Special Notices

Are you a seasoned C/C++ programmer who wants to take their skills to the next level? Then this learning program is for you! Learn how to eliminate logical errors, harden critical code areas against fault attacks, and protect crypto algorithms against Side Channel attacks. The software security learning path from Riscure consists of 5 tracks.

The curriculum for the software security learning path is focused on building three core capabilities:

  • Challenge assumptions: making assumptions is a common but dangerous programming practice, e.g. it can lead to incorrectly validated input. You will learn how software programs are executed in the memory, what happens when a device operates out of bounds and how instantaneous power consumption can be used to extract secret information.
  • Find vulnerabilities: because a device or application can be compromised when even a single vulnerability is identified by an attacker, the goal of a developer is to remove all vulnerabilities. You will learn how to eliminate the most common logical errors in software, add extra defence to the critical areas of code, and secure the crypto engines.
  • Choose and implement defences: while there are many possible defence mechanisms, each comes at a cost: execution time, required memory, access to hardware components such as RNGs. You will learn how to analyse the cost and effect trade-off, and thus be able to make informed strategic decisions.


Track 1: Memory Corruption Essentials

Track 2: Fault injection for software developers

Track 3: Side Channel Analysis for software developers

Track 4: Countermeasures against side channel analysis attacks

Track 5: Understanding leakage detection

Understanding of C/C++

In this course we discuss about the culprits of introducing memory corruption and techniques to systematically discover vulnerabilities. In the final section, we close with coding best practices.

Designed by Riscure who routinely perform source code reviews as part of certification projects. Riscure software security specialists have a background in software development and are further trained (at Riscure) to spot security issues in source code. The main challenge faced by a software security analyst is the review of large code databases in a short amount of time. As reviewing all lines of code is typically not feasible, a security analysist needs to quickly understand how to identify security boundaries, what code can be triggered by an attacker, and what parameters can be controlled externally.

In this course we build on the tips and tricks used by software security analysts to review large code bases. As a developer your objective is to remove the ‘low-hanging’ vulnerabilities from software. In our experience, most vulnerabilities in embedded code are related to memory corruption issues.

The estimated duration of this course has been confirmed by reviewing the material internally. Additionally, we have statistics from our LMS platform, and we see that several users spend up to 20h completing this training. We are happy to hear your feedback and average run time from different groups.

Track 1: Memory Corruption Essentials

The first line of defence in securing an embedded system is protecting the software from bugs. This course provides guidelines on finding and removing the most widely encountered type of vulnerability for embedded systems: memory corruption.

Track 2: Fault injection for software developers

Fault attacks influence the intended behaviour of a program by changing critical values in memory or the instruction flow of a program. Fault attacks are used to bypass robust security features such as secure boot and authentication mechanisms.

This is the first fault injection course created specifically for developers who want to harden embedded systems.

Track 3: Side Channel Analysis for software developers

Protecting sensitive data requires utilizing theoretically secure cryptographic algorithms. Nevertheless, the physical implementation of such algorithms is susceptible to threats such as side channel analysis attacks. Learn how side channel analysis attacks can be used to extract secret keys from cryptographic devices.

Track 4: Countermeasures against side channel analysis attacks

The end goal of this training is to enable you to protect your devices and applications against basic side-channel analysis attacks. Your journey will first take you through the theoretical foundations: you will learn what a side channel is, get familiar with practical examples and understand the typical flow of an attacks.

Track 5: Understanding leakage detection

The aim of this course is to help you grasp the intuition behind leakage detection methodologies and achieve a sound technical appreciation of how and why they work. We motivate and describe the current popular practice, including correlation based tests, and expose some of the limitations, with a special focus on ISO standard 17825. By the end of this tutorial you will be equipped to carry out leakage detection tests sensibly and interpret the outcomes responsibly

Track 1: Memory Corruption Essentials

Secure code development:

  • Why practice secure coding?
  • What is a security vulnerability?
  • The life of a program in memory?
  • What is memory corruption?
  • How does memory corruption happen?
  • Memory corruption examples
  • Symptoms of memory corruption
  • Why is memory corruption dangerous
  • Knowledge check

Buffer overflows

  • Introduction to buffer overflows
  • Buffer overflows: the stack
  • What is a buffer overflow
  • Walkthrough example of code
  • What can an attacker do?
  • Can you spot the bug?
  • Code review exercise
  • Buffer overflows: the heap
  • Buffer overflows: global data
  • Code review exercise

Arbitrary writes

  • Introduction to a real life example
  • What is an arbitrary write
  • Walkthrough example of code
  • What can an attacker do with it
  • Can you spot the bug?
  • Knowledge check

Off-by-one

  • Introduction to a real life example
  • What is off-by-one?
  • Walkthrough example code
  • What can an attacker do with it?
  • Can you spot the bug?
  • Knowledge check

Recipe for disaster (root cause)

  • Why do coding errors and vulnerabilities happen?
  • The culprits for memory corruptions: Improper checks/uninitialized variables/Pointers arithmetic/unintended integer promotions/arraying indexing
  • Knowledge check
  • Practical exercise: identify root cause for memory corruption variables

Catch and Patch

  • Finding vulnerabilities: good vs. bad guy
  • Techniques for finding vulnerabilities: Manuel review/static/dynamic analysis/ fuzzing/ reversing
  • Practical exercise: Fix vulnerability example 1
  • Practical exercise: Fix vulnerability example 2

Coding best practices

  • Implementing secure coding guidelines
  • Development life cycle
  • Knowledge check

Conclusion

  • Summary and key lessons
  • Reactive approach vs. Proactive approach - implementing secure coding guidelines and development life cycle
  • Knowledge check