Length: 2 Days
Print Friendly, PDF & Email

Advanced Embedded Systems Cybersecurity

Embedded systems cybersecurity is necessary because each of the components of embedded system architecture creates an attack surface, from the firmware and embedded operating system (OS) to middleware and user applications.

While embedded systems are on the rise, so are cybersecurity concerns.

The embedded system OS, a foundational piece of embedded systems security, plays the leading role as the backbone of security for an embedded system.

As the technology paves the way for the future of smart manufacturing across a range of industries, microcontrollers — the hardware at the center of embedded systems — are improving quickly, allowing for better machine control and monitoring.

But embedded systems cybersecurity issues have never been more prominent. Security is an important issue because of the roles of embedded systems in many mission and safety-critical systems.

Attacks on cyber systems are proved to cause physical damages. Although many approaches have been proposed in the past to secure embedded systems, various facts such as deployment scale, resource limitations, the difficulty of physical protection, and cost consideration all make it very challenging to secure them, particularly for devices with remote control, maintenance and operation functions.

Threats are described in terms of an attack vector (how the attack is perpetrated on the device) and the vulnerability it exploits (the weakness or fault in the hardware or software that allows the attack to exploit the device).

To improve cybersecurity in embedded systems, analysts recommend incorporating appropriately partitioned hardware resources, segregating  processors, cache, memory and network interfaces. This practice helps prove their functions as independently as possible. It also prevents an error in one component propagating to other components.

Executable space protection is another important safeguard. Executable space protection is the practice of marking certain memory regions as non-executable. If someone attempts to execute any code within these marked regions, an exception is thrown.

Two types of security apply to embedded systems: physical security and software security.

Physical security, such as locked doors and surveillance cameras, keeps an unauthorized person present on location from accessing an embedded system, physically damaging it or stealing it.

Physical security limits access to sensitive areas and equipment. Physical security may also include attributes of a device itself, including immutable memory technology, such as eFuses to store secure bootloader keys, tamper-resistant memory, protected key stores and security enclaves to protect sensitive code and data.

Software security manages and responds to malicious behavior happening in the system, both during the initialization process and during run time. Software security features include authentication of a device to a network, firewalling network traffic and stringent hardening of system software to name a few.

Advanced Embedded Systems Cybersecurity Course by Tonex

Advanced Embedded Systems Cybersecurity is a 2-day training course workshop. This course will provide a unique learning to explore vulnerabilities in embedded systems that are commonly exploited. Participants will learn about key concepts, techniques, tools, risk assessment and management and strategies for integrating cybersecurity mitigation  and measures into products and systems. Learn the best practices to integrate cybersecurity  into ConOps, requirements, architecture &  design, implementation, verification & validation, and operations &  maintenance processes. Risk Management Framework (RMF) is used during this training. We will apply RMF to embedded systems. Participants will learn how to translate from RMF to Cybersecurity engineering requirements and embedded systems.

Learn how to manage risks by mitigating the threats to acceptable level by a simple easy to understand, embedded system example. We will show you tools for Deriving Security Functional Requirements Traceable to Controls used in RMF.

Who Should Attend

This course is designed for engineers, application developers, system designers, embedded system programmers, technical project and product managers and cybersecurity professionals using embedded systems.

What You Will Learn

  • Advanced cybersecurity and threats applied to embedded systems
  • Embedded systems cybersecurity engineering
  • Risk Management Framework (RMF) for embedded systems cybersecurity assessments and control
  • Integrating security into the your systems engineering processes
  • Deriving embedded systems security functional requirements traceable to controls
  • Offensive Hacking/exploitation techniques, tools, and embedded systems vulnerabilities
  • Embedded systems defensive technologies
  • Wireless connectivity vulnerabilities and embedded systems
  • Embedded application, software, RTOS, firmware and hardware analysis
  • Secure embedded systems software/firmware  practices
  • Embedded systems reverse engineering

Course modules/topics

  • Advanced Cybersecurity Engineering
  • Embedded Systems Cybersecurity
  • Embedded Systems Assets, Vulnerabilities and Threats
  • RMF and Security Control Strategies for Embedded Systems Risk Mitigating
  • RMF to Cybersecurity Engineering Requirements
  • Security Requirements Decomposition
  • Embedded Systems Cybersecurity Test and Evaluation (T&E)
  • RMF Workshop for a Simple Embedded System

Workshop

  • The changing landscape of healthcare cybersecurity
  • The relationship between security and safety risks
  • Evaluation of Risk to Essential Embedded Systems Performance
  • Management of Cybersecurity in Embedded Systems Guidance
  • Cyber physical assurance framework
  • Defense in depth philosophy for embedded system secure product lifecycle
  • Managing safety and security risk convergence

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.