You are previewing Embedded Systems Security.
O'Reilly logo
Embedded Systems Security

Book Description

The ultimate resource for making embedded systems reliable, safe, and secure

Embedded Systems Security provides:

  • A broad understanding of security principles, concerns, and technologies
  • Proven techniques for the efficient development of safe and secure embedded software
  • A study of the system architectures, operating systems and hypervisors, networking, storage, and cryptographic issues that must be considered when designing secure embedded systems
  • Nuggets of practical advice and numerous case studies throughout

Written by leading authorities in the field with 65 years of embedded security experience: one of the original developers of the world’s only Common Criteria EAL 6+ security certified software product and a lead designer of NSA certified cryptographic systems.

This book is indispensable for embedded systems and security professionals, new and experienced.

An important contribution to the understanding of the security of embedded systems. The Kleidermachers are experts in their field. As the Internet of things becomes reality, this book helps business and technology management as well as engineers understand the importance of "security from scratch." This book, with its examples and key points, can help bring more secure, robust systems to the market.

  • Dr. Joerg Borchert, Vice President, Chip Card & Security, Infineon Technologies North America Corp.; President and Chairman, Trusted Computing Group

Embedded Systems Security provides real-world examples of risk and exploitation; most importantly the book offers clear insight into methods used to counter vulnerabilities to build true, native security into technology.

  • Adriel Desautels, President and CTO, Netragard, LLC.

Security of embedded systems is more important than ever. The growth in networking is just one reason. However, many embedded systems developers have insufficient knowledge of how to achieve security in their systems. David Kleidermacher, a world-renowned expert in this field, shares in this book his knowledge and long experience with other engineers. A very important book at the right time.

  • Prof. Dr.-Ing. Matthias Sturm, Leipzig University of Applied Sciences; Chairman, Embedded World Conference steering board


  • Gain an understanding of the operating systems, microprocessors, and network security critical issues that must be considered when designing secure embedded systems
  • Contains nuggets of practical and simple advice on critical issues highlighted throughout the text
  • Short and to –the- point real case studies included to demonstrate embedded systems security in practice

Table of Contents

  1. Cover Image
  2. Contents
  3. Title
  4. Dedication
  5. Copyright
  6. Foreword
  7. Preface
  8. Acknowledgements
  9. Chapter 1. Introduction to Embedded Systems Security
    1. 1.1 What is Security?
    2. 1.2 What is an Embedded System?
    3. 1.3 Embedded Security Trends
    4. 1.4 Security Policies
    5. 1.5 Security Threats
    6. 1.6 Wrap-up
    7. 1.7 Key Points
    8. 1.8 Bibliography and Notes
  10. Chapter 2. Systems Software Considerations
    1. 2.1 The Role of the Operating System
    2. 2.2 Multiple Independent Levels of Security
    3. 2.3 Microkernel versus Monolith
    4. 2.4 Core Embedded Operating System Security Requirements
    5. 2.5 Access Control and Capabilities
    6. 2.6 Hypervisors and System Virtualization
    7. 2.7 I/O Virtualization
    8. 2.8 Remote Management
    9. 2.9 Assuring Integrity of the TCB
    10. 2.10 Key Points
    11. 2.11 Bibliography and Notes
  11. Chapter 3. Secure Embedded Software Development
    1. 3.1 Introduction to PHASE—Principles of High-Assurance Software Engineering
    2. 3.2 Minimal Implementation
    3. 3.3 Component Architecture
    4. 3.4 Least Privilege
    5. 3.5 Secure Development Process
    6. 3.6 Independent Expert Validation
    7. 3.7 Case Study: HAWS—High-Assurance Web Server
    8. 3.8 Model-Driven Design
    9. 3.9 Key Points
    10. 3.10 Bibliography and Notes
  12. Chapter 4. Embedded Cryptography
    1. 4.1 Introduction
    2. 4.2 U.S. Government Cryptographic Guidance
    3. 4.3 The One-Time Pad
    4. 4.4 Cryptographic Modes
    5. 4.5 Block Ciphers
    6. 4.6 Authenticated Encryption
    7. 4.7 Public Key Cryptography
    8. 4.8 Key Agreement
    9. 4.9 Public Key Authentication
    10. 4.10 Elliptic Curve Cryptography
    11. 4.11 Cryptographic Hashes
    12. 4.12 Message Authentication Codes
    13. 4.13 Random Number Generation
    14. 4.14 Key Management for Embedded Systems
    15. 4.15 Cryptographic Certifications
    16. 4.16 Key Points
    17. 4.17 Bibliography and Notes
  13. Chapter 5. Data Protection Protocols for Embedded Systems
    1. 5.1 Introduction
    2. 5.2 Data-in-Motion Protocols
    3. 5.3 Data-at-Rest Protocols
    4. 5.4 Key Points
    5. 5.5 Bibliography and Notes
  14. Chapter 6. Emerging Applications
    1. 6.1 Embedded Network Transactions
    2. 6.2 Automotive Security
    3. 6.3 Secure Android
    4. 6.4 Next-Generation Software-Defined Radio
    5. 6.5 Key Points
    6. 6.6 Bibliography and Notes
  15. Index