| |
| |
Foreword | |
| |
| |
Preface | |
| |
| |
Acknowledgements | |
| |
| |
| |
Introduction to Embedded Systems Security | |
| |
| |
| |
What is Security? | |
| |
| |
| |
What is an Embedded System? | |
| |
| |
| |
Embedded Security Trends | |
| |
| |
| |
Embedded Systems Complexity | |
| |
| |
| |
Network Connectivity | |
| |
| |
| |
Reliance on Embedded Systems for Critical Infrastructure | |
| |
| |
| |
Sophisticated Attackers | |
| |
| |
| |
Processor Consolidation | |
| |
| |
| |
Security Policies | |
| |
| |
| |
Perfect Security | |
| |
| |
| |
Confidentiality, Integrity, and Availability | |
| |
| |
| |
Isolation | |
| |
| |
| |
Information Flow Control | |
| |
| |
| |
Physical Security Policies | |
| |
| |
| |
Apphcation-Specific Policies | |
| |
| |
| |
Security Threats | |
| |
| |
| |
Case Study: VxWorks Debug Port Vulnerability | |
| |
| |
| |
Wrap-up | |
| |
| |
| |
Key Points | |
| |
| |
| |
Bibliography and Notes | |
| |
| |
| |
Systems Software Considerations | |
| |
| |
| |
The Role of the Operating System | |
| |
| |
| |
Multiple Independent Levels of Security | |
| |
| |
| |
Information Flow | |
| |
| |
| |
Data Isolation | |
| |
| |
| |
Damage Limitation | |
| |
| |
| |
Periods Processing | |
| |
| |
| |
Always Invoked | |
| |
| |
| |
Tamper Proof | |
| |
| |
| |
Evaluable | |
| |
| |
| |
Microkernel versus Monolith | |
| |
| |
| |
Case Study: The Duqu Virus | |
| |
| |
| |
Core Embedded Operating System Security Requirements | |
| |
| |
| |
Memory Protection | |
| |
| |
| |
Virtual Memory | |
| |
| |
| |
Fault Recovery | |
| |
| |
| |
Guaranteed Resources | |
| |
| |
| |
Virtual Device Drivers | |
| |
| |
| |
Impact of Determinism | |
| |
| |
| |
Secure Scheduling | |
| |
| |
| |
Access Control and Capabilities | |
| |
| |
| |
Case Study: Secure Web Browser | |
| |
| |
| |
Granularity versus Simplicity of Access Controls | |
| |
| |
| |
Whitelists versus Blacklists | |
| |
| |
| |
Confused Deputy Problem | |
| |
| |
| |
Capabilities versus Access Control Lists | |
| |
| |
| |
Capability Confinement and Revocation | |
| |
| |
| |
Secure Design Using Capabilities | |
| |
| |
| |
Hypervisors and System Virtualization | |
| |
| |
| |
Introduction to System Virtualization | |
| |
| |
| |
Applications of System Virtualization | |
| |
| |
| |
Environment Sandboxing | |
| |
| |
| |
Virtual Security Appliances | |
| |
| |
| |
Hypervisor Architectures | |
| |
| |
| |
Paravirtualization | |
| |
| |
| |
Leveraging Hardware Assists for Virtualization | |
| |
| |
| |
Hypervisor Security | |
| |
| |
| |
I/O Virtualization | |
| |
| |
| |
The Need for Shared I/O | |
| |
| |
| |
Emulation | |
| |
| |
| |
Pass-through | |
| |
| |
| |
Shared IOMMU | |
| |
| |
| |
IOMMUs and Virtual Device Drivers | |
| |
| |
| |
Secure I/O Virtualization within Microkernels | |
| |
| |
| |
Remote Management | |
| |
| |
| |
Security Implications | |
| |
| |
| |
Assuring Integrity of the TCB | |
| |
| |
| |
Trusted Hardware and Supply Chain | |
| |
| |
| |
Secure Boot | |
| |
| |
| |
Static versus Dynamic Root of Trust | |
| |
| |
| |
Remote Attestation | |
| |
| |
| |
Key Points | |
| |
| |
| |
Bibliography and Notes | |
| |
| |
| |
Secure Embedded Software Development | |
| |
| |
| |
Introduction to PHASE-Principles of High-Assurance Software Engineering | |
| |
| |
| |
Minimal Implementation | |
| |
| |
| |
Component Architecture | |
| |
| |
| |
Runtime Componentization | |
| |
| |
| |
A Note on Processes versus Threads | |
| |
| |
| |
Least Privilege | |
| |
| |
| |
Secure Development Process | |
| |
| |
| |
Change Management | |
| |
| |
| |
Peer Reviews | |
| |
| |
| |
Development Tool Security | |
| |
| |
| |
Secure Coding | |
| |
| |
| |
Software Testing and Verification | |
| |
| |
| |
Development Process Efficiency | |
| |
| |
| |
Independent Expert Validation | |
| |
| |
| |
Common Criteria | |
| |
| |
| |
Case Study: Operating System Protection Profiles | |
| |
| |
| |
Case Study: HAWS-High-Assurance Web Server | |
| |
| |
| |
Minimal Implementation | |
| |
| |
| |
Component Architecture | |
| |
| |
| |
Least Privilege | |
| |
| |
| |
Secure Development Process | |
| |
| |
| |
Independent Expert Validation | |
| |
| |
| |
Model-Driven Design | |
| |
| |
| |
Introduction to MDD | |
| |
| |
| |
Executable Models | |
| |
| |
| |
Modeling Languages | |
| |
| |
| |
Types of MDD Platforms | |
| |
| |
| |
Case Study: A Digital Pathology Scanner | |
| |
| |
| |
Selecting an MDD Platform | |
| |
| |
| |
Using MDD in Safety-and Security-Critical Systems | |
| |
| |
| |
Key Points | |
| |
| |
| |
Bibliography and Notes | |
| |
| |
| |
Embedded Cryptography | |
| |
| |
| |
Introduction | |
| |
| |
| |
U.S. Government Cryptographic Guidance | |
| |
| |
| |
NSA Suite B | |
| |
| |
| |
The One-Time Pad | |
| |
| |
| |
Cryptographic Synchronization | |
| |
| |
| |
Cryptographic Modes | |
| |
| |
| |
Output Feedback | |
| |
| |
| |
Cipher Feedback | |
| |
| |
| |
OFB with CFB Protection | |
| |
| |
| |
Traffic Flow Security | |
| |
| |
| |
Counter Mode | |
| |
| |
| |
Block Ciphers | |
| |
| |
| |
Additional Cryptographic Block Cipher Modes | |
| |
| |
| |
Authenticated Encryption | |
| |
| |
| |
CCM | |
| |
| |
| |
Galois Counter Mode | |
| |
| |
| |
Public Key Cryptography | |
| |
| |
| |
RSA | |
| |
| |
| |
Equivalent Key Strength | |
| |
| |
| |
Trapdoor Construction | |
| |
| |
| |
Key Agreement | |
| |
| |
| |
Man-in-the-Middle Attack on Diffie-Hellman | |
| |
| |
| |
Public Key Authentication | |
| |
| |
| |
Certificate Types | |
| |
| |
| |
Elliptic Curve Cryptography | |
| |
| |
| |
Elliptic Curve Digital Signatures | |
| |
| |
| |
Elliptic Curve Anonymous Key Agreement | |
| |
| |
| |
Cryptographic Hashes | |
| |
| |
| |
Secure Hash Algorithm | |
| |
| |
| |
MMO | |
| |
| |
| |
Message Authentication Codes | |
| |
| |
| |
Random Number Generation | |
| |
| |
| |
True Random Number Generation | |
| |
| |
| |
Pseudo-Random Number Generation | |
| |
| |
| |
Key Management for Embedded Systems | |
| |
| |
| |
Case Study: The Walker Spy Case | |
| |
| |
| |
Key Management-Generalized Model | |
| |
| |
| |
Key Management Case Studies | |
| |
| |
| |
Cryptographic Certifications | |
| |
| |
| |
FIPS 140-2 Certification | |
| |
| |
| |
NSA Certification | |
| |
| |
| |
Key Points | |
| |
| |
| |
Bibliography and Notes | |
| |
| |
| |
Data Protection Protocols for Embedded Systems | |
| |
| |
| |
Introduction | |
| |
| |
| |
Data-in-Motion Protocols | |
| |
| |
| |
Generalized Model | |
| |
| |
| |
Choosing the Network Layer for Security | |
| |
| |
| |
Ethernet Security Protocols | |
| |
| |
| |
BPsec versus SSL | |
| |
| |
| |
IPsec | |
| |
| |
| |
SSL/TLS | |
| |
| |
| |
Embedded VPN Clients | |
| |
| |
| |
DTLS | |
| |
| |
| |
SSH | |
| |
| |
| |
Custom Network Security Protocols | |
| |
| |
| |
Application of Cryptography within Network Security Protocols | |
| |
| |
| |
Secure Multimedia Protocols | |
| |
| |
| |
Broadcast Security | |
| |
| |
| |
Data-at-Rest Protocols | |
| |
| |
| |
Choosing the Storage Layer for Security | |
| |
| |
| |
Symmetric Encryption Algorithm Selection | |
| |
| |
| |
Managing the Storage Encryption Key | |
| |
| |
| |
Advanced Threats to Data Encryption Solutions | |
| |
| |
| |
Key Points | |
| |
| |
| |
Bibliography and Notes | |
| |
| |
| |
Emerging Applications | |
| |
| |
| |
Embedded Network Transactions | |
| |
| |
| |
Anatomy of a Network Transaction | |
| |
| |
| |
State of Insecurity | |
| |
| |
| |
Network-based Transaction Threats | |
| |
| |
| |
Modern Attempts to Improve Network Transaction Security | |
| |
| |
| |
Trustworthy Embedded Transaction Architecture | |
| |
| |
| |
Automotive Security | |
| |
| |
| |
Vehicular Security Threats and Mitigations | |
| |
| |
| |
Secure Android | |
| |
| |
| |
Android Security Retrospective | |
| |
| |
| |
Android Device Rooting | |
| |
| |
| |
Mobile Phone Data Protection: A Case Study of Defense-in-Depth | |
| |
| |
| |
Android Sandboxing Approaches | |
| |
| |
| |
Next-Generation Software-Defined Radio | |
| |
| |
| |
Red-Black Separation | |
| |
| |
| |
Software-Defined Radio Architecture | |
| |
| |
| |
Enter Linux | |
| |
| |
| |
Multi-Domain Radio | |
| |
| |
| |
Key Points | |
| |
| |
| |
Bibliography and Notes | |
| |
| |
Index | |