Embedded Security

Learn basics of secure embedded development using a step-by-step approach, with examples using the Yocto Project.

Audience : Embedded developers, system architects and project managers developing embedded systems using Linux with the Yocto Project.

Course objectives :

• Learn best practices for embedded systems design
• Understand the CVE (Common Vulnerabilities and Exposures) system and related databases, know how to use them with YP ; Understand their limitations
• Understand the SBOM (Software Bill of Materials) generation and usage
• Learn basic methods of hardening an embedded Linux distribution based on the Yocto Project
• Know main methods of hardening the build system with GCC
• Know main methods of hardening the Linux kernel
• Manage permissions in a system, create additional users and launch processes as specific users
• Gain a critical regard of configuration and development practices in regard to security practices of embedded system
• Know how to use tools inside and outside the system to audit security of an embedded distribution
• Be able to choose layers and packages with security principles in mind
• Be able to propose improvements of security practices and argument about them

Duration : 5 days

Format :

• Online with instructor-led lectures and question-and-answer sessions (at fixed time, two or three sessions per day)
• Remote lab (build and qemu images) using a prepared environment for each participant during the session and one week afterwards ; with a possibility to download a copy of the environment for further learning
• Practical assignments for topic covered
• Instant messaging with the instructor, teaching assistants and other participants
• Example layers, scripts and solutions for each exercise
• Replays of all instructor-lead sessions

Languages : training materials in English. Instructions available in English and French.

Pre-requirements

• Basic knowledge of the Yocto Project : building an image, modifying a recipe with a .bbappend file, running an image with qemu
• Basic knowledge of Unix/Linux systems : participants should be able to perform basic operations using the command line : modifying, copying and moving files, accessing remote systems using ssh, troubleshooting
• Basic programming skills on at least one of the programming languages used by the YP : Python (recommended), shell etc

Required equipment :

• A computer with Internet access allowing SSH and videoconferencing (Jitsi)
• A camera (recommended) and a microphone for videoconferences

Marta Rybczynska Author

About the instructor

• Enrollment in this course closed on 08/31/2024.