这是您想要的页面. 查看搜索结果:

Training at a Glance

Vector illustration of an audience watching an instructor on screen

Format

  • Self-paced eLearning
  • Interactive exercises and quizzes
  • Scheduled live mentoring
  • Scale to multiple groups

Vector illustration of 3 people serving as an audience

Audience

  • Developers with a background in C / C++

Vector illustration of a stopwatch timer

Duration

  • 3 courses
  • 4–5 weeks total
  • 15 hours self-paced eLearning
  • 4.5 hours live mentoring

Vector illustration of certificate or diploma

Outcomes

  • Challenge assumptions
  • Find vulnerabilities and add extra defenses to critical code
  • Choose and implement defenses

Fundamentals of Secure Coding

In this training, embedded system developers will learn how to eliminate logical errors, harden critical code areas against fault attacks, and protect crypto algorithms against side-channel attacks. Most embedded security training focuses on attacks and building setups without addressing secure coding practices to protect your device and application from real-world attackers. This training emphasizes defensive coding techniques and available countermeasures that developers can apply immediately.

In programming, assumptions can lead to incorrectly validated input, and a device or application can be compromised when even a single vulnerability is identified by an attacker. Defense mechanisms come at a cost in execution time, required memory, or access to hardware components such as random number generators (RNGs). Participants will learn how to analyze these tradeoffs to make informed strategic decisions using tips, tricks, and best practices from our security analysts, who review large code bases and have years of experience performing side-channel analysis (SCA) and fault injection (FI) attacks.

Training Outline

  • Secure code developmentwhat and why?
  • Intro to memory corruption
  • Buffer overflows
    • Stack, heap, and global data segment
  • Arbitrary writes
  • Off-by-one error
  • Understanding root causes and memory corruption culprits
  • Implement coding best practices and the secure development lifecycle
  • Reactive approaches
    • Catching and patching, mitigating, and assessing
  • Proactive approaches
    • Implementing guidelines
  • Introduction to side channel analysis (SCA)
  • Simple power analysis (SPA)
    • Understanding SPA
    • Examples: PIN verification, RSA
  • Differential power analysis (DPA)
    • Performing DPA
    • Examples: DES and AES encryption
  • SCA countermeasures: Masking and hiding
  • SCA in the presence of countermeasures
  • Introduction to fault injection (FI)
  • Characterization of faults
  • Types of faults
    • Instruction skipping, and data corruption
  • Evaluating the complexity of FI attacks
  • Software countermeasures
    • Redundancy, control flow checks, and values checks
  • Hardware countermeasures
    • Glitch detectors, shields, and redundancy
  • The cost versus effect of countermeasures

Related Trainings

Side Channel Analysis Training

Side Channel Analysis Training

Keysight side channel analysis training offers a comprehensive understanding of hardware security evaluation through side channel analysis techniques.

Fault Injection Training

Fault Injection Training

Keysight fault injection training combines theoretical knowledge, case studies, and hands-on exercises to cover topics from an introductory level to advanced analysis.

Secure Bootloader Design Training

Secure Bootloader Design Training

Learn how to avoid or correct common security mistakes in bootloader implementation in this practical course for architects, designers, and developers.

Interested in this service? Reach out to learn more.