Writing Secure C/C++ code
3 days
Online training
Request more information
Lena Bernhardsson – SE, DK, NO
+46 (0) 40 59 22 09
lena.bernhardsson@nohau.se
Heidi Lehtomäki – Finland
phone: +358 40 196 0142
heidi.lehtomaki@nohau.fi
Klaus Ahrensbach – Denmark
Phone: +45 3116 1019
ka@nohau.dk
Security in Embedded Systems is important today and even more so in the future.
Learn ways to use C/C++ safely in critical systems and discover the Embedded system features for security. Secure embedded systems integrate numerous strategies and procedures to perfectly coordinate cybersecurity in the programming and equipment of embedded frameworks.
Security segments added to embedded systems can block the usefulness of a framework and affect the constant execution of the missions of the core systems. A secure embedded framework can use a security coprocessor to cryptographically guarantee the confidentiality and reliability of the framework while ensuring its usefulness.
Training format
• 3 days online training: 18 hours, 3 days, 6 hours each
• Course dispensed using the Teams video-conferencing system
• PDF course material (in English)
• Practical activities represent from 40% to 50% of course duration
Course Objectives
• Learn how to verify programs are in a secure state on startup and when calling out to other program
• Become familiar with MISRA C guidelines for the use of the C language in critical systems
• Learn ways to use C/C++ safely in critical systems
• Learn how to interpret the output of the MISRA C 2012 checking tool
• How to manipulate files and directories in a secure manner
• Discover how to protect your programs from malicious user input
• How to secure communication with TLS
• Embedded system hardware features for security
• Secure Software Development methodology and framework
Practical activities
– The trainer to answer trainees’ questions during the training and provide technical and pedagogical assistance through the Teams video-conferencing system
– One Online Linux PC per trainee for the practical activities
– The trainer has access to trainees’ Online PCs for technical and pedagogical assistance
– Some Labs may be completed between sessions and are checked by the trainer on the next session
– Downloadable preconfigured virtual machine for post-course practical activities
Introduction to embedded security
Embedded Security Trends
– Embedded Systems Complexity
– Network connectivity
– Reliance on Embedded Systems for Critical Infrastructure
– Processor consolidation
Security policies
– Perfect Security
– Confidentiality, Integrity, and Availability
– Isolation
– Information Flow Control
– Physical Security Policies
– Application-Specific Policies
Security Threats
Writing Secure C/C++ Code
– Safe use of pointers
– Memory allocation and corruption
– Buffer overflow
– Return Oriented Programming
– Core embedded Operating system Security Requirements
– String and format functions
– Integer security
– Concurrency
– File I/O
Exercise: Memory Overflow Attacks
Secure Coding
– Coding Standards
– Case Study: MISRA C:2012 and MISRA C++:2008
– Embedded C++
– Complexity Control
– Static Source Code Analysis
– Creating a Tailored – Organizational Embedded Coding Standard
– Dynamic Code Analysis
Exercise: Use of static analysis tools
Cryptography Overview
– Cryptographic Modes
– Block Ciphers
– Authenticated Encryption
– Public Key Cryptography
– Key Agreement
– Public Key Authentication
– Elliptic Curve Cryptography
– Cryptographic Hashes
– Message Authentication Codes
– Random Number Generation
– Key Management for Embedded Systems
Exercise: Memory Overflow Attacks
Transport Layer Security
– Secure communications
– Authentication
– IoT Protocols
– MQTT
– DTLS
– HTTPS
– CoAP
– TLS Implementation
– Wireless LAN Security and Threats
Exercise: Installing and using certificates
Exercise: Sending secure messages with TLS
Secure Embedded System Software Architecture
– Secure software architecture goals
– Least privilege, trust and secure processes
– Arm Platform Security Architecture (PSA)
Secure Embedded System Hardware Architecture
– Crypto-Accelerator Overview
– Arm TrustZone
– Secure boot and update
– Hardware options for security