当前位置:首页 > 报告详情

PCB组装前更容易实现安全防护​​:硬件威胁建模更简便.pdf

上传人: 竿*** 编号:982088 2025-11-29 69页 2.90MB

1、#SECTORCA BlackHatEventsSecurity is Easier Before PCB AssemblyDeploymentEasy Threat Modeling for HardwareEric EvenchickManaging Partner at Tetrel SecurityEE backgroundFirmware,embedded,automotive,etcBuilt a CAN bus tool(CANtact)and a access control system implant(BLEKey)Firmware Reverse Engineering

2、Trainer for Black HatBlack Hat USA/EU and SecTor review board memberEric EAdamshostack.org/about/adamJoe FitzPatrickEE background plus some silicon debug and security researchApplied Physical Attacks Training:Embedded SystemsHardware PentestingHardware Hacking tools:TigardErebusNot actually a conspi

3、racy theoristJoe FitzPHardware is hard.Hardening hardware is harder.Threat modeling for hardwareis not that hard!Who is this for?People designing hardware but also:People who buy hardwarePeople who deploy hardwarePeople who run code on hardwareAnyone who depends on hardwareThats everyone!Case studie

4、sOpenWRT OneAccess Control SystemCommercial off the shelfBought through a sales channel or with NDAOpen hardwarefull public detailsProprietaryClosed design May be a deviceyou design or sellMay be a device you deploy or supportCould also be a deviceyou deploy and supportCould also be a deviceyou desi

5、gn and sell#SECTORCA BlackHatEvents1.The state of Threat Modeling2.Special considerations about hardware3.Case Study A:Deploying a Device4.Case Study B:Designing a Device5.Now,for the Hard(ware)part6.Documenting our processEasy Threat modeling for HardwareWhat is threat modeling?Using models to help

6、 us think about security“Threats”meaning possible future problemsThe“measure twice,cut once”of security“You can fix it on the drawing board with an eraser,or on the job site with a sledgehammer”Frank Lloyd Wright Four Question Framework What are we working on?What can go wrong?What are we going to d

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **硬件威胁建模的重要性**:硬件安全比软件安全更难,但通过威胁建模可以简化过程。 2. **目标受众**:适用于设计、购买、部署和使用硬件的任何人。 3. **威胁建模框架**:包括四个问题:我们在做什么?可能出错什么?我们将如何应对?我们做得怎么样? 4. **硬件的特殊考虑**:硬件与软件不同,需要考虑物理访问、供应链等因素。 5. **案例研究**:包括部署设备和设计设备的案例,展示了如何应用威胁建模。 6. **硬件部分的挑战**:讨论了大型系统、资源、标准和评分系统的问题。 7. **物理访问的含义**:包括供应链中的任何物理访问点。 8. **供应链的影响**:需要了解供应链并对其进行威胁建模。
如何轻松建模?" "设计硬件?先来个威胁模型!" 硬件安全建模指南!"
客服
商务合作
小程序
服务号
折叠