Embedded System Security

- The information security landscape and the the role of safety, security, and data protection in embedded systems
- Low-level vulnerabilities and defences in software and hardware
- Vulnerabilities and defences in light-weight embedded systems
- Automated detection, exploitation, and prevention of vulnerabilities in software
- System security and secure hardware
- Sustainability aspects in security and privacy engineering
- Security assessment techniques

The objective of this course is to provide insights on systems security with a focus on embedded systems. We focus specifically on software security in the Internet of Things and in Control Systems, and how computing equipment that is embedded into these systems can be securely integrated in the context of distributed systems engineering. Students will learn what software vulnerabilities are, how these vulnerabilities are exploited, and what development methodologies and security technologies are available to build sufficiently secure embedded systems.

The course strives to link theoretical knowledge with current industry practice and will feature a few interventions from guest lecturers who highlight and discuss recent industry trends, as well as a number of exercises and self-study tasks to provide hands-on experience and to deepen the students' knowledge on more specialised subjects.

The course is open to engineers/computer scientists from different backgrounds: computer sciences, computer engineering, telecommunications, and others.

Required and Corequired knowledge and skills

- Understanding of processor architectures and computer systems
- Understanding of operating systems, processes, memory management, concurrency
- Programming skills, preferably some background in Rust/C/C++/Assembly

The course involves students in group projects to identify challenging problems in embedded systems security through extensive reading, practical challenges, and discussion.

Laboratories and self-study exercises include:

- Exploration and exploitation of software-level vulnerabilities
- Software fuzzing as a means to automatically detect vulnerabilities
- Exploration of defensive techniques to harden embedded software
- Research project on Internet of Things technology

References, bibliography, and recommended reading

- Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, Ross Anderson, 2020: https://www.cl.cam.ac.uk/~rja14/book.html
- Threat Modeling: Designing for Security, Adam Shostack, 2014: https://shostack.org/books/threat-modeling-book

Course notes

• Université virtuelle

Contacts

Jan Tobias Muehlberg <jan.tobias.muehlberg@ulb.be>

Campus

Solbosch

Method(s) of evaluation

• Oral examination
• Oral presentation

Oral examination

• Examination with preparation

• Open question with short answer

Oral presentation

Language(s) of evaluation

• english