| Foreword |
| Preface |
| Acknowledgements |
| Introduction to Embedded Systems Security / Chapter 1: |
| What is Security? / 1.1: |
| What is an Embedded System? / 1.2: |
| Embedded Security Trends / 1.3: |
| Embedded Systems Complexity / 1.3.1: |
| Network Connectivity / 1.3.2: |
| Reliance on Embedded Systems for Critical Infrastructure / 1.3.3: |
| Sophisticated Attackers / 1.3.4: |
| Processor Consolidation / 1.3.5: |
| Security Policies / 1.4: |
| Perfect Security / 1.4.1: |
| Confidentiality, Integrity, and Availability / 1.4.2: |
| Isolation / 1.4.3: |
| Information Flow Control / 1.4.4: |
| Physical Security Policies / 1.4.5: |
| Apphcation-Specific Policies / 1.4.6: |
| Security Threats / 1.5: |
| Case Study: VxWorks Debug Port Vulnerability / 1.5.1: |
| Wrap-up / 1.6: |
| Key Points / 1.7: |
| Bibliography and Notes / 1.8: |
| Systems Software Considerations / Chapter 2: |
| The Role of the Operating System / 2.1: |
| Multiple Independent Levels of Security / 2.2: |
| Information Flow / 2.2.1: |
| Data Isolation / 2.2.2: |
| Damage Limitation / 2.2.3: |
| Periods Processing / 2.2.4: |
| Always Invoked / 2.2.5: |
| Tamper Proof / 2.2.6: |
| Evaluable / 2.2.7: |
| Microkernel versus Monolith / 2.3: |
| Case Study: The Duqu Virus / 2.3.1: |
| Core Embedded Operating System Security Requirements / 2.4: |
| Memory Protection / 2.4.1: |
| Virtual Memory / 2.4.2: |
| Fault Recovery / 2.4.3: |
| Guaranteed Resources / 2.4.4: |
| Virtual Device Drivers / 2.4.5: |
| Impact of Determinism / 2.4.6: |
| Secure Scheduling / 2.4.7: |
| Access Control and Capabilities / 2.5: |
| Case Study: Secure Web Browser / 2.5.1: |
| Granularity versus Simplicity of Access Controls / 2.5.2: |
| Whitelists versus Blacklists / 2.5.3: |
| Confused Deputy Problem / 2.5.4: |
| Capabilities versus Access Control Lists / 2.5.5: |
| Capability Confinement and Revocation / 2.5.6: |
| Secure Design Using Capabilities / 2.5.7: |
| Hypervisors and System Virtualization / 2.6: |
| Introduction to System Virtualization / 2.6.1: |
| Applications of System Virtualization / 2.6.2: |
| Environment Sandboxing / 2.6.3: |
| Virtual Security Appliances / 2.6.4: |
| Hypervisor Architectures / 2.6.5: |
| Paravirtualization / 2.6.6: |
| Leveraging Hardware Assists for Virtualization / 2.6.7: |
| Hypervisor Security / 2.6.8: |
| I/O Virtualization / 2.7: |
| The Need for Shared I/O / 2.7.1: |
| Emulation / 2.7.2: |
| Pass-through / 2.7.3: |
| Shared IOMMU / 2.7.4: |
| IOMMUs and Virtual Device Drivers / 2.7.5: |
| Secure I/O Virtualization within Microkernels / 2.7.6: |
| Remote Management / 2.8: |
| Security Implications / 2.8.1: |
| Assuring Integrity of the TCB / 2.9: |
| Trusted Hardware and Supply Chain / 2.9.1: |
| Secure Boot / 2.9.2: |
| Static versus Dynamic Root of Trust / 2.9.3: |
| Remote Attestation / 2.9.4: |
| Secure Embedded Software Development / 2.10: |
| Introduction to PHASE-Principles of High-Assurance Software Engineering / 3.1: |
| Minimal Implementation / 3.2: |
| Component Architecture / 3.3: |
| Runtime Componentization / 3.3.1: |
| A Note on Processes versus Threads / 3.3.2: |
| Least Privilege / 3.4: |
| Secure Development Process / 3.5: |
| Change Management / 3.5.1: |
| Peer Reviews / 3.5.2: |
| Development Tool Security / 3.5.3: |
| Secure Coding / 3.5.4: |
| Software Testing and Verification / 3.5.5: |
| Development Process Efficiency / 3.5.6: |
| Independent Expert Validation / 3.6: |
| Common Criteria / 3.6.1: |
| Case Study: Operating System Protection Profiles / 3.6.2: |
| Case Study: HAWS-High-Assurance Web Server / 3.7: |
| Model-Driven Design / 3.7.1: |
| Introduction to MDD / 3.8.1: |
| Executable Models / 3.8.2: |
| Modeling Languages / 3.8.3: |
| Types of MDD Platforms / 3.8.4: |
| Case Study: A Digital Pathology Scanner / 3.8.5: |
| Selecting an MDD Platform / 3.8.6: |
| Using MDD in Safety-and Security-Critical Systems / 3.8.7: |
| Embedded Cryptography / 3.9: |
| Introduction / 4.1: |
| U.S. Government Cryptographic Guidance / 4.2: |
| NSA Suite B / 4.2.1: |
| The One-Time Pad / 4.3: |
| Cryptographic Synchronization / 4.3.1: |
| Cryptographic Modes / 4.4: |
| Output Feedback / 4.4.1: |
| Cipher Feedback / 4.4.2: |
| OFB with CFB Protection / 4.4.3: |
| Traffic Flow Security / 4.4.4: |
| Counter Mode / 4.4.5: |
| Block Ciphers / 4.5: |
| Additional Cryptographic Block Cipher Modes / 4.5.1: |
| Authenticated Encryption / 4.6: |
| CCM / 4.6.1: |
| Galois Counter Mode / 4.6.2: |
| Public Key Cryptography / 4.7: |
| RSA / 4.7.1: |
| Equivalent Key Strength / 4.7.2: |
| Trapdoor Construction / 4.7.3: |
| Key Agreement / 4.8: |
| Man-in-the-Middle Attack on Diffie-Hellman / 4.8.1: |
| Public Key Authentication / 4.9: |
| Certificate Types / 4.9.1: |
| Elliptic Curve Cryptography / 4.10: |
| Elliptic Curve Digital Signatures / 4.10.1: |
| Elliptic Curve Anonymous Key Agreement / 4.10.2: |
| Cryptographic Hashes / 4.11: |
| Secure Hash Algorithm / 4.11.1: |
| MMO / 4.11.2: |
| Message Authentication Codes / 4.12: |
| Random Number Generation / 4.13: |
| True Random Number Generation / 4.13.1: |
| Pseudo-Random Number Generation / 4.13.2: |
| Key Management for Embedded Systems / 4.14: |
| Case Study: The Walker Spy Case / 4.14.1: |
| Key Management-Generalized Model / 4.14.2: |
| Key Management Case Studies / 4.14.3: |
| Cryptographic Certifications / 4.15: |
| FIPS 140-2 Certification / 4.15.1: |
| NSA Certification / 4.15.2: |
| Data Protection Protocols for Embedded Systems / 4.16: |
| Data-in-Motion Protocols / 5.1: |
| Generalized Model / 5.2.1: |
| Choosing the Network Layer for Security / 5.2.2: |
| Ethernet Security Protocols / 5.2.3: |
| BPsec versus SSL / 5.2.4: |
| IPsec / 5.2.5: |
| SSL/TLS / 5.2.6: |
| Embedded VPN Clients / 5.2.7: |
| DTLS / 5.2.8: |
| SSH / 5.2.9: |
| Custom Network Security Protocols / 5.2.10: |
| Application of Cryptography within Network Security Protocols / 5 2.11: |
| Secure Multimedia Protocols / 5.2.12: |
| Broadcast Security / 5.2.13: |
| Data-at-Rest Protocols / 5.3: |
| Choosing the Storage Layer for Security / 5.3.1: |
| Symmetric Encryption Algorithm Selection / 5.3.2: |
| Managing the Storage Encryption Key / 5 3 3: |
| Advanced Threats to Data Encryption Solutions / 5.3.4: |
| Emerging Applications / 5.4: |
| Embedded Network Transactions / 6.1: |
| Anatomy of a Network Transaction / 6.1.1: |
| State of Insecurity / 6.1.2: |
| Network-based Transaction Threats / 6 1 3: |
| Modern Attempts to Improve Network Transaction Security / 6.1.4: |
| Trustworthy Embedded Transaction Architecture / 6.1.5: |
| Automotive Security / 6.2: |
| Vehicular Security Threats and Mitigations / 6.2.1: |
| Secure Android / 6.3: |
| Android Security Retrospective / 6.3.1: |
| Android Device Rooting / 6.3.2: |
| Mobile Phone Data Protection: A Case Study of Defense-in-Depth / 6.3.3: |
| Android Sandboxing Approaches / 6.3.4: |
| Next-Generation Software-Defined Radio / 6.4: |
| Red-Black Separation / 6.4.1: |
| Software-Defined Radio Architecture / 6.4.2: |
| Enter Linux / 6.4.3: |
| Multi-Domain Radio / 6.4.4: |
| Index / 6.5: |
EB
