SecAppDev 2020 Lecture Details

Security of embedded devices - an introduction

Lennert Wouters
Friday March 13, 09:00 - 10:30
Short description

This session introduces the main components of the embedded device ecosystem and some of the common security pitfalls. We do this by looking at real world examples and by demonstrating easy to use techniques.

Abstract

The threat model of embedded devices is significantly different than that of other information systems. Additionally, embedded devices are often harder to access and thus seem much harder to test.

In this introductory session, we take a practical approach to investigating the security of embedded devices. We analyze how the differences in threat models affect the approach to security. Additionally, we look under the hood of some embedded Linux devices and demonstrate multiple techniques anyone can use to analyze them. As a result, we will uncover and discuss a few common security issues.

Key takeaway

Gain a basic understanding of the inner workings of an embedded device and how to asses its security.

Content level

Introductory

Target audience

Anyone building, designing or securing low-level and embedded software.

Prerequisites

None


Lennert Wouters

Lennert Wouters

PhD researcher, COSIC, KU Leuven

Lennert Wouters obtained a Master in Engineering Technology and an Advanced Master in Artificial Intelligence from the University of Leuven. After completing his studies, Lennert joined the Computer Security and Industrial Cryptography (COSIC) research group, an imec research group at KU Leuven. As a PhD researcher his research interests include hardware security of connected embedded devices, reverse engineering and side channel attacks.

Full speaker profile


Related low-level security sessions

Hands-on introduction to Rust

One-day workshop by Jake Goulding and Carol Nichols

Haven't done any Rust? Want to know what makes Rust so special? Want the ability to ask two highly experienced Rust developers nuanced questions? Join us as we go hands-on with Rust, starting from an empty file and learning about the Rust ecosystem, pervasive and unique-to-Rust concepts, and areas where Rust truly shines.

Low-level security Thursday March 12, 09:00 - 17:30

How Rust helps us make safer and more secure code

Lecture by Jake Goulding

Rust promises to help us write better, safer code, but how exactly does it do so? Marketing can only convince us of so much. Join us to learn about the details for yourself.

Low-level security Tuesday March 10, 14:00 - 15:30

Rust - A Language for the Next 40 Years

Lecture by Carol Nichols

This session provides a high-level overview of the safety and stability of the Rust programming language in its historical context.

Low-level security Friday March 13, 11:00 - 12:30

Trusted Execution and how far you can trust it

Lecture by Jan Tobias Muehlberg

Modern processors provide Trusted Execution Environments that allow you to protect software components even from an untrusted operating system. Learn when and how to use them!

Low-level security Wednesday March 11, 09:00 - 10:30

Introduction to low-level software security

Lecture by Frank Piessens

Learn about memory management vulnerabilities, the attack techniques to exploit them, and the countermeasures that can be taken to defend against them.

Low-level security Tuesday March 10, 11:00 - 12:30