Thursday
Room 2
09:00 - 10:00
(UTC+02)
Talk (60 min)
Getting Started with Embedded Linux Security
In this presentation we review some of the main aspects of an embedded Linux system in terms of how that system can be made more secure.
We'll examine features of the toolchain and additional tools which can be used to create more secure applications and we'll look at system level features of Linux which will make your running system more robust. We'll also look at some of the kernel features which can be used to harden the system and review aspects of the boot process which can be used to secure the booting of the system.
Agenda:
- Introduction:
- Security and trust
- Attack models and secure development
- Secure compilation and extra tools:
- Code Vulnerabilities
- GCC options
- checksec
- ASAN
- Securing the Linux system:
- Permissions, attributes
- MAC
- Containers
- Filesystem integrity & encryption
- Syscall filtering
- Securing the Kernel:
- Kernel configs
- Module signing
- Hardening the boot process:
- Secure boot
- Hardening U-Boot
Simon Goda
Simon Goda is a senior member of technical staff at Doulos, the world-renowned training provider for hardware and software design. He has been working with Linux & Android in embedded systems for over 15 years, starting at STMicroelectronics (R&D) Ltd, supporting and training customers using Linux, Android and RTOS on set-top box and home entertainment products. At Doulos he writes and delivers training in the embedded Linux & Android space, including device drivers, Yocto, Android Automotive and Linux security.