oSEC1Secure C/C++ Development for Embedded Systems
Embedded Systems Security Essentials
|
Objectives
|
- Some programming concepts are desirable (whatever language)
- Theoretical course
- PDF course material (in English)
- Course dispensed using the Teams video-conferencing system
- The trainer to answer trainees’ questions during the training and provide technical and pedagogical assistance through the Teams video-conferencing system
- Practical activities
- Practical activities represent from 40% to 50% of course duration
- One Online Linux PC per trainee for the practical activities
- The trainer has access to trainees’ Online PCs for technical and pedagogical assistance
- Downloadable preconfigured virtual machine for post-course practical activities
- Total: 18 hours
- 3 sessions, 6 hours each
- From 40% to 50% of training time is devoted to practical activities
- Some Labs may be completed between sessions and are checked by the trainer on the next session
- Any embedded systems engineer or technician with the above prerequisites.
- The prerequisites indicated above are assessed before the training by the technical supervision of the traineein his company, or by the trainee himself in the exceptional case of an individual trainee.
- Trainee progress is assessed in two different ways, depending on the course:
- For courses lending themselves to practical exercises, the results of the exercises are checked by the trainer while, if necessary, helping trainees to carry them out by providing additional details.
- Quizzes are offered at the end of sections that do not include practical exercises to verifythat the trainees have assimilated the points presented
- At the end of the training, each trainee receives a certificate attesting that they have successfully completed the course.
- In the event of a problem, discovered during the course, due to a lack of prerequisites by the trainee a different or additional training is offered to them, generally to reinforce their prerequisites,in agreement with their company manager if applicable.
Course Outline
- Embedded Security Trends
- Embedded Systems Complexity
- Sophisticated Attacks
- Processor Consolidation
- Security Policies
- Perfect Security ?
- Embedded Security Challenges
- Confidentiality, Integrity and Availability
- Isolation
- Information Flow Control
- Physical Security Policies
- Security Threats
- Summary of issues
- Cyberattack exploits
- Legacy Systems
- Updatability
- Securing Legacy Systems
- Project Requirements
- Performance ?
- Security standards
- IoT recommended Security standards
- Secure C
- Preprocessor and macros
- Compilation, Declaration, definition, and initialization
- Types
- Pointers and arrays
- Structure and unions
- Expressions
- Conditional and iterative structures
- Functions
- Memory Management
- Error handling
- Standard Libraries
- Secure C++
- Declarations and Initialization
- Expressions
- Integers
- Containers
- Characters and Strings
- Memory Management
- Input Output
- Exceptions and Error Handling
- Object Oriented Programming
- Concurrency
- Miscellaneous
| Exercise: | Debugging memory problems | |
- Development environment
- Libraries
- Language generalities
- Memory management
- Type system
- Foreign function interface (FFI)
- Recommendations
- Threat modelling
- Introduction to threat modeling
- Example threat models
- Risk analysis
- Software Assurance Maturity Model (SAMM)
- Platform Security architecture (PSA)
- Frameworks and Standards
- Security Knowledge Framework and Certifications
- Introduction
- Security Testing
- Penetration testing
- Vulnerability scanning
- Risk assessment
- Static Analysis
- Dynamic analysis
- Protocol fuzzing
- Security provisioning
- Security configuration management
- Identity and access management
- Incident response and management
- Compliance and regulatory requirements
- Security Testing Tools overview
- Overview of cryptography
- Classic Cryptography
- Information assurance
- Symmetric encryption
- Asymmetric encryption
- Random number generation
- Integrity and authentication
- Access authentication
- Elliptic Curve cryptography
- Certificates and Public Key infrastructures
- Rules and recommendations
| Exercise: | Encryption/Decryption | |
| Exercise: | Private/Public Keys | |
| Exercise: | Authentication and Integrity on IoT Devices | |
- Crypto-Accelerator Overview
- ARM TrustZone
- Intel Software Guard eXtensions
- SoC Security overview
- Memory Protection
- Trusted Boot and Firmware update overview
- Secure Elements
- Trusted Platform Module (TPM)
- Hardware Security Module (HSM)
| Exercise: | Secure boot | |
| Exercise: | ARM TrustZone application (secure/non secure) | |
- Introduction
- Transport Layer Security (TLS)
- IPsec/IKE
- Network layer
- Secured IoT architecture
- IoT standard and recommendations
- Software development architecture and practices
- Cryptology
- Software security
- Hardware protection
- Network security
- Life cycle and support
More
To book a training session or for more information, please contact us on info@ac6-training.com.
Registrations are accepted till one week before the start date for scheduled classes. For late registrations, please consult us.
You can also fill and send us the registration form
This course can be provided either remotely, in our Paris training center or worldwide on your premises.
Scheduled classes are confirmed as soon as there is two confirmed bookings. Bookings are accepted until 1 week before the course start.
Last update of course schedule: 23 February 2026
Booking one of our trainings is subject to our General Terms of Sales
Related Courses
oC1
Effective MISRA C
oC2
MISRA Compliance for Project Managers
oSEC10
Cyber Resilience Act (CRA) Compliance for Embedded Systems
oSEC12
Comprehensive Secure Systems Programming
oSEC2
Advanced Embedded Systems Security
oSEC5
Embedded Security for STM32-based devices
oSEC6
Embedded Security for NXP i.MX-based processors
oSEC7
ARM TrustZone for Cortex-M based devices
oSEC8
Secured Embedded Linux Platform Build
oSEC9
Advanced Embedded Linux Security