Security is an area that we all need to focus on when we build our embedded systems. Here's our collection of resources on embedded systems security (and security in general). If you have recommended books or links that discuss embedded systems security, let us know!
Table of Contents:
Some of these books may be slanted toward/against vendors. We recommend getting the security concepts without putting too much stock into the opinion of vendors.
Phil Koopman has a collection of lectures discussing embedded systems security:
- Just a Minute on Embedded System Security Plans
- Embedded Security, Safety, and Software Quality
- Embedded Systems Security Pitfalls
- Embedded Systems Security: Cryptography
- Embedded Systems Security: Security Plan
Here are articles with general introductions to embedded systems security concepts:
- An Engineer's Brief Introduction to Cryptography
- A Primer for Embedded Systems Security by Totalphase discusses risk assessments, classifying attackers, and a layered security model.
- Security Requirements for Embedded Devices - What is Really Needed? summarizes embedded security challenges and possible security features to focus on.
- Security Fundamentals for Embedded Software
These articles focus on common pitfalls with embedded device security:
- Top 16 Embedded Security Pitfalls by Phil Koopman covers common pitfalls to avoid when designing your security plan.
- Secrecy vs. Integrity and Why Encryption Might Be the Wrong Choice by Phil Koopman shows that encryption doesn't solve all of our security problems. In many cases, authentication and integrity are more important.
- Security Pitfalls in Cryptography contains some lessons learned that you can apply to avoid creating a bad cryptographic system.
General Security Articles
- The Whys and Hows of Secure Boot
- Multiply and Isolate Your Roots of Trust for Greater Security (Part 1)
- How Many Layers of Security Do You Have?
- Wil the Real Root of Trust Stand Up?
- Enhancing Privacy and Security in the Smart Meter Lifecycle
- Designing Hardware for Data Privacy
The authors of Embedded Systems Security published a series of articles on EDN:
- Embedded Systems Security Part 1: Security Requirements
- Embedded Systems Security Part 2: Access Control and Capabilities
- Embedded Systems Security Part 3: Hypervisors and System Virtualization
- Embedded Systems Security Part 4: I/O Virtualization
Here are some Twitter accounts to follow. Some accounts have an electronics/hardware bent, but others are more general InfoSec.
- @azeria_labs (https://azeria-labs.com)
- @Viss (https://phobos.io/)
- @josephfcox (Motherboard journalist)
- Thanks to Ryan Joseph for many Twitter suggestions