- How To
Embedded Security Boot Camp
Barr Group's Embedded Security Boot Camp® is a week-long immersion into the unique challenges of designing and/or retrofitting security into embedded devices. This comprehensive training is a combination of three of our most popular security short courses and includes hands-on exercises. This intense (but fascinating and fun!) educational program has been thoughtfully developed to lead engineers through the steps of architecting and implementing secure smart products, including preventing electronics, firmware, network, and physical attacks using only the processing power and memory of resource-constrained embedded devices.
What You'll Learn
Everyone who attends the Embedded Security Boot Camp learns a ton, including:
- How to perform a threat assessment in light of attacker motivations and capability profiles
- How to perform a security analysis in light of available attack surfaces
- The 10 most common vulnerabilities (and the most effective defenses against them)
- A set of software development processes to detect and prevent security bugs
- How to secure data at rest and data in motion with encryption
- How to select a cryptographic protocol and how to manage keys securely
- Best practice mechanical and electrical security design techniques
- How to implement a secure bootloader and secure the firmware update process
- More than 40 practical tips for securing embedded devices
The public Embedded Security Boot Camp runs for 4-1/2 days and is broken up as follows:
Monday - Developing Secure Embedded Software (Part 1)
The development of security-hardened embedded software is a challenge. However, firmware can be secured by following best practice architectures, implementation techniques, and software development processes.
Tuesday - Developing Secure Embedded Software (Part 2)
This hands-on course continues to focus on reducing embedded software vulnerabilities through a mix of lectures and hands-on programming exercises.
Wednesday - Designing Security into Embedded Systems
Designing secure electronics and firmware requires an understanding of several areas, including software/hardware architecture, cryptography, and systems engineering. This course uses hands-on exercises and lectures to demonstrate the proper techniques to engineer security into embedded devices.
Thursday - Capstone Programming Project
Teams of 3-5 attendees will apply the security-oriented process and design techniques you've learned on a full-day project that is packed with learning opportunities and security considerations.
Friday (half-day) - Retrofitting Embedded Systems to Enhance Security
Many deployed embedded systems, particularly legacy medical devices, do not have adequate security measures. This course teaches practical techniques for increasing the security of deployed embedded systems.
Full outlines and other details for each of the courses on which the Embedded Security Boot Camp is based are available via these links:
- Developing Secure Embedded Software
- Designing Security into Embedded Systems
- Retrofitting Embedded Systems to Enhance Security
What You Get
At the Embedded Security Boot Camp you will receive:
- A development board with the following hardware features:
- STMicroelectronics ARM Cortex-M4 STM32F417IG Processor with Crypto Accelerator
- 16 Mbit SRAM
- 1 Gbyte MicroSD card
- Boot from user Flash, system memory or SRAM
- Both ISO/IEC 14443 type A and B smartcard support
- I2C compatible serial interface 64 Kbit EEPROM, MEMS and I/O expander
- IEEE 802.3-2002 compliant Ethernet connector
- Two CAN 2.0 A/B channels on the same DB connector
- RS-232 communication
- IrDA transceiver
- USB OTG (HS and FS) with Micro-AB connector
- Inductor motor control connector
- I2S Audio DAC, stereo audio jack for headset
- 3.2" 240x320 TFT color LCD with touch screen
- 4 color LEDs
- Camera module and extension connector for ST camera plug-in
- Joystick with 4-direction control and selector
- Reset, wakeup, tamper and user button
- RTC with backup battery
- Extension connector for daughterboard or wrapping board
- JTAG, SW and trace debug support
- Embedded ST-LINK/V2
- Five 5V power supply options: Power jack, USB FS connector, USB HS connector, ST-LINK/V2 or daughterboard
- All necessary cables for the development board
- A printed copy of all lecture slides
- A printed Exercise Manual with instructions for all programming exercises,
- A USB thumb drive containing:
- Source code starting points for the exercises,
- An electronic copy of the book Programming Embedded Systems with C and GNU Development Tools by Michael Barr and Anthony Massa,
- An electronic copy of the book Embedded C Coding Standard by Michael Barr,
- An electronic copy of the book Embedded Systems Dictionary by Jack Ganssle and Michael Barr,
- Datasheets and User's Manuals for all of the hardware and tools,
- A backup electronic copy of all lecture slides.
- Source code solutions for all of the exercises including the capstone project,
- A certificate of course completion, and
- A few other free trinkets.
Lunch is provided each of the first four days. All exercises are done using the ST target development board.
Typical attendees have from 4 to 20 years of embedded systems experience and an electrical engineering, computer science, computer engineering or similar degree. Some are looking to add security to existing embedded devices while others are beginning new designs and desire to incorporate security from the start. These well-tested lectures and exercises provide an easy-to-follow path through the material with deep dives on advanced best practices. And there's plenty of even deeper information on the thumb drive to explore after you leave.
Alternative: Embedded Security Training in a Box
Do you really want to learn this stuff but can't afford the registration fee or time away for a full-week in person training course? Perhaps our Embedded Security Training in a Box kit is right for you. The kit includes the board and books and other training materials and is based on the same programming exercises.
Of course, the Embedded Security Training in a Box lacks the sense of urgency and excitement that stems from live lectures as well as a "Drill Instructor" to answer your questions and keep you motivated and moving forward through the exercises.