Length: 2 Days
Print Friendly, PDF & Email

Embedded Software Security Training

As more and more functionality is embedded into smaller and smaller device footprints, security concerns rise.

Often new features crowd out basic security concerns as vendors pack more and more functionality into the package with very little overall systems engineering, and only cursory security testing – especially given the growth of the Internet of Things. The speed of development of this area has often lead to a backwardness in the security features.

An important consideration for embedded systems engineers to remember is that providing embedded software security involves more than the problem of protecting data.

Data protection is important – especially to organizations that store personal data – but interfaces also need protection from cyber abuses. Experts in this field recommend developers establish an embedded security policy.

Along with better security safeguards in software development, the experts recommend knowing your system’s meantime to compromise (MTTC).

MTTC can be defined as the average time it takes an attacker to breach, or gain access, to the system and obtain the desired assets. Those assets could be data, or they could the system’s firmware or the ability to remotely control the device.

Cybersecurity professionals advise to make the MTTC large enough that potential attackers decide that the time and resources required to breach the system are not worth the payout, and therefore their time and effort.

Having backup security measures is also a good idea. Quite a bit of effort can be used to try to maximize a system’s MTTC, but embedded systems, especially IoT connected systems, face an interesting challenge. They may be connected to the internet indefinitely, which means that even if the MTTC is very large, say three years, a system may still be vulnerable because it could be in use for a decade or more and can be attacked 24/7 using automation.

So how do you proceed? In order to try and keep the MTTC for connected devices reasonable, it may make sense to have secondary security measures in place, as is often done for physical security.

Given both the current ubiquity of embedded systems and their expected explosive growth, the cybersecurity risk is serious and growing. Security assumptions that sufficed when embedded systems were uncommon novelties no longer are relevant.

Embedded Software Security Training by Tonex

Embedded Software Security Training is a 2-day training program. It explore the foundations of embedded software security. The participants will learn the important embedded software vulnerabilities and attacks that exploit them. Defenses that prevent or mitigate embedded software attacks, including self-contained cryptography, key-management, crypto-based system or device, advanced software testing, program analysis techniques. Learn about techniques to strengthen the security of software systems including secure embedded C/C++ and Java development.

Embedded Software Security Training

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.