The number of devices connecting to the internet each year is growing at an exponential rate. In fact, Arm expects there to be over 1 trillion connected devices by 2035. While the functionality for so many devices can hardly be conceived now, the one thing that each device is going to need is a secure software implementation to protect it from the numerous threats. For many developers, though, security is an intimidating word. It’s not completely clear to embedded systems developers what security is or how to implement it correctly. In this course, we will explore what embedded software developers need to understand in order to develop secure IoT applications. We will look at how to develop secure applications starting with a systems threat analysis and then moving to examining different technologies and software frameworks.

Registration and Playback located here (May require login to access)

April 20 – Day 1 – Introduction to Platform Security Architecture (PSA) One of the biggest challenges facing embedded software developers that need to implement security is understanding how much security is needed. It’s not uncommon to dramatically undershoot or overshoot the right amount which either leads to compromised devices or an overly expensive development cycle. In this session, we will discuss not just why security is necessary but the processes that can be followed to identify the right amount of security. Attendees will learn about the trade-offs that need to be made and how to leverage the Platform Security Architecture (PSA) processes to build out their own secure solution.

April 21 – Day 2 – Performing a Security Threats Analysis One common mistake that teams often make when attempting to secure their systems is to try to bolt security on at the end. A security threats analysis must be performed early in the development cycle in order to appropriately identify the assets that will be protected, the threats those assets face and develop the requirements that will result to select the right hardware-based security solution. In this session, we are going to explore how to perform a security threats analysis that will result in security requirements for an example IoT device. Attendees will walk away with an understanding how to perform such an analysis on their systems.

April 22 – Day 3 – Architecting a Secure Solution Secure solutions are often achieved through layers of system isolation. There are several different technologies that developers can leverage to ensure that they are able to isolate their software successfully. In this session, we are going to examine the solutions that are available to isolate the run-time environment in microcontroller systems. Attendees will walk away understanding how to leverage multicore processors and hardware isolation using Arm TrustZone to develop a secure solution.

April 23 – Day 4 – Secure Boot and the Root-of-Trust Establishing a root-of-trust (RoT) and securely booting a system can be challenging for developers who are new to embedded security. These concepts form the bases of a secure solution and must be mastered. In this session, we will explore important concepts such as root-of-trust, chain-of-trust and secure boot concepts including secure bootloader solutions. Attendees will learn about these critical concepts using the Cypress PSoC 64 Secure MCU’s through provisioning and boot sequence as an example.

April 24 – Day 5 – Secure Frameworks and Ecosystems Implementing a secure solution from scratch can be intimidating, but the fact is that developers don’t have to start from scratch. There are several secure frameworks and solutions already available that developers can leverage in order to accelerate the secure software implementation. In this session, we are going to examine several security frameworks such as Trusted Firmware-M (TF-M). Attendees will be exposed to the TF-M, its capabilities and several other ecosystems and frameworks that will aid them in developing their own secure solutions.

Course Resources

Jacob’s General Embedded System Resources:

• Sign-Up for the Embedded Bytes Newsletter here
• Embedded Software Design Techniques – An API Standard for MCU’s here
• Developing Reusable Firmware – A Practical Guide to API’s, HAL’s and Drivers here
• MicroPython Projects Book here
• Doxygen C Templates Download can be here
• DesignNews Blog Articles can be found here
• Jacob’s YouTube Channel – here

Secure Software Specific Resources:

• Getting Started with Embedded Security using PSoC 64 Secure MCUs – Mini Course – here
• Platform Security Architecture
• Arm Pelion IoT Services
• Threat-based analysis method white paper
• PSA Network Camera Threat Model
• Secure Doorlock Webinar Recording
• Security Threats Webinar Recording