JamesMorris: New page: == Title == Embedded Linux Security == Presenter == David Safford, IBM == Abstract == Linux is in widespread use in embedded devices, but these devices typically lack critical securit...

2013-08-02T05:30:50Z

New page: == Title == Embedded Linux Security == Presenter == David Safford, IBM == Abstract == Linux is in widespread use in embedded devices, but these devices typically lack critical securit...

New page

== Title ==

Embedded Linux Security

== Presenter ==

David Safford, IBM

== Abstract ==

Linux is in widespread use in embedded devices, but these devices
typically lack critical security features found in higher-end Linux
systems. They typically do not have any way to validate their
firmware, they do not have hardware roots of trust for trusted or
secure boot, they do not have provisions for physical presence, and
they do not have secure update. Vendors claim that these features
are either too large, or too expensive to fit in their embedded
devices.

This presentation will summarize the recent widespread vulnerabilities
and compromises of embedded devices, and will show how the given
security features would defeat such attacks, relating the concepts to
the NIST SP800 guidelines for BIOS measurement and protection, and to
the ongoing work on Linux secure boot for higher end devices.

It will look at four typical embedded devices, will show how all of
these features can be added at _zero_ cost, and will give a live
demonstration of the added security features on one such device - a
TP-Link MR3020.

As a bonus, the presentation will show how the same techniques can be
used to fix the restricted boot of the Samsung Arm Chromebook, with
physical presence enablement for updating the secure boot public key.

Linux Security Summit 2013/Abstracts/Safford - Revision history

JamesMorris: New page: == Title == Embedded Linux Security == Presenter == David Safford, IBM == Abstract == Linux is in widespread use in embedded devices, but these devices typically lack critical securit...