Practical Embedded Linux Security

Embedded Linux developers and architects working on projects which need to be secure.

“Practical Embedded Linux Security Online” is aimed at electronic hardware, software and system-on-chip engineers who need to gain a working knowledge of the software and operating system security issues affecting Linux based embedded systems.

Please note: this is not a course on bare metal security issues affecting microcontrollers. Delegates wishing to learn more about that topic are recommended to take the Doulos  Embedded System Security for C/C++ Developers course.

• Awareness of security tools & frameworks available for configurable embedded Linux systems
• How to apply isolation using lightweight LXC containers
• Access control and security policy implementations using an LSM
• Cryptography principles applied to secure network communications, filesystems and the platform
• How to use Linux kernel security services and security configurations
• Secure coding principles and common vulnerabilities
• How a Secure Development Lifecycle can manage a secure project

Attendees should be familiar with and have experience of working with embedded Linux systems, e.g. completion of Developing with Embedded Linux training or equivalent working knowledge.

Specifically, attendees should have:

• An understanding of the structure of an embedded Linux system and how to work with the component parts
• Practical information about developing, analyzing and debugging kernel and user space applications using a wide range of freely available Linux tools
• An understanding of how to configure embedded Linux on a target, including the filesystem and the booting process

Attendees should also have knowledge of the C or C++ programming language and embedded system architecture. In particular, a basic level of familiarity with functions, variables, data types, operators, and statements.

The Doulos C Programming for Embedded Systems course provides appropriate preparation for engineers who lack this experience.

Please contact Doulos directly to discuss and assess your specific experience against the pre-requisites.

Doulos training materials are renowned for being the most comprehensive and user-friendly available. Their style, content and coverage are unique in the Embedded Systems training world and have made them sought after resources in their own right. The materials include:

• Fully indexed class notes creating a complete reference manual
• A downloadable VM image containing lab exercises as well as a fully configurable, Yocto based, distribution for a QEMU emulator.

Introduction

Security and trust • Attack model - threats, vulnerabilities, and exploits • CVEs and CWEs • Software development lifecycle and processes • Embedded System Security
Practicals: Look at the CVEs found in a Yocto build system with cve-check enabled. Find the severity of the vulnerabilities flagged as "unpatched".

Linux Security

Permissions • Filesystem and extended attributes • Process Privileges • Capabilities • Primitive operations • Syscall filtering with seccomp
Practicals: Explore the impact of the GTFOBins binaries when associated with elevated privileges or capabilities. Look at how access control lists can further limit access to files. Experiment with syscall filtering with seccomp.

Code Vulnerability

CWE Top 25 • Stack-based attacks • Improper input validation • Other vulnerabilities and useful tools
Practicals: Investigate several common code vulnerabilities including stack overflows and improper input validation, using tools like GDB to examine the effects. Use the checksec script to analyse compiler options for security.

Cryptography

Basic terminology • Encryption Plain text (P) and Cipher text (C) • Random Number Generators • Cipher modes • Integrity (cryptographic hashes) • Public Key Cryptography • Key exchange protocols • Software Signing
Practicals: Work through the process of sending an encrypted message using a Diffie-Hellman key exchange, monitoring the integrity of the data with a message authentication code.

Kernel Security

Kernel and CVE • Kernel hardening • Kernel security features • Extra: SoC security features implementation
Practicals: Test the security status of a kernel using CVE checking and the kconfig-hardened-check script. Use module signing to prevent the loading of a malicious kernel module. If you have time, experiment with the LoadPin LSM to prevent module loading from unauthorised locations.

Access Control Models and Mechanisms

Access Control (Discretionary, Mandatory) • LSM and MAC in Linux (SMACK,SELinux)
Practicals: First we will use a custom SMACK policy rule to limit access to a file. We next explore how certain SELinux policy rules can be tuned with Boolean values. Finally we extend a targeted policy by building a custom SELinux policy to control accesses for a new application. If you have time, other SELinux exceptions can be found and resolved.

Containers

Sandboxing • Namespaces and Cgroups • Characteristics of an Embedded Container • The LXC tools • Creating Containers in Yocto
Practical: Creating and comparing the effectiveness of full containers and application containers, when isolating a vulnerable FTP server.

Platform Security

Secure & measured boot • Trusted execution environments (Trustzone) • Trusted execution environments (OP-TEE) • Arm Trusted Firmware (TF-A) • U-boot hardening configurations
Practicals: Looking at the OP-TEE build system, modify an existing TA to decrement a counter and run it on the QEMU emulator.

Filesystem Integrity and Updates

Linux Filesystem Integrity Checks – IMA, EVM • Integrity and encryption for block devices (dm-verity, dm-integrity, dm-crypt) • Integrity and encryption for filesystems (fs-verity, fscrypt) • OTA update frameworks
Practical: Experiment with fscrypt to encrypt data on a Linux filesystem. Use fs-verity to detect changes to a file.

Network Security

Network layers • Netcat and remote shells • Port monitoring and firewalls • TLS • VPN
Practicals: Experiment with different mechanisms for creating VPNs.

Security Development Process

Common Criteria • Security Requirement • SDL and Maturity Models • Security Activities/Practices
Practicals: Perform a system wide security audit and look at the results. Use a threat modelling tool to help automate threat reports.

Testing & Monitoring

Unit tests and frameworks • Penetration Testing • Binary disassembly tools • Protocol Fuzzing • Intrusion Detection Systems
Practical: Use a network testing tool to detect a network intrusion attack.

 

For on-site, team-based training, please contact Doulos about tailoring this course to suit your particular hardware and software environment.