Thanks for taking the time to visit Doulos at this year's conference
This page has brought together a range of Doulos courses and FREE webinars and tutorials for you. Enjoy!
Staff of IoTSF Member companies are eligible for a 10% Discount on any embedded security course. Please enquire by December 31st 2023 to qualify.
In this webinar we explain (in as few words as possible) what a Software Bill Of Materials (SBOM) is and why we need to know about them in embedded systems development.
The Webinar covers:
We also take a look at what our webinar partner, Toradex, does regarding SBOMs and Common Vulnerabilities and Exposures reports, and how they are helping companies to comply with upcoming cyber-security regulations (including the implementation of traceability and integrity guarantees on their Torizon OS).Security vulnerabilities resulting from software defects have been studied extensively. The MITRE corporation's list of Common Vulnerabilities and Exposures (CVE) is widely used and has been maintained for almost 20 years! It turns out that weak security is often a direct result of using software language constructs and coding styles that could have been avoided. The problem is that many software developers are not aware of potential insecure features lurking in their code!
Secure coding standards provide guidelines and rules to prevent common security vulnerabilities. Manual checking for coding standard compliance is tedious and error-prone. Static analysis tools can automate the process while also detecting violations that might be missed by other testing approaches.
This webinar highlights rules from the CERT C and MISRA C coding standards that are appropriate for a small embedded system. It will demonstrate how the Perforce Klocwork static analysis tool can apply these rules to identify and fix security vulnerabilities in a typical embedded application, written in C and running under a real-time operating system.
C is the most widely used programming language for embedded application. Although a powerful language, it is widely understood this this power has the downside that unsafe, insecure and unreliable code is all to easy to write. A good solution is to develop code that is compliant with an appropriate set of guidelines that help avoid the pitfalls.
MISRA C and CERT C are two examples of such guidelines.
In this webinar, these two standards are introduced, compared and contrasted, so you have opportunity to make an informed choice for your specific project. Each of the two standards has some excellent characteristics, but every embedded project is different; one size does not fit all!
News items about security vulnerabilities in IoT devices are alarmingly common! Security should be a key objective during the development of every connected embedded device but sadly, that is often not the case. Today, there are numerous security standards and frameworks that could provide guidance but developers are often unsure which ones to follow. Future regulations are likely to require products to be certified against an emerging set of IoT security standards but how should developers get started?
This webinar explores the range of IoT Security Standards, common features, requirements and introduces the concept of security evaluation for IoT platforms, including its applicability with the use case from NXP LPC55Sxx MCU.
Dr David Long, Doulos Principal Member Technical Staff, presents the IoTST Security Tutorial which provides an overview of open-source and free tools that are suitable to use for security testing of IoT edge devices based on a Cortex-M processor.
Dr David Long, Doulos Principal Member Technical Staff, looks at how to get started on a "small embedded" system built around a microcontroller and firmware running "Bare Metal" or with a Real Time Operating System (RTOS).
In this talk we look at how we can protect our embedded Linux systems by running potentially vulnerable applications (e.g. those that require user input or open files) with system call filtering in place.
The kernel’s Seccomp feature and the corresponding user space LibSeccomp library can be used to limit and control the system calls a process can make. If the application is compromised in some way and attempts to do something undesirable it can be stopped in its tracks!
We will look at how to do this directly by launching application as a child process. We’ll also see how these filters can be put in place at a system level using SystemD or in an isolated execution environment using (for example) LXC containers.
This talk extends an earlier short presentation “Confining Linux Applications with LibSeccomp” which was presented at the IoT Security Foundation 8th Annual Conference in October 2022.
*Please quote "IoTSF member" in the webform comments field or other communications.
Understanding and managing all aspects of system security design in the ‘well connected world’ is of fundamental concern. For many developers and manufacturers, and particularly those that previously didn’t need to consider security in product design, this will require changes in how they bring products to the marketplace and also manage them once there. The highly experienced Doulos team have the knowledge and skills, gained from the international semiconductor industry, to deliver the right training and support for you and your organization.
Doulos training is unique in that it includes extensive hands-on labs covering all aspects of the design process. Doulos delegates therefore benefit from a complete learning experience which enables them to test, troubleshoot and consolidate their knowledge before returning to their design teams.
Complete an enquiry form and a Doulos representative will get back to you.
Enquiry FormPrice on request