Foreword |
Preface |
Acknowledgements |
Introduction to Embedded Systems Security / Chapter 1: |
What is Security? / 1.1: |
What is an Embedded System? / 1.2: |
Embedded Security Trends / 1.3: |
Embedded Systems Complexity / 1.3.1: |
Network Connectivity / 1.3.2: |
Reliance on Embedded Systems for Critical Infrastructure / 1.3.3: |
Sophisticated Attackers / 1.3.4: |
Processor Consolidation / 1.3.5: |
Security Policies / 1.4: |
Perfect Security / 1.4.1: |
Confidentiality, Integrity, and Availability / 1.4.2: |
Isolation / 1.4.3: |
Information Flow Control / 1.4.4: |
Physical Security Policies / 1.4.5: |
Apphcation-Specific Policies / 1.4.6: |
Security Threats / 1.5: |
Case Study: VxWorks Debug Port Vulnerability / 1.5.1: |
Wrap-up / 1.6: |
Key Points / 1.7: |
Bibliography and Notes / 1.8: |
Systems Software Considerations / Chapter 2: |
The Role of the Operating System / 2.1: |
Multiple Independent Levels of Security / 2.2: |
Information Flow / 2.2.1: |
Data Isolation / 2.2.2: |
Damage Limitation / 2.2.3: |
Periods Processing / 2.2.4: |
Always Invoked / 2.2.5: |
Tamper Proof / 2.2.6: |
Evaluable / 2.2.7: |
Microkernel versus Monolith / 2.3: |
Case Study: The Duqu Virus / 2.3.1: |
Core Embedded Operating System Security Requirements / 2.4: |
Memory Protection / 2.4.1: |
Virtual Memory / 2.4.2: |
Fault Recovery / 2.4.3: |
Guaranteed Resources / 2.4.4: |
Virtual Device Drivers / 2.4.5: |
Impact of Determinism / 2.4.6: |
Secure Scheduling / 2.4.7: |
Access Control and Capabilities / 2.5: |
Case Study: Secure Web Browser / 2.5.1: |
Granularity versus Simplicity of Access Controls / 2.5.2: |
Whitelists versus Blacklists / 2.5.3: |
Confused Deputy Problem / 2.5.4: |
Capabilities versus Access Control Lists / 2.5.5: |
Capability Confinement and Revocation / 2.5.6: |
Secure Design Using Capabilities / 2.5.7: |
Hypervisors and System Virtualization / 2.6: |
Introduction to System Virtualization / 2.6.1: |
Applications of System Virtualization / 2.6.2: |
Environment Sandboxing / 2.6.3: |
Virtual Security Appliances / 2.6.4: |
Hypervisor Architectures / 2.6.5: |
Paravirtualization / 2.6.6: |
Leveraging Hardware Assists for Virtualization / 2.6.7: |
Hypervisor Security / 2.6.8: |
I/O Virtualization / 2.7: |
The Need for Shared I/O / 2.7.1: |
Emulation / 2.7.2: |
Pass-through / 2.7.3: |
Shared IOMMU / 2.7.4: |
IOMMUs and Virtual Device Drivers / 2.7.5: |
Secure I/O Virtualization within Microkernels / 2.7.6: |
Remote Management / 2.8: |
Security Implications / 2.8.1: |
Assuring Integrity of the TCB / 2.9: |
Trusted Hardware and Supply Chain / 2.9.1: |
Secure Boot / 2.9.2: |
Static versus Dynamic Root of Trust / 2.9.3: |
Remote Attestation / 2.9.4: |
Secure Embedded Software Development / 2.10: |
Introduction to PHASE-Principles of High-Assurance Software Engineering / 3.1: |
Minimal Implementation / 3.2: |
Component Architecture / 3.3: |
Runtime Componentization / 3.3.1: |
A Note on Processes versus Threads / 3.3.2: |
Least Privilege / 3.4: |
Secure Development Process / 3.5: |
Change Management / 3.5.1: |
Peer Reviews / 3.5.2: |
Development Tool Security / 3.5.3: |
Secure Coding / 3.5.4: |
Software Testing and Verification / 3.5.5: |
Development Process Efficiency / 3.5.6: |
Independent Expert Validation / 3.6: |
Common Criteria / 3.6.1: |
Case Study: Operating System Protection Profiles / 3.6.2: |
Case Study: HAWS-High-Assurance Web Server / 3.7: |
Model-Driven Design / 3.7.1: |
Introduction to MDD / 3.8.1: |
Executable Models / 3.8.2: |
Modeling Languages / 3.8.3: |
Types of MDD Platforms / 3.8.4: |
Case Study: A Digital Pathology Scanner / 3.8.5: |
Selecting an MDD Platform / 3.8.6: |
Using MDD in Safety-and Security-Critical Systems / 3.8.7: |
Embedded Cryptography / 3.9: |
Introduction / 4.1: |
U.S. Government Cryptographic Guidance / 4.2: |
NSA Suite B / 4.2.1: |
The One-Time Pad / 4.3: |
Cryptographic Synchronization / 4.3.1: |
Cryptographic Modes / 4.4: |
Output Feedback / 4.4.1: |
Cipher Feedback / 4.4.2: |
OFB with CFB Protection / 4.4.3: |
Traffic Flow Security / 4.4.4: |
Counter Mode / 4.4.5: |
Block Ciphers / 4.5: |
Additional Cryptographic Block Cipher Modes / 4.5.1: |
Authenticated Encryption / 4.6: |
CCM / 4.6.1: |
Galois Counter Mode / 4.6.2: |
Public Key Cryptography / 4.7: |
RSA / 4.7.1: |
Equivalent Key Strength / 4.7.2: |
Trapdoor Construction / 4.7.3: |
Key Agreement / 4.8: |
Man-in-the-Middle Attack on Diffie-Hellman / 4.8.1: |
Public Key Authentication / 4.9: |
Certificate Types / 4.9.1: |
Elliptic Curve Cryptography / 4.10: |
Elliptic Curve Digital Signatures / 4.10.1: |
Elliptic Curve Anonymous Key Agreement / 4.10.2: |
Cryptographic Hashes / 4.11: |
Secure Hash Algorithm / 4.11.1: |
MMO / 4.11.2: |
Message Authentication Codes / 4.12: |
Random Number Generation / 4.13: |
True Random Number Generation / 4.13.1: |
Pseudo-Random Number Generation / 4.13.2: |
Key Management for Embedded Systems / 4.14: |
Case Study: The Walker Spy Case / 4.14.1: |
Key Management-Generalized Model / 4.14.2: |
Key Management Case Studies / 4.14.3: |
Cryptographic Certifications / 4.15: |
FIPS 140-2 Certification / 4.15.1: |
NSA Certification / 4.15.2: |
Data Protection Protocols for Embedded Systems / 4.16: |
Data-in-Motion Protocols / 5.1: |
Generalized Model / 5.2.1: |
Choosing the Network Layer for Security / 5.2.2: |
Ethernet Security Protocols / 5.2.3: |
BPsec versus SSL / 5.2.4: |
IPsec / 5.2.5: |
SSL/TLS / 5.2.6: |
Embedded VPN Clients / 5.2.7: |
DTLS / 5.2.8: |
SSH / 5.2.9: |
Custom Network Security Protocols / 5.2.10: |
Application of Cryptography within Network Security Protocols / 5 2.11: |
Secure Multimedia Protocols / 5.2.12: |
Broadcast Security / 5.2.13: |
Data-at-Rest Protocols / 5.3: |
Choosing the Storage Layer for Security / 5.3.1: |
Symmetric Encryption Algorithm Selection / 5.3.2: |
Managing the Storage Encryption Key / 5 3 3: |
Advanced Threats to Data Encryption Solutions / 5.3.4: |
Emerging Applications / 5.4: |
Embedded Network Transactions / 6.1: |
Anatomy of a Network Transaction / 6.1.1: |
State of Insecurity / 6.1.2: |
Network-based Transaction Threats / 6 1 3: |
Modern Attempts to Improve Network Transaction Security / 6.1.4: |
Trustworthy Embedded Transaction Architecture / 6.1.5: |
Automotive Security / 6.2: |
Vehicular Security Threats and Mitigations / 6.2.1: |
Secure Android / 6.3: |
Android Security Retrospective / 6.3.1: |
Android Device Rooting / 6.3.2: |
Mobile Phone Data Protection: A Case Study of Defense-in-Depth / 6.3.3: |
Android Sandboxing Approaches / 6.3.4: |
Next-Generation Software-Defined Radio / 6.4: |
Red-Black Separation / 6.4.1: |
Software-Defined Radio Architecture / 6.4.2: |
Enter Linux / 6.4.3: |
Multi-Domain Radio / 6.4.4: |
Index / 6.5: |