Skip to content

Embedded Systems Security Practical Methods for Safe and Secure Software and Systems Development

Spend $50 to get a free DVD!

ISBN-10: 0123868866

ISBN-13: 9780123868862

Edition: 2012

Authors: David Kleidermacher, Mike Kleidermacher

List price: $64.95
Shipping box This item qualifies for FREE shipping.
Blue ribbon 30 day, 100% satisfaction guarantee!
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!


The ultimate resource for making embedded systems reliable, safe, and secureEmbedded Systems Security provides:A broad understanding of security principles, concerns, and technologiesProven techniques for the efficient development of safe and secure embedded softwareA study of the system architectures, operating systems and hypervisors, networking, storage, and cryptographic issues that must be considered when designing secure embedded systemsNuggets of practical advice and numerous case studies throughoutWritten by leading authorities in the field with 65 years of embedded security experience: one of the original developers of the world's only Common Criteria EAL 6+ security certified…    
Customers also bought

Book details

List price: $64.95
Copyright year: 2012
Publisher: Elsevier Science & Technology
Publication date: 4/25/2012
Binding: Paperback
Pages: 416
Size: 7.75" wide x 9.50" long x 1.00" tall
Weight: 1.892
Language: English

Introduction to Embedded Systems Security
What is Security?
What is an Embedded System?
Embedded Security Trends
Embedded Systems Complexity
Network Connectivity
Reliance on Embedded Systems for Critical Infrastructure
Sophisticated Attackers
Processor Consolidation
Security Policies
Perfect Security
Confidentiality, Integrity, and Availability
Information Flow Control
Physical Security Policies
Apphcation-Specific Policies
Security Threats
Case Study: VxWorks Debug Port Vulnerability
Key Points
Bibliography and Notes
Systems Software Considerations
The Role of the Operating System
Multiple Independent Levels of Security
Information Flow
Data Isolation
Damage Limitation
Periods Processing
Always Invoked
Tamper Proof
Microkernel versus Monolith
Case Study: The Duqu Virus
Core Embedded Operating System Security Requirements
Memory Protection
Virtual Memory
Fault Recovery
Guaranteed Resources
Virtual Device Drivers
Impact of Determinism
Secure Scheduling
Access Control and Capabilities
Case Study: Secure Web Browser
Granularity versus Simplicity of Access Controls
Whitelists versus Blacklists
Confused Deputy Problem
Capabilities versus Access Control Lists
Capability Confinement and Revocation
Secure Design Using Capabilities
Hypervisors and System Virtualization
Introduction to System Virtualization
Applications of System Virtualization
Environment Sandboxing
Virtual Security Appliances
Hypervisor Architectures
Leveraging Hardware Assists for Virtualization
Hypervisor Security
I/O Virtualization
The Need for Shared I/O
Shared IOMMU
IOMMUs and Virtual Device Drivers
Secure I/O Virtualization within Microkernels
Remote Management
Security Implications
Assuring Integrity of the TCB
Trusted Hardware and Supply Chain
Secure Boot
Static versus Dynamic Root of Trust
Remote Attestation
Key Points
Bibliography and Notes
Secure Embedded Software Development
Introduction to PHASE-Principles of High-Assurance Software Engineering
Minimal Implementation
Component Architecture
Runtime Componentization
A Note on Processes versus Threads
Least Privilege
Secure Development Process
Change Management
Peer Reviews
Development Tool Security
Secure Coding
Software Testing and Verification
Development Process Efficiency
Independent Expert Validation
Common Criteria
Case Study: Operating System Protection Profiles
Case Study: HAWS-High-Assurance Web Server
Minimal Implementation
Component Architecture
Least Privilege
Secure Development Process
Independent Expert Validation
Model-Driven Design
Introduction to MDD
Executable Models
Modeling Languages
Types of MDD Platforms
Case Study: A Digital Pathology Scanner
Selecting an MDD Platform
Using MDD in Safety-and Security-Critical Systems
Key Points
Bibliography and Notes
Embedded Cryptography
U.S. Government Cryptographic Guidance
NSA Suite B
The One-Time Pad
Cryptographic Synchronization
Cryptographic Modes
Output Feedback
Cipher Feedback
OFB with CFB Protection
Traffic Flow Security
Counter Mode
Block Ciphers
Additional Cryptographic Block Cipher Modes
Authenticated Encryption
Galois Counter Mode
Public Key Cryptography
Equivalent Key Strength
Trapdoor Construction
Key Agreement
Man-in-the-Middle Attack on Diffie-Hellman
Public Key Authentication
Certificate Types
Elliptic Curve Cryptography
Elliptic Curve Digital Signatures
Elliptic Curve Anonymous Key Agreement
Cryptographic Hashes
Secure Hash Algorithm
Message Authentication Codes
Random Number Generation
True Random Number Generation
Pseudo-Random Number Generation
Key Management for Embedded Systems
Case Study: The Walker Spy Case
Key Management-Generalized Model
Key Management Case Studies
Cryptographic Certifications
FIPS 140-2 Certification
NSA Certification
Key Points
Bibliography and Notes
Data Protection Protocols for Embedded Systems
Data-in-Motion Protocols
Generalized Model
Choosing the Network Layer for Security
Ethernet Security Protocols
BPsec versus SSL
Embedded VPN Clients
Custom Network Security Protocols
Application of Cryptography within Network Security Protocols
Secure Multimedia Protocols
Broadcast Security
Data-at-Rest Protocols
Choosing the Storage Layer for Security
Symmetric Encryption Algorithm Selection
Managing the Storage Encryption Key
Advanced Threats to Data Encryption Solutions
Key Points
Bibliography and Notes
Emerging Applications
Embedded Network Transactions
Anatomy of a Network Transaction
State of Insecurity
Network-based Transaction Threats
Modern Attempts to Improve Network Transaction Security
Trustworthy Embedded Transaction Architecture
Automotive Security
Vehicular Security Threats and Mitigations
Secure Android
Android Security Retrospective
Android Device Rooting
Mobile Phone Data Protection: A Case Study of Defense-in-Depth
Android Sandboxing Approaches
Next-Generation Software-Defined Radio
Red-Black Separation
Software-Defined Radio Architecture
Enter Linux
Multi-Domain Radio
Key Points
Bibliography and Notes