Eran Bar-Lev
  Phone: 1-866-640-4754

Coming courses

More courses from
Testing of Embedded Software
Design of Device Drivers for Embedded Systems
Real-Time Operating Systems With VxWorks
Introduction to Real-Time Operating Systems
Safety Critical & High Availability Systems
Software Security for Embedded
Embedded Linux Basics
Real-Time Essentials
Embedded Solutions For Windows XP Embedded
Effective C++ in RT/Embedded Systems
Debugging Real-Time Software
Linux Embedded/RT and Drivers
Design of High Availability Systems & Software
Real-Time UML
RTOS Architecture and Effective C
Architectural Design of Real-Time Software
Real-Time Design Patterns
Design of Distributed and Multi-Core Systems & Software
Design of Safety-Critical Systems & Software
SecEmbed - Version: 1
Software Security for Embedded
2 days course
This course examines the activities and methods involved in systematically preventing security vulnerabilities in embedded and real-time software as it undergoes development. While areas such as secure network communication and data encryption are touched upon, the main focus of this course is on security vulnerabilities within application software. Most attacks on embedded devices exploit such application software vulnerabilities. The course begins with a discussion of the main concepts for secure coding of embedded systems software. Common security defects are studied in detail, including incomplete input validation, missing exception handling, buffer overflows and race conditions. Mitigation ideas are presented for many kinds of software vulnerabilities. Emphasis is placed on uniquely embedded security issues such as weaknesses in interfacing, multitasking and timing, rather than on general data processing security issues. The class continues with an examination of principles and approaches important in embedded software security, such as threat analysis, security requirements engineering, attack patterns, architectural design patterns for security, and secure coding reviews. Disciplined techniques and tools are presented to support these approaches. Participants are asked to do detailed exercises on many of the security issues presented, so that the concepts and methods taught are reinforced and absorbed into the participant's arsenal of embedded software development skills. This course is not a general course about software security, but rather it is highly focused on the security of embedded, time-constrained, resource-constrained software. Multitasking and real-time operating system ("RTOS") security issues will be emphasized if relevant for course participants.
This course is intended for practicing real-time and embedded systems software designers, developers, quality and security engineers who have responsibility for designing and implementing the software for secure embedded and real-time computer systems. Course participants are expected to have some background in software development for real-time and embedded systems. It would be helpful, although it is not required, for course participants to have some familiarity with at least one RTOS. [This knowledge can be gained at one of our introductory courses "Introduction to Embedded Systems and Software" or "Introduction to Real-Time Operating Systems".]
Skip Navigation Links.