DUBLIN–(BUSINESS WIRE)–The “3-Day
Training: Embedded Security for Automotive” training has been
added to ResearchAndMarkets.com’s offering.
Modern cars are digital devices, controlled with multiple ECUs and
millions of lines of software code. They are the frontline of modern
embedded device development. With respect to unique safety requirements
and rapid development of V2x communications, automotive security
benefits from the expertise of other embedded applications.
The Embedded Security for Automotive is brought to you by embedded
device security veterans, with years of expertise in securing payment
and content protection application. In this training you will look at an
automotive solution from an attacker’s perspective. You will learn how
ECUs can be hacked, and identify ways to apply this knowledge to your
product and make it more robust. As a result, you will obtain the
expertise to make effective security-related decisions throughout the
entire development lifecycle of a vehicle electronic system.
Key Learning Objectives
The goal of the three day interactive training is to gain an overview of
in vehicle security with focus on critical systems. In the training your
team gains a solid technical grasp of the fundamentals of security
engineering, and how they relate to typical sub-components presented on
an embedded system, and the functionality of an embedded system.
Next, we look at the automotive target from the perspective of an
attacker who aims to compromise the systems assets, gaining runtime
control and or retrieving sensitive data, etc. You will obtain new skill
sets for identifying these assets, determine the most likely attack
paths an attacker will use and refine this attack path in order to
discover tooling available to an attacker used to compromise the system.
During the training we discuss why implementation attacks are a threat
to the security of protocols and cryptographic algorithms, MISRA-C
coding guidelines, side channel analysis and fault injection attacks.
Finally, we discuss system defense strategies which are the most
sophisticated and complex view of an embedded system. Creating a defense
strategy requires not only the understanding of how a system works or
how an attacker would compromise an asset, but also to have the ability
to prioritize defense according to risk, time, cost, surface, etc.
Knowledge of basic computer science concepts. More importantly an open
mind and willingness to learn!
Please bring your computer or laptop & power brick
Make sure you have ~10GB free disk space (otherwise the VM we will be
using may not fit)
Please install VirtualBox (latest version) in your machine, as well as
install the VirtualBox extensions.
If you want, you can bring your preferred note-taking tool (e.g.
paper notebook) besides your laptop. Handouts will be provided for
exercises that require taking notes.
Time: 9.00am – 6.00pm
DAY 1: Fundamentals
Part 1: Fundamentals of security engineering
- Recognize security assets in a given Target of Evaluation (TOE)
- Systematically find attack paths: attack trees
- Profile the attackers
- Rate attacks and prioritize attack paths
- Common defense methods (built-in vs built-on security)
Part 2: An introduction to Embedded Systems
- Identify the relevance of a component for security
- Develop a basic understanding of PCB layout
- Tools used to interact with the target device
- Memories: An interlude
- Attacker perspective: assumptions and specifications
DAY 2: Attacks on modern embedded systems
- Model the attack surface of the Riscurino* board
- Retrieve assets from the TOE: dumping the MCU non-volatile memory
- Implementation attacks and Misra-C guidelines
- Side channel attacks – retrieve keys from crypto algorithm
- Use the JIL system to rate attacks
- Use FI to bypass the UDS security access
DAY 3: Defense plan and implementation security
- Evaluate the required security principles and concepts
- Hardening electronic systems against: physical, implementation, SCA
and FI attacks
Case study: the JEEP hack:
- Create the attack tree to retrieve assets
- Prioritizing attacks paths
- Hardening the ECU against modern threats
- Use SDLC methodology to maintain the security of a system
For more information about this training visit https://www.researchandmarkets.com/research/ftphbr/3day_training?w=4
Laura Wood, Senior Press Manager
E.S.T Office Hours Call 1-917-300-0470
For U.S./CAN Toll Free Call
For GMT Office Hours Call +353-1-416-8900
Development and Training, IT
Thank you for donating to DutchNews.nl.
We could not provide the Dutch News service, and keep it free of charge, without the generous support of our readers. Your donations allow us to report on issues you tell us matter, and provide you with a summary of the most important Dutch news each day.Make a donation