Global training solutions for engineers creating the world's electronics

Using Free Tools to Test the Security of a Small Embedded System

A Doulos Tutorial presented at the IoT Security Foundation Virtual Conference 2020

Dr David Long - Doulos Principal Member Technical Staff 

Security is an increasing concern for developers of many small embedded applications such as IoT Edge devices. Unfortunately the choice of tools suitable for testing security on such systems is limited. This is quite different to web-based, desktop and even embedded Linux application developers who are able to select security tools from a wide range of commercial and open-source providers, such as those included in the popular Kali Linux distribution.

This tutorial provides an overview of open-source and free tools that are suitable to use for security testing of IoT edge devices based on a Cortex-M processor. It considers how and where these tools may be used within the security testing process. Examples include the use of the NSA’s Ghidra software reverse engineering tools and tools based on the open-source Unicorn emulator. We will also discuss the steps required to perform fuzz testing on some example code for a Cortex-M processor using AFL-Unicorn, GDB, GEF and python scripts, together with hints and tips that will be useful for anyone in the audience who wishes to try this for themselves.

Click here to download this presentation sheet in PDF format. In exchange, we will ask you to enter some personal details. To read about how we use your details, click here. On the registration form, you will be asked whether you want us to send you further information concerning other Doulos products and services in the subject area concerned.