Embed Size (px)
Citation preview
S O F T W A R E S E C U R I T Y ,S E C U R E S O F T W A R E
D E V E L O P M E N T
in the age of IoT, Smart Things,embedded applications
some news about software
security in 2015
Cyber-attacks against businesses ‘doubled in2015’ by venturebeat - read the article
Should Software Companies Be Legally Liable ForSecurity Breaches? by techcrunch - read
'The IoT is the Internet of Easy Home Hacking'by venturebeat - read
Trends up to 2020
„Like the physical universe, the digital universe is large – by 2020containing nearly as many digital bits as there are stars in the universe.“- Market Research EMC/IDC
„By 2020, 100 million light fixtures will be network controlled. At least asmany gaps to access sensitive customer data will emerge.“- Forbes and On World
25 billion networked devices by 2020
source url
R&D activity in the chip industry
the hardware ecosystems
Read it
STM secure MCU line
The ST33TPM12LPC has received security certification based onthe certified TPM protection profile (Revision 116) withCommon Criteria Evaluation Assurance Level (EAL) 4+. Thisensures that the product totally meets TCG certificationrequirements and is now listed as Certified TPM by the TCGorganization
Read the full DS
STM’ Kerkey; Security Module forSmartmetering system
- Protection profile for the Security Module of a Smart MeterGateway (Security Module PP)- ECC support for NIST-P-256- Digital signature generation and verification with ECDSA- Key agreement with Diffie-Hellman (ECKA-ECDH) and ElGamal (ECKA-EG)- PACE with ECDH-GM-AES-CBC-CMAC-128 for securemessaging- On-chip ECC key pair generation
Embedded Security
Infineon Secure MCU line
Embedded security with Common Criteria certifiedplatforms OPTIGA™ Trust P – All-in-one device forAuthentication
IoT homepage
Infineon IoT landscape
Security matters: The IoT is built on many differentsemiconductor technologies, including power managementdevices, sensors and microprocessors. Performance and securityrequirements vary considerably from one application toanother. One thing is constant, however. And that is the fact thatthe success of smart homes, connected cars and Industrie 4.0factories hinges on user confidence in robust, easy-to-use, fail-safe security capabilities. The greater the volume of sensitivedata we transfer over the IoT, the greater the risk of data andidentity theft, device manipulation, data falsification, IP theftand even server/network manipulation
IoT security
secure software
development approach
webinar
Build Your Software Securely
it’s challenging to keep pace with the rapidly changingdevelopment environment while ensuring security andcompliance requirements are not compromised.
download pdf
The Ten Best Practices for Secure SoftwareDevelopment
“In the 80’s we wired the world with cables and in the 90’s wewired the world with computer networks. Today we are wiringthe world with applications (software).Having a skilled professional capable of designing, developingand deploying secure software is now critical to this evolvingworld.”Mark Curphey,Director & Product Unit Manager, Microsoft Corporation,
read the blog
How to develop software the secure, GaryMcGraw way
Ensuring security in software, Gary McGraw has long argued,means starting at the code level: That is, build security in fromthe start. McGraw, chief technology officer at Cigital Inc. andrecognized as the industry's foremost software security expert,has said that enterprises too often focus on repairing damagepost-breach and fixing bugs after launch. Instead, he argues,greater attention to security in the earliest stages of softwaredevelopment would greatly reduce the percentage of successfulattacks, and minimize damage when malicious hackers dosucceed.
Testing, Inspection and Certification
(TIC) industry role
- Common Criteria -
Read the full intro
Why is CC recommended for developers?
1. Common Criteria is a standard about Information TechnologySecurity Evaluation, which, is true to its name Commonlyaccepted all over the World, in 25 countries.2. The standard defines a construct of creating the system of theproduct security, in an implementation-independent structurecalled Protection Profile, or in an implementation-dependentstructure called Security Target, giving the possibility to create atruly product-fitting security requirement construct.3. The security requirements are set up in a system based on theassets of the product, and the threats to be countered, taking intoconsideration the security policies and assumptions, satisfyingthe security objectives . . .
Learning the latest technology:
IoT, hardware security, software
security
IoT certification
Learn about IoT device, hardware security...online courses
sw security
hw security product mgmt
External service providers in the value
chain: Providing Trust -Security
-----
intro DoSell solution providers
download intro pdf
Software & IT Security Evaluation Services
Common Criteria accredtited laboratory offers consultancy, evaluation services, as a Certified Evaluation Facility.• Card applets (ID cards, access cards, signature cards, etc.)• Detection Devices and Systems(Log analysers, Vulnerabilitymanagers, etc.)• Data Protection Software (Backup solutions, Cryptographicsolutions, etc.)• Access control systems (Access analysers, Authentication systems,Policy managers, etc.)• Boundary Protection Systems ( Software firewalls, Secure messagingplatforms, etc.)• Other systems (Mobile computing, RFID systems, IoT, embeddedapplication, Smart metering etc.)
download case study
Secure Software Development HUB
Back-end architecture development: Java EE - OSGi, node.jsEnterprise Architecture Development end-to-endLarge scale CMS, E-commerce system developmentRAD technology (framework)Rapid application development: Angular JSIn-depth cryptography and software security solutionsfor Start-up: up to MVP end to end product design, managementScrum Project management, and Business Analyst serviceScrum teams outsourcing
CONTACT US
TIBOR.ZAHORECZ@DOSELL . IO
