+ +
- -
Online Training
 
Calendar  Details
Operating Systems
 
Calendar  Details
Programming
Calendar  Details
Processors
 
Calendar  Details
Communication
 
 
 
Calendar  Details
+ +
> >
- -

 
ac6 >> ac6-training >> Online Training >> Embedded security >> Writing Secure C/C++ code Download Catalog Download as PDF Write us Printable version

oSEC1 Writing Secure C/C++ code

This is a Live Online Training

formateur
Objectives
  • Learn how to verify programs are in a secure state on startup and when calling out to other program
  • Become familiar with MISRA C guidelines for the use of the C language in critical systems
  • Lean ways to use C/C++ safely in critical systems
  • Learn how to interpret the output of the MISRA C 2012 checking tool
  • how to manipulate files and directories in a secure manner
  • Discover how to protect your programs from malicious user input
  • How to secure communication with TLS
  • Embedded system hardware features for security
  • Secure Software Development methodology and framework
Prerequisites
  • Some programming concepts are desirable (whatever language)
Course environment
  • Theoretical course
    • PDF course material (in English)
    • Course dispensed using the Teams video-conferencing system
    • The trainer to answer trainees’ questions during the training and provide technical and pedagogical assistance through the Teams video-conferencing system
  • Practical activities
    • Practical activities represent from 40% to 50% of course duration
    • One Online Linux PC per trainee for the practical activities
    • The trainer has access to trainees’ Online PCs for technical and pedagogical assistance
  • Downloadable preconfigured virtual machine for post-course practical activities
Duration
  • Total: 18 hours
  • 3 sessions, 6 hours each
  • From 40% to 50% of training time is devoted to practical activities
  • Some Labs may be completed between sessions and are checked by the trainer on the next session

First Session
Introduction to Embedded Security
  • Embedded Security Trends
    • Embedded Systems Complexity
    • Sophisticated Attacks
    • Processor Consolidation
  • Security Policies
    • Perfect Security ?
    • Embedded Security Challenges
    • Confidentiality, Integrity and Availability
    • Isolation
    • Information Flow Control
    • Physical Security Policies
  • Security Threats
    • Summary of issues
    • Cyberattack exploits
  • Legacy Systems
    • Updatability
    • Securing Legacy Systems
    • Project Requirements
    • Performance ?
  • Security standards
Secure C/C++ Code
  • Preprocessor and macros
  • Compilation, Declaration, definition and initialization
  • Types
  • Pointers and arrays
  • Structure and unions
  • Expressions
  • Conditional and iterative structures
  • Functions
  • Memory Management
  • Error handling
  • Standard Libraries
  • Code analysis
  • C++ Security overview
Exercise:  Debugging memory problems
Second Session
Secure Coding
  • Coding Standards
  • Case Study: MISRA C:2012 and MISRA C++:2008
  • Embedded C++
  • Complexity Control
  • Static Source Code Analysis
  • Creating a Tailored Organizational Embedded Coding Standard
  • Dynamic Code Analysis
Cryptography Overview
  • Cryptographic Modes
  • Block Ciphers
  • Authenticated Encryption
  • Public Key Cryptography
  • Key Agreement
  • Public Key Authentication
  • Elliptic Curve Cryptography
  • Cryptographic Hashes
  • Message Authentication Codes
  • Random Number Generation
  • Key Management for Embedded Systems
Exercise:  Memory Overflow Attacks
Third Session
Transport Layer Security
  • Cyber Attacks
  • TLS/SSL History and Protocol Details
  • SSL_TLS Protocol Level Vulnerabilities
  • IoT Protocols
Secure Embedded System Software Architecture
  • Secure software architecture goals
  • Least privilege, trust and secure processes
  • Arm Platform Security Architecture (PSA)
Exercise:  Privileged and Unprivileged access
Secure Embedded System Hardware Architecture
  • Crypto-Accelerator Overview
  • Arm TrustZone
  • Secure boot and update
  • Hardware options for security
Exercise:  TrustZone implementation example