Caricamento in corso...
Cybersecurity for Embedded Systems
01UDNOV
A.A. 2024/25
Course Language
Inglese
Degree programme(s)
Master of science-level of the Bologna process in Ingegneria Informatica (Computer Engineering) - Torino
Course structure
| Teaching | Hours |
|---|---|
| Lezioni | 30 |
| Esercitazioni in aula | 10 |
| Esercitazioni in laboratorio | 20 |
Lecturers
| Teacher | Status | SSD | h.Les | h.Ex | h.Lab | h.Tut | Years teaching |
|---|---|---|---|---|---|---|---|
| Savino Alessandro | Professore Associato | IINF-05/A | 30 | 0 | 0 | 0 | 2 |
Co-lectures
Context
| SSD | CFU | Activities | Area context | ING-INF/05 | 6 | B - Caratterizzanti | Ingegneria informatica |
|---|
2024/25
The course is taught in English and it aims at presenting the most significant aspects of security of Embedded Systems (ES), covering both hardware and software security issues related to embedded devices, including their most common weakness, vulnerabilities, attacks and possible mitigations and remediations.
The course mixes lectures and hands-on-experiences, with a particular emphasis on the open-source security-oriented platform SEcube™.
The course includes a final project, in which students, clustered in teams, are asked to face some hot topics in Embedded Systems security and to presents detailed reports on them.
The course is enriched by presentations of relevant case studies from industrial testimonials and researchers.
This course provides a comprehensive overview of security in embedded systems from both hardware and software perspectives. Students will gain a deep understanding of the unique challenges and solutions in securing embedded devices, which are increasingly prevalent in today's interconnected world.
The course mixes lectures and hands-on experiences and includes a final project in which students, clustered in teams, are asked to face some hot topics in Embedded Systems security and to present detailed reports on them.
Having successfully completed the course, the participant will:
• Get familiar with the basic concepts of security
• Get familiar with the most significant aspects of security of Embedded Systems in terms of:
o System Security
o Secure Programming
o Hardware and Hardware-based Security
• For each field, get familiar with its main
o Vulnerabilities
o Attacks
o Countermeasures
• Get significant hands-on experiences on:
o the open-source security-oriented platform SEcube™
o static code analysis tools.
By the end of the course, students will be able to:
- Understand and articulate the principles of embedded system security from both hardware and software perspectives.
- Implement and evaluate hardware-based cryptographic solutions.
- Develop secure software applications capable of operating on untrusted hardware.
- Utilize hardware-based security mechanisms to establish a secure environment for embedded systems.
- Identify and mitigate potential hardware attacks using appropriate countermeasures.
Attendees are assumed to be familiar with the basic concepts of:
• C and C++ programming languages
• Assembly programming languages
• Computer Architectures
• Digital System Design.
Attendees are assumed to be familiar with the basic concepts of:
- C programming languages
- Assembly programming languages
- Computer Architectures
- Basic Cryptography
- Digital System Design.
NOTE: For students with previous acquired experiences in Cybersecurity, alternative topics and teaching materials will be provided while overlapping aspects are encountered.
• Introduction to Cybersecurity and Cybersecurity for Embedded Systems: [3 h]
o Security – An Introduction
o Cybersecurity – Definition & relevance
o Security Pillars
o Vulnerabilities
o Attacks
• Basics of Cryptography: [4.5 h]
o Introduction to cryptography and classical ciphers
o Symmetric encryption and block ciphers
o Asymmetric encryption & Key Exchange
o Hash functions
o Key Management Systems
• Introduction to Software Security: [1.5 h]
o Malicious execution and malwares: definition
o Isolation and access control
• System Security: [7.5 h]
o Concept of OS Security
o Memory Management & Protection
o CPU privilege levels
o Trusted Execution Environment (TEE)
o Root of Trusts
• Secure Programming: [7.5 h]
o Common Weaknesses and Vulnerabilities (CWE, CVE)
Memory Vulnerabilities
Structured Output Generation Vulnerabilities
Race Condition Vulnerabilities
API Vulnerabilities
Information Leakage
o Common coding standards
MISRA
CERT
• Hardware Security: [6 h]
o Introduction & Taxonomy
o Side-Channel Attacks
o Fault Attacks
o Test-infrastructure-based Attacks
o Invasive Attacks
o Hardware Trojans
• Hardware-based security: [3 h]
o Introduction & Basic concepts
o Implementations
• Hardware Trust [3 h]
o Introduction & Basic Concepts
o Hardware Counterfeiting
o True Random Number Generators (TRNG)
o Physically Unclonable Functions (PUF)
• Cybersecurity Governance and Standards [3 h]
• Presentations of relevant case studies from industrial testimonials and researchers [6 h]
- Introduction to Embedded System Security: Explore the fundamental principles of securing embedded systems, focusing on the interplay between hardware and software security measures.
- Fundamentals of Hardware-Implemented Cryptography: Learn about implementing cryptographic algorithms directly in hardware, understanding the benefits and limitations of hardware-based cryptographic solutions.
- Secure Software on Untrusted Hardware: Examine techniques and methodologies to develop secure software that can operate on potentially compromised hardware, ensuring data integrity and confidentiality.
- Hardware-based Security Mechanisms: Delve into advanced hardware security features such as Root-of-Trust, segregation and trust environments, and Physical Unclonable Functions (PUFs). Understand how these mechanisms provide a foundation for secure system operations.
- Hardware Attacks and Countermeasures: Study various hardware attack vectors, including side-channel attacks, hardware trojans, oblivious RAM, and Row Hammer. Learn about the techniques to detect, prevent, and mitigate these threats.
• The course includes:
o Lectures [45 h]
o Hands-on sessions [15 h]
• Students are asked to cluster into groups of 2 or 3 people, each:
o The group composition is freely proposed by the students;
o Each student is rented a development kit for the SEcube™ platform;
• Concerning the final project, each group is requested to deliver:
o Technical documentation related to the specs and implementation details, including, where applicable, the produced codes and its static analysis results
o Oral presentation.
The course includes:
o Lectures [30 h]
o Practical sessions [30 h, split into hands-on and projects dedicated lectures]
• Copies of the teaching materials used for both the lectures and the Labs;
• User and programming manuals of the open-source security-oriented platform SEcube™;
• Copies of the teaching materials used for both the lectures and the Labs;
Dispense; Video lezioni dell’anno corrente; Video lezioni tratte da anni precedenti; Strumenti di simulazione;
Lecture notes; Video lectures (current year); Video lectures (previous years); Simulation tools;
Modalità di esame: Elaborato scritto prodotto in gruppo; Prova scritta in aula tramite PC con l'utilizzo della piattaforma di ateneo;
Exam: Group essay; Computer-based written test in class using POLITO platform;
...
The course exam will consist in:
• final assessment of the delivered item/product provide by each group (70% of the overall evaluation)
• oral exam with questions on the topics covered in the course (30% of the overall evaluation).
Gli studenti e le studentesse con disabilità o con Disturbi Specifici di Apprendimento (DSA), oltre alla segnalazione tramite procedura informatizzata, sono invitati a comunicare anche direttamente al/la docente titolare dell'insegnamento, con un preavviso non inferiore ad una settimana dall'avvio della sessione d'esame, gli strumenti compensativi concordati con l'Unità Special Needs, al fine di permettere al/la docente la declinazione più idonea in riferimento alla specifica tipologia di esame.
Exam: Group essay; Computer-based written test in class using POLITO platform;
The course exam will consist of the following:
- Final assessment of the delivered item/product provided by each group* (max 19 points)
- Written exam (using exam) with open and closed questions on the topics covered in the course to be completed in 1.5h (max 13 points)
The 30L corresponds to 31 to 32 points.
The written exam assesses students' understanding and application of the critical concepts covered throughout the course. The exam will be comprehensive, covering both theoretical knowledge and practical applications. It will consist of multiple sections, each targeting specific learning outcomes. Questions assess students' understanding of fundamental concepts and test students' ability to recall and explain particular concepts such as hardware-implemented cryptography, Root-of-Trust, and types of hardware attacks.
* Students are asked to cluster into groups of 2 or 3 people, each:
- The students freely propose the group composition;
- The evaluation includes technical documentation related to the specs and implementation details, including, where applicable, the produced codes and their static analysis results during a project discussion session
In addition to the message sent by the online system, students with disabilities or Specific Learning Disorders (SLD) are invited to directly inform the professor in charge of the course about the special arrangements for the exam that have been agreed with the Special Needs Unit. The professor has to be informed at least one week before the beginning of the examination session in order to provide students with the most suitable arrangements for each specific type of exam.