CEC – Getting Started with Secure Software
The number of devices connecting to the internet each year is growing at an exponential rate. In fact, Arm expects there to be over 1 trillion connected devices by 2035. While the functionality for so many devices can hardly be conceived now, the one thing that each device is going to need is a secure software implementation to protect it from the numerous threats. For many developers, though, security is an intimidating word. It’s not completely clear to embedded systems developers what security is or how to implement it correctly. In this course, we will explore what embedded software developers need to understand in order to develop secure IoT applications. We will look at how to develop secure applications starting with a systems threat analysis and then moving to examining different technologies and software frameworks.
Registration and Playback located here (May require login to access)
April 20 – Day 1 – Introduction to Platform Security Architecture (PSA) One of the biggest challenges facing embedded software developers that need to implement security is understanding how much security is needed. It’s not uncommon to dramatically undershoot or overshoot the right amount which either leads to compromised devices or an overly expensive development cycle. In this session, we will discuss not just why security is necessary but the processes that can be followed to identify the right amount of security. Attendees will learn about the trade-offs that need to be made and how to leverage the Platform Security Architecture (PSA) processes to build out their own secure solution.
April 21 – Day 2 – Performing a Security Threats Analysis One common mistake that teams often make when attempting to secure their systems is to try to bolt security on at the end. A security threats analysis must be performed early in the development cycle in order to appropriately identify the assets that will be protected, the threats those assets face and develop the requirements that will result to select the right hardware-based security solution. In this session, we are going to explore how to perform a security threats analysis that will result in security requirements for an example IoT device. Attendees will walk away with an understanding how to perform such an analysis on their systems.
April 22 – Day 3 – Architecting a Secure Solution Secure solutions are often achieved through layers of system isolation. There are several different technologies that developers can leverage to ensure that they are able to isolate their software successfully. In this session, we are going to examine the solutions that are available to isolate the run-time environment in microcontroller systems. Attendees will walk away understanding how to leverage multicore processors and hardware isolation using Arm TrustZone to develop a secure solution.
April 23 – Day 4 – Secure Boot and the Root-of-Trust Establishing a root-of-trust (RoT) and securely booting a system can be challenging for developers who are new to embedded security. These concepts form the bases of a secure solution and must be mastered. In this session, we will explore important concepts such as root-of-trust, chain-of-trust and secure boot concepts including secure bootloader solutions. Attendees will learn about these critical concepts using the Cypress PSoC 64 Secure MCU’s through provisioning and boot sequence as an example.
April 24 – Day 5 – Secure Frameworks and Ecosystems Implementing a secure solution from scratch can be intimidating, but the fact is that developers don’t have to start from scratch. There are several secure frameworks and solutions already available that developers can leverage in order to accelerate the secure software implementation. In this session, we are going to examine several security frameworks such as Trusted Firmware-M (TF-M). Attendees will be exposed to the TF-M, its capabilities and several other ecosystems and frameworks that will aid them in developing their own secure solutions.
Course Resources
Jacob’s General Embedded System Resources:
- Sign-Up for the Embedded Bytes Newsletter here
- Embedded Software Design Techniques – An API Standard for MCU’s here
- Developing Reusable Firmware – A Practical Guide to API’s, HAL’s and Drivers here
- MicroPython Projects Book here
- Doxygen C Templates Download can be here
- DesignNews Blog Articles can be found here
- Jacob’s YouTube Channel – here
Secure Software Specific Resources:
- Getting Started with Embedded Security using PSoC 64 Secure MCUs – Mini Course – here
- Platform Security Architecture
- Arm Pelion IoT Services
- Threat-based analysis method white paper
- PSA Network Camera Threat Model
- Secure Doorlock Webinar Recording
- Security Threats Webinar Recording
Struggling to keep your development skills up to date or facing outdated processes that slow down your team, raise costs, and impact product quality?
Here are 4 ways I can help you:
- Embedded Software Academy: Enhance your skills, streamline your processes, and elevate your architecture. Join my academy for on-demand, hands-on workshops and cutting-edge development resources designed to transform your career and keep you ahead of the curve.
- Consulting Services: Get personalized, expert guidance to streamline your development processes, boost efficiency, and achieve your project goals faster. Partner with us to unlock your team's full potential and drive innovation, ensuring your projects success.
- Team Training and Development: Empower your team with the latest best practices in embedded software. Our expert-led training sessions will equip your team with the skills and knowledge to excel, innovate, and drive your projects to success.
- Customized Design Solutions: Get design and development assistance to enhance efficiency, ensure robust testing, and streamline your development pipeline, driving your projects success.
Take action today to upgrade your skills, optimize your team, and achieve success.
