Переглядів 336
Patterns and Anti-Patterns in Embedded Development: What Security Incidents of 2023 Teach Us - Marta Rybczynska, Syslinbit
We learn from errors. It is even better if we learn from mistakes made by others. This talk will be such an opportunity. Marta will cover various security incidents from 2023 related to embedded Linux and generally embedded development and show good and bad development patterns that those events reveal. The talk will use publicly released examples of incidents and vulnerabilities. For each of them, Marta will present the issue in detail and explore a related pattern. Finally, she will discuss solutions for avoiding such an issue. Examples of study cases the talk will include: - A leak of signing keys and the need for cryptographic best practices like revocation mechanisms - HTTP/2 Rapid Reset and the usefulness of careful resource allocation - Input validation issues in the Linux kernel (drivers, eBPF)