Security: Sicherheit von Embedded-Systemen im Kontext der funktionalen Sicherheit

Security: Sicherheit von Embedded-Systemen im Kontext der funktionalen Sicherheit

Inhalt

Threats and Attack Scenarios

• Security Incidents
• Concerns
• Applications
• Authentication
• Communication Protocols
• Terms and Definitions
• Vulnerabilities
• Impacts
• A Case Study
• Defense In Depth
• Classes of Attackers
• Security - an Ongoing Process
• Security by Design
• The Security Mindset
• The Management Challenge
• Security Development Lifecycle (SDL)
• Threat Models

Risks and Efforts

• Procedure
• Classic Approach to Risk Management
• The Assurance Matrix
• Risk Matrix Concept
• TARA
• Determining a Generic Method for Risk Assessment
• New Approach to Risk Management
• A Glimpse into IT Security Risk Assessment
• Security Goals
• Selected TARA Methods and Vulnerability Analysis
• EVITA
• TVRA

Generic Application of Countermeasures

• Security Principles
• List of Examplary Countermeasures
• Countermeasures as Requirements
• Industry and Government Security Initiatives
• Cryptography
• Defense in Depth
• Security Zones
• Security Conduits
• EVITA
• HIS - SHE
• ARM Security
• Security Development Lifecycle (SDL)
• Software Security Matters
• Trusted Platform Module
• Security Testing Methods

Selected Vulnerabilities and Countermeasures

• Stack Based Buffer Overflow
• Code Reuse
• Countermeasures
• Boundary Error Vulnerabilities
• Memory Management and Security
• Debugging and Security

Norms and Standards

• Partial ISO/IEC List
• Other Standards and Work
• IEC 62443
• Certification
• SAE J3061™

Security in a Safety Context

• Safety and Security Differences
• Subsets of Product Assurance
• Relations between Safety and Security
• Leveraging Commonalities
• Security in Safety Norms
• Rules for Industrial Control Systems (ICS)
• Inheritance of Safety Principles
• Comparisons
• Communication Paths

HINWEIS: Die Kursunterlagen sind auf Englisch