Embedded Security – September 2024

Learn basics of secure embedded development using a step-by-step approach, with examples using the Yocto Project.

Course Information

Audience : Embedded developers, system architects and project managers developing embedded systems using Linux with the Yocto Project.

Course objectives :

  • Learn best practices for embedded systems design
  • Understand the CVE (Common Vulnerabilities and Exposures) system and related databases, know how to use them with YP ; Understand their limitations
  • Understand the SBOM (Software Bill of Materials) generation and usage
  • Learn basic methods of hardening an embedded Linux distribution based on the Yocto Project
  • Know main methods of hardening the build system with GCC
  • Know main methods of hardening the Linux kernel
  • Manage permissions in a system, create additional users and launch processes as specific users
  • Gain a critical regard of configuration and development practices in regard to security practices of embedded system
  • Know how to use tools inside and outside the system to audit security of an embedded distribution
  • Be able to choose layers and packages with security principles in mind
  • Be able to propose improvements of security practices and argument about them

Duration : 5 days

Format :

  • Online with instructor-led lectures and question-and-answer sessions (at fixed time, two or three sessions per day)
  • Remote lab (build and qemu images) using a prepared environment for each participant during the session and one week afterwards ; with a possibility to download a copy of the environment for further learning
  • Practical assignments for topic covered
  • Instant messaging with the instructor, teaching assistants and other participants
  • Example layers, scripts and solutions for each exercise
  • Replays of all instructor-lead sessions

Languages : training materials in English. Instructions available in English and French.

Pre-requirements

  • Basic knowledge of the Yocto Project : building an image, modifying a recipe with a .bbappend file, running an image with qemu
  • Basic knowledge of Unix/Linux systems : participants should be able to perform basic operations using the command line : modifying, copying and moving files, accessing remote systems using ssh, troubleshooting
  • Basic programming skills on at least one of the programming languages used by the YP : Python (recommended), shell etc

Required equipment :

  • A computer with Internet access allowing SSH and videoconferencing (Jitsi)
  • A camera (recommended) and a microphone for videoconferences
Marta Rybczynska Marta Rybczynska Author

About the instructor

  • Enrollment in this course closed on 08/31/2024.