Saturday 24 February 2018

Developing & Delivering KnowHow

Home > Training > Comprehensive Embedded Linux Security

Secure EmbeddedComprehensive Embedded Linux Security

Standard Level - 5 days

view dates and locations

Linux is being used in an increasing number of embedded devices including smart building and energy devices, set-top-boxes, automotive in-vehicle infotainment, WiFi routers and home gateways, smart meters, industrial monitoring equipment and even domestic white goods.

Increasingly these devices are being connected to networks and this can leave them vulnerable to remote attacks that can result in brand damage, financial liabilities, product returns and even safety issues.

“Hardening” Linux systems to make them more resistant to attack is possible and is something that should be performed for every connected product.

This course covers three aspects of system hardening:

  • Hardening the Linux operating system itself
  • Protecting applications running under Linux
  • Running applications in sandboxes - more detail on a specialised approach to protecting systems and the applications running on them


Practical workshops
comprise approximately 50% of class time and are based around carefully designed hands-on exercises to reinforce learning. Doulos is an independent company, enabling delegates to receive the benefit of objective tuition while learning in the context of their chosen tool chain.

For on-site or team training the following courses can be provided in 3-day format focussed on specific application requirement. For custom requirements a specific agenda comprising or combining content from any of the courses listed can be developed in liaison with a technical lead from the customer:


For more information or to discuss your specific requirements, please contact the Doulos team.

Who should attend?

This course is designed for embedded systems developers who need to determine and secure the vulnerabilities in their system design. The course focuses on the capabilities and features that Linux provides to protect against security attacks and their application.

What will you learn?

The course blends the presentation of content reinforced by hands-on practical sessions. Using a real world example, course participants will learn by practise how to increase security in their system through a step-by-step and progressive process. This is achieved by content focussed on:

  • Understanding security requirements and what needs to be protected
  • Analysing the system and software architecture with respect to security
  • Understanding how systems are attacked
  • Hardening the software environment to resist commonly used attacks
  • Restricting access to and from the network
  • Protecting sensitive data on the filesystem

Pre-requisites

This is a technical training course aimed at engineers, so a basic level of knowledge in the following is required:

  • Linux kernel configuration
  • Linux/Unix command line


Sufficient training in Embedded Linux for this purpose is encompassed in the Doulos course Developing with Embedded Linux class, which is available as scheduled face-to-face, live online training or onsite team training.

Please contact Doulos directly to discuss and assess your specific experience against the pre-requisites.

Training materials

Doulos training materials are renowned for being the most comprehensive and user friendly available. Their style, content and coverage is unique in the embedded systems training world, and has made them sought after resources in their own right. The materials include:

  • Fully indexed class notes creating a complete reference manual
  • A USB stick including a Linux VM containing practical examples and solutions to help you apply your knowledge

Structure and Content

Day 1

Security fundamentals

What is security and why is it necessary? • Security concepts and terminology • Attackers : the who and why • Security guiding principles

The Secure Software Development Lifecycle

What is a secure software security lifecycle? • The SSDL process : Architecture and design • Attack surface reduction • The threat modeling process • Security assessment • Practicals: Creating a threat model • Defining security requirements

Common attacks and mitigations

How embedded systems are attacked • Fundamental system software vulnerabilities • Application level attacks • Attacks against the system • Practical: Common attacks and protecting against them

Day 2

Booting a Linux System

The bootloader • Debug and trace • Building a chain of trust • The Linux Kernel interface • Example boot scenarios and fast boot • Hibernation and security • Practical: Signing and verifying code

Linux Kernel Security

Introduction to Linux Kernel Security • Hardening the kernel • Kernel modules • Crypto subsystem and key management • Random Number Generation • Practical: Adding a security patch to a standard kernel

Day 3

Securing the runtime environment

Dynamic loading • The Linux Dynamic Linker • Limiting resources • Practical: Dynamic linking

Information security

Data at rest and in use • Linux filesystems • Restrictions on Linux software • Advanced filesystem control • Extended Attributes and Access Control Lists • Confidentiality, Integrity and Authenticity • Caching and security • Overview of SoC hardware security features

Application partitioning

Access models • The Unix security model • Process privileges and capabilities • Process resources and execution • Securing inter-process communication • Sandboxes • Practical: Implementing an LXC sandbox

Day 4

Linux Security Modules

Introduction to LSMs • Overview of LSMs • Access Control Mechanisms • SELinux LSM • Practical: adding LSM hardening to an LXC sandbox

Security testing and release control

Testing and the Secure Software Development Lifecycle • Release management • Test tools • Practical: basic penetration testing

Day 5

Developing and building secure software

Writing secure software • The secure software developer • Coding conventions and standards • Working with sensitive data and algorithms • Code review and test • Choice of programming language

Open Source Software

What is Open Source Software? • Why is Open Source Software used? • What are the disadvantages of Open Source Software? • The GNU Public Licenses • How to use OSS in commercial code • OSS security vulnerability disclosures • Your OSS policy • Practical: Common software attacks and protecting against them (2)

Network security

Introduction • The Internet Protocol suite • Protection for IP stack layers • Network domains, firewalls and port forwarding • Wireless security • Other digital connectivity threats • Data in motion • Practical: Port scanning, implementing a firewall


The course can also be tailored to suit your particular hardware and software environment. Please contact Doulos to discuss your specific requirements.


Looking for team-based training, or other locations?

Complete an on-line form and a Doulos representative will get back to you »

Price on request


Back to top