Reducing Exploitation Risk via Application-Specific Hardening in IoT Systems

Explore system application security and reduce exploitation risks through application-specific hardening techniques in this 43-minute conference talk. Delve into the challenges of securing IoT systems and learn preventive measures to enhance security. Discover how to apply exploit mitigations and measures to improve system security, even when dealing with potentially vulnerable applications. Examine the use of discretionary and mandatory access control, as well as systemd configurations, to evaluate and tailor services like connman and blueZ in an APERTIS-based IoT image. Gain insights into service isolation and enhanced exploit mitigation using Linux kernel features. Cover topics such as secure system architecture, security-by-design components, Linux security features, and hands-on application hardening techniques for Connman and Bluetooth tethering.

Intro
SYSTEM SECURITY ASPECTS
Secure System Architecture
Security-by-Design SW Components
Secure Software? Not in general!
APPLICATION HARDENING: LINUX SECURITY FEATURES
Application Hardening Linux Security Features
APPLICATION HARDENING: HANDS-ON
Hands-On: Security Features
Application Hardening Hands-On: Connman
Hands-On: Bluetooth tethering - Connman & BlueZ
APPLICATION HARDENING: CONCLUSION
Application Hardening Conclusion