| Foreword | p. xi |
| Preface | p. xiii |
| Acknowledgements | p. xix |
| Introduction to Embedded Systems Security | p. 1 |
| What is Security? | p. 1 |
| What is an Embedded System? | p. 2 |
| Embedded Security Trends | p. 4 |
| Embedded Systems Complexity | p. 4 |
| Network Connectivity | p. 12 |
| Reliance on Embedded Systems for Critical Infrastructure | p. 14 |
| Sophisticated Attackers | p. 15 |
| Processor Consolidation | p. 16 |
| Security Policies | p. 18 |
| Perfect Security | p. 18 |
| Confidentiality, Integrity, and Availability | p. 18 |
| Isolation | p. 19 |
| Information Flow Control | p. 20 |
| Physical Security Policies | p. 21 |
| Apphcation-Specific Policies | p. 21 |
| Security Threats | p. 22 |
| Case Study: VxWorks Debug Port Vulnerability | p. 22 |
| Wrap-up | p. 23 |
| Key Points | p. 23 |
| Bibliography and Notes | p. 24 |
| Systems Software Considerations | p. 25 |
| The Role of the Operating System | p. 26 |
| Multiple Independent Levels of Security | p. 27 |
| Information Flow | p. 27 |
| Data Isolation | p. 27 |
| Damage Limitation | p. 28 |
| Periods Processing | p. 28 |
| Always Invoked | p. 29 |
| Tamper Proof | p. 29 |
| Evaluable | p. 29 |
| Microkernel versus Monolith | p. 31 |
| Case Study: The Duqu Virus | p. 34 |
| Core Embedded Operating System Security Requirements | p. 34 |
| Memory Protection | p. 34 |
| Virtual Memory | p. 35 |
| Fault Recovery | p. 37 |
| Guaranteed Resources | p. 38 |
| Virtual Device Drivers | p. 41 |
| Impact of Determinism | p. 42 |
| Secure Scheduling | p. 45 |
| Access Control and Capabilities | p. 46 |
| Case Study: Secure Web Browser | p. 47 |
| Granularity versus Simplicity of Access Controls | p. 49 |
| Whitelists versus Blacklists | p. 51 |
| Confused Deputy Problem | p. 53 |
| Capabilities versus Access Control Lists | p. 53 |
| Capability Confinement and Revocation | p. 58 |
| Secure Design Using Capabilities | p. 60 |
| Hypervisors and System Virtualization | p. 61 |
| Introduction to System Virtualization | p. 64 |
| Applications of System Virtualization | p. 65 |
| Environment Sandboxing | p. 65 |
| Virtual Security Appliances | p. 65 |
| Hypervisor Architectures | p. 66 |
| Paravirtualization | p. 69 |
| Leveraging Hardware Assists for Virtualization | p. 70 |
| Hypervisor Security | p. 73 |
| I/O Virtualization | p. 74 |
| The Need for Shared I/O | p. 75 |
| Emulation | p. 75 |
| Pass-through | p. 76 |
| Shared IOMMU | p. 78 |
| IOMMUs and Virtual Device Drivers | p. 78 |
| Secure I/O Virtualization within Microkernels | p. 79 |
| Remote Management | p. 80 |
| Security Implications | p. 81 |
| Assuring Integrity of the TCB | p. 83 |
| Trusted Hardware and Supply Chain | p. 83 |
| Secure Boot | p. 84 |
| Static versus Dynamic Root of Trust | p. 84 |
| Remote Attestation | p. 87 |
| Key Points | p. 88 |
| Bibliography and Notes | p. 90 |
| Secure Embedded Software Development | p. 93 |
| Introduction to PHASE-Principles of High-Assurance Software Engineering | p. 94 |
| Minimal Implementation | p. 95 |
| Component Architecture | p. 96 |
| Runtime Componentization | p. 98 |
| A Note on Processes versus Threads | p. 99 |
| Least Privilege | p. 100 |
| Secure Development Process | p. 100 |
| Change Management | p. 101 |
| Peer Reviews | p. 101 |
| Development Tool Security | p. 104 |
| Secure Coding | p. 107 |
| Software Testing and Verification | p. 146 |
| Development Process Efficiency | p. 154 |
| Independent Expert Validation | p. 156 |
| Common Criteria | p. 157 |
| Case Study: Operating System Protection Profiles | p. 160 |
| Case Study: HAWS-High-Assurance Web Server | p. 165 |
| Minimal Implementation | p. 166 |
| Component Architecture | p. 168 |
| Least Privilege | p. 168 |
| Secure Development Process | p. 169 |
| Independent Expert Validation | p. 169 |
| Model-Driven Design | p. 169 |
| Introduction to MDD | p. 170 |
| Executable Models | p. 174 |
| Modeling Languages | p. 177 |
| Types of MDD Platforms | p. 182 |
| Case Study: A Digital Pathology Scanner | p. 183 |
| Selecting an MDD Platform | p. 191 |
| Using MDD in Safety-and Security-Critical Systems | p. 201 |
| Key Points | p. 202 |
| Bibliography and Notes | p. 206 |
| Embedded Cryptography | p. 209 |
| Introduction | p. 210 |
| U.S. Government Cryptographic Guidance | p. 211 |
| NSA Suite B | p. 212 |
| The One-Time Pad | p. 213 |
| Cryptographic Synchronization | p. 222 |
| Cryptographic Modes | p. 224 |
| Output Feedback | p. 224 |
| Cipher Feedback | p. 225 |
| OFB with CFB Protection | p. 226 |
| Traffic Flow Security | p. 227 |
| Counter Mode | p. 227 |
| Block Ciphers | p. 228 |
| Additional Cryptographic Block Cipher Modes | p. 231 |
| Authenticated Encryption | p. 232 |
| CCM | p. 233 |
| Galois Counter Mode | p. 233 |
| Public Key Cryptography | p. 233 |
| RSA | p. 236 |
| Equivalent Key Strength | p. 236 |
| Trapdoor Construction | p. 238 |
| Key Agreement | p. 239 |
| Man-in-the-Middle Attack on Diffie-Hellman | p. 241 |
| Public Key Authentication | p. 241 |
| Certificate Types | p. 242 |
| Elliptic Curve Cryptography | p. 244 |
| Elliptic Curve Digital Signatures | p. 245 |
| Elliptic Curve Anonymous Key Agreement | p. 245 |
| Cryptographic Hashes | p. 245 |
| Secure Hash Algorithm | p. 246 |
| MMO | p. 247 |
| Message Authentication Codes | p. 248 |
| Random Number Generation | p. 248 |
| True Random Number Generation | p. 249 |
| Pseudo-Random Number Generation | p. 254 |
| Key Management for Embedded Systems | p. 256 |
| Case Study: The Walker Spy Case | p. 257 |
| Key Management-Generalized Model | p. 258 |
| Key Management Case Studies | p. 264 |
| Cryptographic Certifications | p. 277 |
| FIPS 140-2 Certification | p. 277 |
| NSA Certification | p. 280 |
| Key Points | p. 285 |
| Bibliography and Notes | p. 287 |
| Data Protection Protocols for Embedded Systems | p. 289 |
| Introduction | p. 290 |
| Data-in-Motion Protocols | p. 291 |
| Generalized Model | p. 291 |
| Choosing the Network Layer for Security | p. 296 |
| Ethernet Security Protocols | p. 301 |
| BPsec versus SSL | p. 303 |
| IPsec | p. 310 |
| SSL/TLS | p. 313 |
| Embedded VPN Clients | p. 315 |
| DTLS | p. 315 |
| SSH | p. 316 |
| Custom Network Security Protocols | p. 319 |
| Application of Cryptography within Network Security Protocols | p. 319 |
| Secure Multimedia Protocols | p. 320 |
| Broadcast Security | p. 324 |
| Data-at-Rest Protocols | p. 330 |
| Choosing the Storage Layer for Security | p. 332 |
| Symmetric Encryption Algorithm Selection | p. 334 |
| Managing the Storage Encryption Key | p. 348 |
| Advanced Threats to Data Encryption Solutions | p. 340 |
| Key Points | p. 342 |
| Bibliography and Notes | p. 345 |
| Emerging Applications | p. 349 |
| Embedded Network Transactions | p. 350 |
| Anatomy of a Network Transaction | p. 351 |
| State of Insecurity | p. 351 |
| Network-based Transaction Threats | p. 352 |
| Modern Attempts to Improve Network Transaction Security | p. 355 |
| Trustworthy Embedded Transaction Architecture | p. 362 |
| Automotive Security | p. 366 |
| Vehicular Security Threats and Mitigations | p. 366 |
| Secure Android | p. 369 |
| Android Security Retrospective | p. 371 |
| Android Device Rooting | p. 371 |
| Mobile Phone Data Protection: A Case Study of Defense-in-Depth | p. 372 |
| Android Sandboxing Approaches | p. 373 |
| Next-Generation Software-Defined Radio | p. 380 |
| Red-Black Separation | p. 380 |
| Software-Defined Radio Architecture | p. 381 |
| Enter Linux | p. 382 |
| Multi-Domain Radio | p. 383 |
| Key Points | p. 385 |
| Bibliography and Notes | p. 386 |
| Index | p. 389 |
| Table of Contents provided by Ingram. All Rights Reserved. |
