Budapest University of Technology and Economics, Faculty of Electrical Engineering and Informatics

    címtáras azonosítással

    vissza a tantárgylistához   nyomtatható verzió    

    Embedded System Security

    A tantárgy neve magyarul / Name of the subject in Hungarian: Beágyazott rendszerek biztonsága

    Last updated: 2022. november 8.

    Budapest University of Technology and Economics
    Faculty of Electrical Engineering and Informatics
    Engineering Information Technology
    Computer Science Engineering
    MSc Program
    Course ID Semester Assessment Credit Tantárgyfélév
    VIHIMB12   4/0/0/v 5  
    3. Course coordinator and department Dr. Buttyán Levente,
    4. Instructors
     Dr. Levente Buttyán Professor


     Dr. Tamás Holczer Assistant Professor
     Dorottya Futóné Papp Assistant Professor HIT
     András Gazdag Assistant Professor HIT
    6. Pre-requisites
    Szakirany("VIAMI-AUS", _) VAGY
    Szakirany("VIAMI-CES", _)

    A fenti forma a Neptun sajátja, ezen technikai okokból nem változtattunk.

    A kötelező előtanulmányi rend az adott szak honlapján és képzési programjában található.

    7. Objectives, learning outcomes and obtained knowledge Embedded systems are widely used in different applications and their trustworthiness is often indispensable. This course introduces the main threats and possible attacks against embedded systems and elaborates the ways to secure their operation, hence, to make them trustworthy. We follow a define-defeat-defend approach: we first introduce the main characteristics of embedded systems, then we describe how they can be attacked, and finally, we explain how they can be protected against attacks. This approach is followed at the different architectural layers, so we address security problems at the hardware, firmware, OS, and application layers, and finally, we broaden the scope to entire systems, where we cover 3 specific application domains: IoT, vehicles, and ICS/SCADA systems. Students completing this course will have a deep understanding of the security problems in embedded systems and the security mechanisms used to solve them in practice, and they will be able to perform threat analysis of particular embedded systems and to propose strategies for increasing security of those systems.
    8. Synopsis 1.    Introduction to embedded systems and motivation for security

    2.    Embedded device hardware (microcontrollers, processors, memory, and peripherals used in embedded systems, typical characteristics and limitations of embedded devices)

    3.    Wired interfaces and protocols (UART, I2C, SPI, JTAG, CAN)

    4.    Wireless interfaces and protocols (ZigBee, Bluetooth LE, 5G, LoRa)

    5.    Embedded firmware, bootloaders, and operating systems

    6.    Examples for embedded devices (game consoles, IP cameras, WiFi routers, consumer IoT devices, ECUs, PLCs)

    7.    Physical attacks on embedded devices (hardware backdoors, invasive and semi-invasive physical attacks, sniffing and analyzing communications via interfaces)

    8.    Physical protection of embedded devices (levels of tamper resistance, hardware based roots of trust, physical unclonable functions)

    9.    Malware for embedded devices (IoT malware, PLC malware)

    10.    Attacks on embedded software – part 1 (firmware dumping and reverse engineering, finding vulnerabilities, implanting backdoors)

    11.    Attacks on embedded software – part 2 (exploiting software bugs, memory corruption attacks, race condition attacks)

    12.    Security for embedded devices – part 1 (OS hardening on embedded devices, micro-kernel architectures, Trusted Execution Environments)

    13.    Security for embedded devices – part 2 (secure boot and secure remote software update)

    14.    Security for embedded devices – part 3 (runtime integrity verification and remote attestation of malware free state)

    15.    Security for embedded devices – part 4 (secure software development methods for embedded systems, software penetration testing and fuzzing, program analysis and verification)

    16.    Introduction to cryptography

    17.    Challenges for implementing cryptography on embedded devices (resource constraints, side-channel and fault injection attacks, problems with random number generation)

    18.    Lightweight cryptography for embedded devices (cryptographic primitives, protocols, and benchmarking crypto on embedded devices)

    19.    Embedded cryptography engineering (side-channel resistant algorithms and protocols, random number generation, key management, secure defaults)

    20.    IoT security – part 1 (overview of IoT systems and applications)

    21.    IoT security – part 2 (threat modelling, attack scenarios, and security requirements for IoT systems)

    22.    IoT Security – part 3 (security architectures for IoT systems)

    23.    Security of vehicles – part 1 (local and remote attacks on vehicles)

    24.    Security of vehicles – part 2 (defending against attacks on the CAN bus)

    25.    Security of vehicles – part 3 (security and privacy for V2X communications)

    26.    ICS/SCADA security – part 1 (overview of ICS/SCADA systems and their different applications)

    27.    ICS/SCADA security – part 2 (attacks on and security requirements for ICS/SCADA systems)

    28.    ICS/SCADA security – part 3 (security architectures, protocols, and tools for ICS/SCADA systems)
    9. Method of instruction Lectures
    10. Assessment a.    During the semester:
            1 midterm classroom tests (MT)
    b.    During the exam period:
            combined (written and oral) exam (WE+OE)
    c.    Preliminary exam:     --

    Calculation of points:
    total points: tp = mt + we + oe
    where mt, we, and oe are the points received for the midterm test MT and for the exam parts WE, OE, respectively. The midterm mt and the written exam we can both take values between 0 and 40 points, and oe can take values between 0 and 20, so the maximum achievable tp is 100 points.  

    The pre-condition for taking the exam is mt >= 16.

    The oral part of the exam (OE) contributes to the final grade, but it is not mandatory: if not taken, it counts with 0 point in the calculation of the total points (tp).

    Grading scale:
        tp < 40 : fail (1)
        40 <=  tp < 55 : pass (2)
        55 <=  tp < 70 : satisfactory (3)
        70 <=  tp < 85 : good (4)
        85 <=  tp  : excellent (5)
    11. Recaps A failed or missed midterm classroom test can be re-taken at a single occasion in the re-take period (right before the exam period). Midterm tests can also be re-taken optionally for the purpose of improving their points.
    12. Consultations Individual appointment with instructors in an ad hoc manner.
    13. References, textbooks and resources Course material is available in electronic format on the Moodle site of the course.
    Optional readings are recommended on the web site of the course.
    14. Required learning hours and assignment
    Preparation for lectures14
    Preparation for classroom tests20
    Homework assignments0
    Reading assignments20
    Preparation for exam40
    15. Syllabus prepared by
    Dr. Levente Buttyán