Embedded System Security for C/C++ Developers

Dieser Kurs wird in Englisch durchgeführt. The course will be held in English.

Day 1
Linux Security
Permissions - Filesystem and extended attributes - Process Privileges - Capabilities - Primitive operations - Syscall filtering with seccomp
Practicals: Explore the impact of the GTFOBins binaries when associated with elevated privileges or capabilities. Look at how access control lists can further limit access to files. Experiment with syscall filtering with seccomp

Hardware Vulnerabilities for C Code
Safe use of pointers - Memory allocation and corruption - Return Oriented Programming - Buffer overflow 

Writing Secure C/C++ Code
String and format functions - Avoiding Buffer Overflow - Side Channel Timing Vulnerability - Integer security - Concurrency - TOCTOU - File I/O - Error Handling - Lab - Memory Overflow-based attacks 

Introduction to Cryptography
Encryption and Decryption - Cryptographer's Threat Model - Shift Cipher - One-time Pad - Random Number Generators - Data Encryption StrategiesImportance of Secure Coding in Embedded Systems - Common Weaknesses in Embedded Software - Secure Coding Guidelines and Best Practices - Code Review and Static Analysis for Security - Dynamic Analysis and Testing Techniques - Hands-On Lab: Writing Secure Code for Embedded Systems

Day 2
Symmetric Cryptography
Block Cipher Modes - Electronic Codebook Mode - Cipher Block Chaining Mode - Output Feedback Mode - Cipher Feedback Mode - Counter Mode - ChaCha20 - Padding Oracle Attack - Hash Functions - Message Authenticity & Integrity - HMAC & KMAC - AEAD Ciphers - Performance Comparisons Lab - Message encryption/decryption

Cryptography in Action
Asymmetric Cryptography - RSA Operation - RSA and Diffie Hellman Key Exchange - Elliptic Curve DH - Key Derivation Function - Signatures - RSA Signature - PKCS #1 RSA Key - ECDSA and EdDSA Signatures - Attestation with Signatures - Certificate Signing and Verification - Trusted Domain - Certificate Revocation - Software Provisioning - OpenSSL Commands - PKCS Standards - Lab - Installing and using certificates 

Secure Embedded System Software Architecture
Secure software architecture goals - Traditional guiding principles - Least privilege, trust and secure processes - Side channel & timing attacks - Double HMAC - Security though solation - Cortex-M Modes and Privilege - TrustZone-M - Arm Platform Security Architecture (PSA) - Trusted Boot and Firmware Update - PSA Firmware Framework - PSA APIs - Trusted Firmware-M and -A - Lab – Performing a side-channel timing attack

Day 3
Kernel Security
Kernel and CVE - Kernel hardening - Kernel security features - Extra: SoC security features implementation
Practicals: Test the security status of a kernel using CVE checking and the kconfig-hardened-check script. Use module signing to prevent the loading of a malicious kernel module. If you have time, experiment with the LoadPin LSM to prevent module loading from unauthorised locations.  

Access Control Models and Mechanisms
Access Control (Discretionary, Mandatory) - LSM and MAC in Linux (SMACK,SELinux)
Practicals: First we will use a custom SMACK policy rule to limit access to a file. We next explore how certain SELinux policy rules can be tuned with Boolean values. Finally we extend a targeted policy by building a custom SELinux policy to control accesses for a new application. If you have time, other SELinux exceptions can be found and resolved. 

Platform Security
Secure & measured boot - Trusted execution environments (Trustzone) - Trusted execution environments (OP-TEE) - Arm Trusted Firmware (TF-A) - U-boot hardening configurations
Practicals: Looking at the OP-TEE build system, modify an existing TA to decrement a counter and run it on the QEMU emulator.

Day 4
Filesystem Integrity and Updates
Linux Filesystem Integrity Checks – IMA, EVM - Integrity and encryption for block devices (dm-verity, dm-integrity, dm-crypt) - Integrity and encryption for filesystems (fs-verity, fscrypt) - OTA update frameworks
Practical: Experiment with fscrypt to encrypt data on a Linux filesystem. Use fs-verity to detect changes to a file.  

Network and Transport Layer Security
Secure communications - Zero Trust Architecture - Network layers - Netcat and remote shells - Port monitoring and firewalls - Transport Layer - IoT Protocol Stacks - MQTT - Secure Socket Layer - Transport Layer Security(TLS) - TLS Cipher Suites - Starting TLS 1.2 Session - TLS 1.3 Handshake - TLS Record Protocol - TLS in C/C++ Applications - SSL/TLS & Security - TLS Recommendations - VPN – using TLS, IPsec & Wireguard - MACSec - Wireless Local Area Networks - Wi-Fi Handshaking - Wi-Fi Security Threats - Wi-Fi Protocols - Lab – Configuring TLS sockets for secure communications

Secure Embedded System Hardware Architecture
Security Requirements - Unique ID - Secure Storage - Secure Storage Lifetime - Random Number Generators - Hardware Crypto Engine - Hardware Root-of-Trust - Attestation - Secure boot and update - Memory Isolation and Protection - TrustZone SAU and IDAU - Other HW Recommendations - Secure Elements - Trusted Platform Module (TPM) - Integrated Hardware Security Module (HSM) - Physical Unclonable Function (PUF) - Secure MCU Architecture - Crypto API & HW Offload - Secure Channel Protocol (SCP03) 

Standards, Testing and Provisioning
Standards and Regulations - EU Cyber Resilience Act (CRA) - Security Regulation Compliance - ETSI EN 303 645 - Other Security Standards - SBOM Requirements - SESIP – EN 17927 - PSA Certified - Security Testing Approaches - Unit Tests - Yocto ptest - Security Testing Tools - Penetration Testing - Disassembly - Protocol Fuzzing - Side Channel Power Analysis - Secure Provisioning Process