The iSAQB® EMBEDDEDSEC module provides a systematic approach for designing secure embedded systems for medical or automotive applications. It shows how to identify threats, address them with appropriate mitigations and verify their appropriateness.

This advanced-level module, Secure Embedded Systems (EMBEDDEDSEC), supplements the iSAQB® Certified Professional for Software Architecture. The course provides a systematic approach for designing secure embedded systems for medical or automotive applications. It shows how to identify threats, address them with appropriate mitigations and verify their appropriateness.

Course overview

Learn about a systematic approach to designing secure embedded systems.

Hardening embedded systems against attacks poses special challenges due to the constraints of these systems. At the same time, embedded systems range from small microcontroller-based devices with limited resources to complex, interconnected systems operating in critical environments. This advanced-level module, EMBEDDEDSEC, supplements the iSAQB® Certified Professional for Software Architecture. The course provides a systematic approach for designing secure embedded systems for medical or automotive applications. It shows how to identify threats, address them with appropriate mitigations and verify their appropriateness.

This training module provides a consistent, methodical approach to analyzing, designing, implementing and verifying embedded systems to meet the product’s security goals. All topics are accompanied by an overarching exercise example to apply the knowledge in practice.

Key Takeaways

• Secure software and system development for embedded systems
• Secure development life cycle
• Relevant standards and regulations (ISO/SAE 21434, UN R 155, FDA Cybersecurity Pre-Market Submission Guidelines, IEC 62443, IEC 80001-5-1, NIST SP 800)
• Threat identification and risk analysis
• Methods to identify potential security impacts and the risks that cause them
• Overview of typical attacks targeting embedded systems
• Analysis and rating techniques to prioritize identified risks (e.g., CVSS, ISO/SAE 21434, OWASP Risk Rating)
• Tools and practical guidelines to perform cybersecurity risk analysis for embedded systems
• Security-by-design
• Introduction of concerns, such as authentication, integrity, updatability and confidentiality that need to be considered for cybersecurity
• Concern-oriented design patterns, principles, methods and technologies to determine and implement suitable mitigations and cybersecurity controls
• Introduction to cryptography and practical guidelines on employing cryptography in embedded systems
• Methods employed statically and dynamically to verify that security goals and requirements are met

Target Audience

• Software architects
• Software engineers
• Security engineers

Prerequisites

Before taking this training, participants should have experience developing software for embedded systems and a basic understanding of software architecture, such as the concepts presented in the iSAQB® Certified Professional for Software Architecture — Foundational Level (CPSA-F) training.

Further Information

• The training is licensed in accordance with the iSAQB® Certified Professional for Software Architecture — Advanced Level EMBEDDEDSEC module.
• Within the iSAQB® EMBEDDEDSEC module, this training can be tailored to your domain (e.g., automotive or medical) and your system type (microcontrollers and embedded POSIX systems).
• For online training, all materials are offered digitally. For in-person training, all materials are offered digitally and may be supplemented with hard copies.