Building secure systems is a mindset. A pragmatic approach to threat modeling. A sober look at how your system can be subverted. An understanding of the tools available to lock down and secure a system. In this day and age, even deeply embedded devices are highly connected: so why shouldn't a holistic approach to security apply?
Security Embedded is your ally. With over a 15 years of experience building, destroying and rebuilding secure systems in embedded and wider environments, you want Phil’s expertise on your side. Plus, you don't want to end up on the blog as a case study of what went wrong!
Unlike many other security firms, Security Embedded's experience comes from being both a builder and a breaker. While anyone can tell you best practices for cryptographic systems, firmware update strategies and how to manage your threat model, Security Embedded has done this for real products out in the market today. Why be dictated to by someone who isn't an engineer? Choose a partner who intimately knows the stresses and strains of product engineering.
Security Embedded is available to consult at many stages of your product lifecycle. These include:
Product conceptualization: designing and planning a threat model, recommending secure design approaches, selection of candidate parts to use to achieve security goals;
Product development: software implementation and hardware design auditing, development for real-time and deeply embedded systems, cryptographic systems implementation;
Product NPI and manufacturing: designing secure manufacturing facilities, planning handling of device cryptographic materials, facility process auditing, security requirements acceptance testing, secure NPI process auditing;
Post-mass production: incident response, product security validation;
At all stages: team education, facilitating cross-silo discussion of security and threat models, process auditing to ensure security goals are met.
Security Embedded's expertise includes:
Deeply embedded systems (bare-metal and RTOS-based systems)
Connected SoCs (RTOS and Linux-based systems)
Application-level security (across the board)
Security Embedded has worked with devices ranging from deeply embedded 8051 microcontrollers, modern ARM Cortex M3-based MCUs, all the way up to multi-socket x86-64 NUMA servers. Linux, FreeRTOS, vxWorks, in-house RTOSes and bare metal purpose-built code are all well understood.