Verfügbarkeit: Engineering secure devices

Engineering secure devices: a practical guide for embedded system architects and developers

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Merli, Dominik (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	San Francisco No Starch Press [2024]
Ausgabe:	First printing
Schlagworte:	Softwareentwicklung Computersicherheit
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	xxvi, 256 Seiten Diagramme
ISBN:	9781718503489

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV049793107
003	DE-604
005	20241202
007	t\|
008	240723s2024 xxu\|\|\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 9781718503489 \|9 978-1-7185-0348-9
035			\|a (OCoLC)1450714100
035			\|a (DE-599)KXP188809754X
040			\|a DE-604 \|b ger \|e rda
041	0		\|a eng
044			\|a xxu \|c XD-US
049			\|a DE-739 \|a DE-Aug4 \|a DE-573
084			\|a ST 276 \|0 (DE-625)143642: \|2 rvk
100	1		\|a Merli, Dominik \|e Verfasser \|0 (DE-588)1053945566 \|4 aut
245	1	0	\|a Engineering secure devices \|b a practical guide for embedded system architects and developers \|c by Dominik Merli
250			\|a First printing
264		1	\|a San Francisco \|b No Starch Press \|c [2024]
264		4	\|c © 2024
300			\|a xxvi, 256 Seiten \|b Diagramme
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
650	0	7	\|a Softwareentwicklung \|0 (DE-588)4116522-6 \|2 gnd \|9 rswk-swf
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
689	0	0	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0	1	\|a Softwareentwicklung \|0 (DE-588)4116522-6 \|D s
689	0		\|5 DE-604
776	0	8	\|i Erscheint auch als \|n Online-Ausgabe, PDF \|z 978-1-7185-0349-6
856	4	2	\|m Digitalisierung UB Passau - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=035133848&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
943	1		\|a oai:aleph.bib-bvb.de:BVB01-035133848

Datensatz im Suchindex

_version_	1817326124118573056
adam_text	CONTENTS IN DETAIL FOREWORD xvii ACKNOWLEDGMENTS xix INTRODUCTION xxi The State of Embedded System Security. Emerging Requirements, Laws, and Standards. Who Should Read This Book? . What Does This Book Cover?. A Note on the Case Studies in This Book. xxii xxiii xxiv xxiv xxv PART I FUNDAMENTALS 1 SECURE DEVELOPMENT PROCESS On the Variety of Guidelines . Responsibility for Product Security. Awareness and Training . Assets and Protection Goals. Valuable Product Parts. Relevant Protection Needs . Attackers, Threats, and Risks. Potential Adversaries. Potential Negative Impacts. No Risks, No Priorities. Security Requirements and Security Architecture. Risk Treatment. Secure Development Principles . Secure Implementation and Security Testing. Shift Left. Continuous Testing and Analysis. Attackers as a Service. Vulnerability Monitoring and Response. Reporting Vulnerabilities. Reviewing and Assessing Vulnerability Reports. 3 4 5 6 7 7 8 11 11 13 14 16 16 17 18 18 19 21 22 22 23 Fixing or Addressing the Issue. Testing. Disclosing the Solution. Avoiding Future Issues. Establishing Trust. 23 23 23 24 24 Summary. 25 2 CRYPTOGRAPHY 27 Kerckhoffs’s Principle . Levels of Security. Symmetric Ciphers. Data Encryption Standard. Advanced Encryption Standard. Modes of Operation. Electronic Codebook Mode. Cipher Block Chaining Mode . Counter Mode. Hash Functions. Message Authentication Codes. Authenticated Encryption. Strategies and Requirements . Galois Counter Mode. Asymmetric Cryptography. The RSA Cryptosystem. Basic RSA Math. Real-World RSA Usage. Diffie-Hellman Key Exchange. The Mathematical Beauty. Man-in-the-Middle Attacks. Elliptic-Curve Cryptography. The Math Behind the Curves . The Agony of Choice. Practical Applications of ECC . Summary. 28 28 29 29 30 32 32 33 34 35 36 37 37 38 40 41 41 43 43 44 44 45 45 47 47 48 3 RANDOM NUMBER GENERATORS 51 The Need for Randomness . The Nature of Randomness. 52 52 Contents in Detail 53 54 55 56 57 57 57 57 58 58 58 59 62 63 63 65 66 67 4 CRYPTOGRAPHIC IMPLEMENTATIONS 69 Implementation Context and Requirements . 70 Selecting Crypto Implementations. 71 AES Implementation Options . 73 Basic Architecture. 73 Optimized Operations. 73 Implementation Characteristics of RSA and ECDSA. 74 RSA Optimizations. 74 ECDSA Specifics. 75 Case Study: Crypto Performance on an STM32MP157F Device. 75 Parameter Choice for Symmetric Encryption. 76 Software vs. Hardware Implementation for SHA-256Hashing. 78 Comparison of Software Performance of AsymmetricCrypto. 81 Summary θ3 5 CONFIDENTIAL DATA STORAGE AND SECURE MEMORY PART II DEVICE SECURITY BUILDING BLOCKS X True Random Number Generators. Ring Oscillators. The Health Status of Entropy Sources. Pseudorandom Number Generators. Practical RNG Constructions and Usage. RNG Selection. Error Handling. Boot-Time Entropy. Case Study: Random Numbers from Hardware to Python. Hardware RNG and Entropy Source. Hardware RNG Integration in Linux. Linux RNG Architecture. Cryptographically Secure Random Numbers in Python. Case Study: Practical Tools for a Randomness Quick Check. Simple Tools for Distribution Analysis and Pattern Recognition. Problem 1 : Output Space Restriction by Modulo . Problem 2: Custom PRNG Designs. Summary. Confidential Data . The Dilemma of Keeping Secrets on Embedded Systems. Secure Filesystem Approaches. Encrypted Stacked Filesystems. Native Filesystem Encryption. Encrypted Block Devices. Recommendations. The Passphrase. 85 θ6 87 θ7 88 88 88 $9 θ9 Contents in Detail XI Secure Memory in Hardware. External Secure Memory. Internal Secure Memory . Secrets in Application Code. Secure Password Storage . Case Study: Encrypted File Containers on Linux . Crypto Benchmarking . Container Creation. Efficiency Analysis. Read-Out Protection as a Low-Cost Solution . Summary. 6 SECURE DEVICE IDENTITY Every Device Is Unique. Identification and Identifiers. Unique Identifiers. System Identities. Authentication and Authenticators. Authentication Protocols . Dedicated Authentication Chips . Multifactor Authentication. Trusted Third Parties. Certificates and Certificate Authorities. Identity Life Cycle and Management. Generation. Provisioning. Usage in the Field. Exchange or Destruction. Case Study: Identity Generation and Provisioning . Identifiers and System Identity. Certificate Signing Request. Certificate Authority. Case Study: RSA Key Generation in Production . Summary. 7 SECURE COMMUNICATION 89 90 91 91 93 93 94 95 97 98 99 Contents in Detail 127 128 129 129 130 131 135 136 137 PART III ADVANCED DEVICE SECURITY CONCEPTS 101 102 102 102 103 103 104 105 105 106 107 107 108 109 110 110 Ill Ill 113 115 117 118 8 SECURE BOOT AND SYSTEMINTEGRITY 121 141 System Boot Complexity. Boot Protection Concepts. Classic Secure Boot Chain . Considerations for Implementing Secure Boot. Hardware and Software Requirements. Development Process. Production and Lifetime. Open Source Licenses vs. Secure Boot. Case Study: Secure Boot Process on an STM32MP157F Device. The Boot Process. Secure Boot Starts in Hardware . Secure Boot Based on BL2 TF-A. U-Boot's Secure Boot Feature. Integrity Protection Beyond the Boot Process. Kernel Module Verification. Filesystem Integrity. Write Protection as a Low-Cost Solution. Summary. 9 SECURE FIRMWARE UPDATE All the Protection Goals. 122 Transport Layer Security. 122 History. 123 TLS Basics. 124 TLS 1.3 . 124 TLS 1.2 . 126 XII Requirements for Devices and Infrastructure. Application Examples and Software Libraries. Case Study: Secure MQTT Communication . Mosquitto Installation and Configuration. The First Test Run. Communication Security Analysis with Wireshark and SSLyze. Secure Communication Without TLS. Redundancy in Secure Communication . Summary. 142 143 145 146 147 147 148 148 149 149 150 151 152 154 154 155 156 157 159 The Inevitability of Updates. Security Requirements. Authenticity. Confidentiality. Secure Distribution Channel. Rollback Option . Version Distribution Monitoring. 160 161 161 161 161 161 162 Contents in Detail ХШ Distribution and Deployment of Updates. Local vs. Remote Updates. Pull vs. Push Strategy. Update Granularity and Format. Firmware Parts. Update Formats. Issues with Package Managers. Device Partitioning Strategies. Update/Recovery Partition. A/В System Approach. A Note on Updating Bootloaders. The Interplay Between Development, Backend, and Device . Case Study: Secure Firmware Updates with SWUpdate. SD Card Layout Customization . SWUpdate Installation and Configuration . Device-Specific Customization. Update Process Evaluation. Summary. 10 ROBUST DEVICE ARCHITECTURE Devices Under Network Stress. Malfunctioning Neighbor Devices . Protocol Fuzzing. Network and Vulnerability Scanning. Flooding Attacks. Robust Architectures. Essential Device Functions. Sensors. Actuators. Controllers . Real-Time Systems. Soft Real-Time Systems. Firm Real-Time Systems. Hard Real-Time Systems . Impact of DoS Attacks. Resource Exhaustion and Prevention Strategies . Hardware-Level Implementation Options. Dedicated Preprocessing Unit. Multicore Architectures . Operating System Capabilities. Operating System Options. Linux with a Real-Time Patch . Application and Protocol Considerations. Identify Logical Flaws. Implement Input and Sender Validation. XÏV Contents in Detail 162 162 163 163 164 165 166 166 166 167 168 169 170 170 171 174 177 179 181 182 182 182 182 183 183 183 183 184 184 185 185 185 185 186 186 187 187 188 189 189 190 190 191 191 Analyze Active Protection Measures . Introduce Chaos Engineering and Fuzzing. Case Study: Robustness Options on an STM32MP157F Device. Basic System Properties. Measurements on a Low-Latency Kernel . Measurements on a Real-Time Kernel. Real-Time Coprocessor . Summary. 11 ACCESS CONTROL AND MANAGEMENT 191 192 192 192 193 194 196 197 199 Everyday Threats. 200 Access Control and Damage Containment. 201 Design and Development Phase . 201 Production Considerations . 202 Customer Activities and Decommissioning. 203 Discretionary Access Control . 203 Linux Filesystem Permissions. 204 Linux User and Group Management. 205 Linux Permission Management. 206 Access-Control Lists. 206 Case Study: Access Control for STM32MP157F-DK2 Firmware. 207 User Creation and File Provisioning in Yocto. 207 Exploration of System Files and Predefined Users. 209 SSH Daemon Access-Control Configuration. 210 Mandatory Access Control . 211 Linux Security Modules . 212 SELinux. 212 AppArmor. 213 Other LSMs and Non-LSM MACs. 214 Case Study: Application Confinement with AppArmor. 214 Installation . 215 Application Profiling. 218 Summary. 221 12 SYSTEM MONITORING 223 Monitoring for the Right Reasons. 224 Monitoring the Right Things. 225 User Interactions and Access Control. 225 Communication. 226 Application Behavior. 226 System Behavior. 227 Risk-Based Monitoring. 227 Contents in Detail XV Designing a Monitoring Scheme. 228 Challenges for Embedded Systems. 228 Monitoring of the On-Device Logging Process. 230 Central Log Analysis and Management. 230 Case Study: Logging Events on an STM32MP157F Device. 231 User-Session Monitoring with journald. 231 Kernel Event Monitoring with auditd . 232 Service and Application Event Logging. 234 Logging to a Remote Server. 236 Summary. 237 AFTERWORD 239 INDEX 241 XVI Contents in Detail
any_adam_object	1
author	Merli, Dominik
author_GND	(DE-588)1053945566
author_facet	Merli, Dominik
author_role	aut
author_sort	Merli, Dominik
author_variant	d m dm
building	Verbundindex
bvnumber	BV049793107
classification_rvk	ST 276
ctrlnum	(OCoLC)1450714100 (DE-599)KXP188809754X
discipline	Informatik
edition	First printing
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nam a2200000 c 4500</leader><controlfield tag="001">BV049793107</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20241202</controlfield><controlfield tag="007">t\|</controlfield><controlfield tag="008">240723s2024 xxu\|\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781718503489</subfield><subfield code="9">978-1-7185-0348-9</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1450714100</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)KXP188809754X</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">XD-US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-739</subfield><subfield code="a">DE-Aug4</subfield><subfield code="a">DE-573</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Merli, Dominik</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1053945566</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Engineering secure devices</subfield><subfield code="b">a practical guide for embedded system architects and developers</subfield><subfield code="c">by Dominik Merli</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">First printing</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">San Francisco</subfield><subfield code="b">No Starch Press</subfield><subfield code="c">[2024]</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">© 2024</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">xxvi, 256 Seiten</subfield><subfield code="b">Diagramme</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Softwareentwicklung</subfield><subfield code="0">(DE-588)4116522-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Softwareentwicklung</subfield><subfield code="0">(DE-588)4116522-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Online-Ausgabe, PDF</subfield><subfield code="z">978-1-7185-0349-6</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=035133848&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-035133848</subfield></datafield></record></collection>
id	DE-604.BV049793107
illustrated	Not Illustrated
indexdate	2024-12-02T11:00:48Z
institution	BVB
isbn	9781718503489
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-035133848
oclc_num	1450714100
open_access_boolean
owner	DE-739 DE-Aug4 DE-573
owner_facet	DE-739 DE-Aug4 DE-573
physical	xxvi, 256 Seiten Diagramme
publishDate	2024
publishDateSearch	2024
publishDateSort	2024
publisher	No Starch Press
record_format	marc
spelling	Merli, Dominik Verfasser (DE-588)1053945566 aut Engineering secure devices a practical guide for embedded system architects and developers by Dominik Merli First printing San Francisco No Starch Press [2024] © 2024 xxvi, 256 Seiten Diagramme txt rdacontent n rdamedia nc rdacarrier Softwareentwicklung (DE-588)4116522-6 gnd rswk-swf Computersicherheit (DE-588)4274324-2 gnd rswk-swf Computersicherheit (DE-588)4274324-2 s Softwareentwicklung (DE-588)4116522-6 s DE-604 Erscheint auch als Online-Ausgabe, PDF 978-1-7185-0349-6 Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=035133848&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Merli, Dominik Engineering secure devices a practical guide for embedded system architects and developers Softwareentwicklung (DE-588)4116522-6 gnd Computersicherheit (DE-588)4274324-2 gnd
subject_GND	(DE-588)4116522-6 (DE-588)4274324-2
title	Engineering secure devices a practical guide for embedded system architects and developers
title_auth	Engineering secure devices a practical guide for embedded system architects and developers
title_exact_search	Engineering secure devices a practical guide for embedded system architects and developers
title_full	Engineering secure devices a practical guide for embedded system architects and developers by Dominik Merli
title_fullStr	Engineering secure devices a practical guide for embedded system architects and developers by Dominik Merli
title_full_unstemmed	Engineering secure devices a practical guide for embedded system architects and developers by Dominik Merli
title_short	Engineering secure devices
title_sort	engineering secure devices a practical guide for embedded system architects and developers
title_sub	a practical guide for embedded system architects and developers
topic	Softwareentwicklung (DE-588)4116522-6 gnd Computersicherheit (DE-588)4274324-2 gnd
topic_facet	Softwareentwicklung Computersicherheit
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=035133848&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT merlidominik engineeringsecuredevicesapracticalguideforembeddedsystemarchitectsanddevelopers

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge