Customer Reviews

Practical Embedded Security: Building Secure Resource-Constrained Systems (Embedded Technology)

5 star:		(0)
4 star:		(1)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

I've spent 14 years as a Firmware Engineer in Telecom and Industrial Controls. While we do our best to make bug-free products, it is rare that time and effort are spent securing these devices. Most systems attempt to use "security through obscurity", which we all know only goes so far.

The Embedded development paradigm is quite different from PC programming - our resources are very limited; most of the products I've developed have had memory (RAM and Code) measured in kilobytes, not like today's PCs with gigabytes to burn!

This book covers the basics of how to secure a device with such limited resources. First the book covers the general concepts involved in security. Next it goes into the various protocols and how they are attacked and defended. The last two chapters cover specific examples on a PIC processor and on a Rabbit processor. These two parts fit exactly into the middle of the range of embedded processors used today.

The author speaks freely of the limitations of each of the current protocols. His writing is clear and makes for an interesting read (quite an accomplishment on a topic that could be quite acedemic!).

I gave the book "only" 4-stars because the Sample Programs are not provided on CD nor is there an obvious link to source code on the web. While the material is a port of OpenSSL (which is available), it would have saved readers time re-typing the sample source code.

Otherwise, I find this to be a great start to making my designs more secure!