Introduction to Embedded Linux Security

Explore embedded Linux security fundamentals in this comprehensive conference talk from Embedded Linux Conference North America 2020. Delve into essential security concepts, threat modeling techniques like STRIDE and DREAD, and practical threat model examples. Learn about secure boot concepts, their implementation on i.MX6 processors, and the intricacies of code and data encryption. Discover various methods for private key storage, including secure elements and external devices. Gain insights into secure coding practices, static code analysis, runtime protections, and fuzzing tools. Examine Linux security features such as permissions, access control, capabilities, and security modules. Investigate application sandboxing, Linux containers, and their security implications. Understand Trusted Execution Environment (TEE) implementations, update system security challenges, and strategies. Explore network security principles and the concept of defense in depth. Conclude with general security rules and best practices for designing secure embedded Linux systems.

Embedded Linux Conference North America 2020
INTRODUCTION TO SECURITY
SECURITY CONCEPTS III
THREAT MODELING
STRIDE
DREAD
THREAT MODEL EXAMPLE
SECURE BOOT CONCEPTS
HOW DOES IT WORK?
SECURE BOOT ON i.MX6
CODE AND DATA ENCRYPTION
SECURE BOOT WITH ENCRYPTION
WHERE IS THE KEY?
PRIVATE KEY STORAGE
KEY STORAGE ON .MX PROCESSORS
KEY STORAGE ON EXTERNAL DEVICES
SECURE ELEMENT
SECURE CODING
STATIC CODE ANALYSIS
RUNTIME PROTECTIONS
FUZZING TOOLS
PERMISSIONS
ACCESS CONTROL
LINUX CAPABILITIES
DAC vs MAC
LINUX SECURITY MODULES
APPLICATION SANDBOXING
LINUX CONTAINERS
CONTAINERS AND SECURITY
TEE IMPLEMENTATION
UPDATE SYSTEM AND SECURITY
UPDATE CHALLENGES
UPDATE STRATEGIES
NETWORK SECURITY
DEFENSE IN DEPTH!
SECURITY GENERAL RULES
DESIGN FOR SECURITY