Embedded Systems Security, 18-20 September (20170918)

Embedded Systems


Location: Delft.

Riscure offers a three day, hands-on course, covering the most relevant real world attacks for embedded systems. The main goal is to broaden your horizon and offer a procedure for answering the question: “is my embedded device secure?”. If the answer is a positive one, this course helps you build the argument for why this is the case. If on the other hand, the answer is a negative one or you are in doubt, this training gives you a plan on how to start implementing security.

During three days packed with information where you learn concepts applicable to a wide range of Commercial off the shelf (COTS) products such as gaming consoles, IP cameras, routers, diverse IoT devices, but also automotive ECU (Electronic Control Units).

To lay the foundations for understanding embedded systems security, we use a three-step approach. First, you get a solid, technical grasp of the typical components present on an embedded system and the functioning of an embedded system. Next, we look at an embedded system from the perspective of an attacker who aims to compromise the assets. You learn how to identify relevant assets, determine the most likely attack paths and refine this attack path, by discovering tooling available to an attacker. Finally, we discuss defense principles, the most sophisticated and complex view of an embedded system. Creating a defense strategy requires not only to understand how a system works or how an attacker would compromise an asset but also to have the ability to prioritize defenses according to risk, time, cost, attack surfaces, etc.

During the course, by means of hands-on exercises, you will:
• Learn to identify relevant assets on your embedded systems (define assets and attack paths for different attacker profiles)
• Build best practices for securing embedded systems (how to defend them)
• Have the ability to prioritize your defense according to risk, time, cost, surface, etc. in a way that goes beyond checklists

Next to the three days of embedded system security training, we offer the possibility to practice your new knowledge and skills on a second, different embedded system. After the workshop you can take home this second target and continue learning.

What are our trainees saying?

The training is very good for creating awareness of security issues for embedded system developers, especially those who have no or little experience with this topic. Creating attack trees and actually performing the attacks also is a lot of fun. (Automotive industry)

An excellent introduction into the complex and pitfall-ridden world of securing embedded systems.(Automotive industry)

This course is an introduction to ES and the Riscure approach to security analysis. It is a showcase of why good security implementations are difficult. If you are new to electronics or security you will learn a lot.(Defense industry)

A professional course, valuable content.(Content-protection industry)

A great course for beginners in a relaxing friendly environment in the beautiful city of Delft(Anonymous)

Want to know more? Download the flyer here. Or send us an email for more information.

Date: 2017/09/18 Days: 3 Location: Delft

  • Calendar ESS training 27 March
Completion rules
  • All units must be completed
  • Leads to a certification with a duration: 3 years