data on a Linux filesystem. Use fs-verity to detect changes to a file.
Network Security
Network layers • Netcat and remote shells • Port monitoring and firewalls • TLS • VPN
Practicals: Experiment with different mechanisms for creating VPNs.
Security Development Process
Common Criteria • Security Requirement • SDL and Maturity Models • Security Activities/Practices
Practicals: Perform a system wide security audit and look at the results. Use a threat modelling tool to help automate threat reports.
Testing & Monitoring
Unit tests and frameworks • Penetration Testing • Binary disassembly tools • Protocol Fuzzing • Intrusion Detection Systems
Practical: Use a network testing tool to detect a network intrusion attack.
For on-site, team-based training, please contact Doulos about tailoring this course to suit your particular hardware and software environment.
