Chip Design & SecurityRiscure Academy - Classroom Training
The goal of the course is to enable the learner to have a holistic view on how cybersecurity is embedded throughout the process of designing, implementing and testing a System-on-Chip component or a platform. It is essential for both developers and evaluators to understand the security fundamentals and aspects that influence the whole process; the overall security level depends on both teams working effectively together.
After this program participants will be able to
Recognize security assets in a TOE
Understand how to apply the attack tree method
Rate and select attack paths
Describe main methods of defence
Use open source tooling to identify PCB interfaces
Determine relevance of a component for security
Understand relevance of a component to an attacker
Create and apply countermeasures
Defence & Countermeasures
Evaluate required security properties of an asset
Understand modern threats: implementation attacks, SCA, FI
Understand the role of team work in implementation of security primitives
Understand how modern countermeasures can protect against modern threats
Who is this course for?
This course is aimed at developers and evaluators of System-on-Chip (SoC) components, with an emphasis on hardware design. Developers get a broad point-of-view regarding the complete development process and evaluators get a better insight on how the development process is followed.
The program has a high-level goal of enabling both developers and evaluators to interact more.
- Experience with HDL languages (e.g. Verilog or VHDL) and familiarity with HDL terminology (e.g. RTL, netlist);
- Awareness of fundamentals for physical CMOS circuit designs & layouts (e.g. components of a digital logic gate such as a CMOS NOT gate);
- Awareness of basic electronic engineering tooling & concepts (e.g. usage of oscilloscopes, or concepts such as voltages & currents).
Threat analysis fundamentals
This chapter covers the basics of threat analysis and security terminology needed in order to enable a solid security foundation in the system. As a consequence the chapter will enable the trainees to better grasp the relevance of a realistic threat model and a rigorous risk assessment.
Intro to Chip Design and Security
In this chapter we focus on the specific case of a SoC, by doing a deep dive into the physical implementation of it’s security components. We cover security components, interfaces, crypto engines and algorithms in a SoC. We then dig deeper in the implementation of the components down to the physical transistor level: this depth of understanding is required in order to be able to effectively understand the modern attack techniques.
We now come to the heart of how to add security properties to SoCs at several levels. This section describes best practices (and challenges) for reaching a secure RTL code, secure SoC / component layout and secure low-level code development (e.g. boot ROM code).
Current SoC implementation challenges
In this chapter we dive deeper into the challenges that appear when using modern and state-of-the-art SoC technologies. We discuss challenges on the current technology nodes found in a SoC, and will also describe challenges found with integrated Secure Elements (iSE) in the context of SoCs
State-of-the-art tooling and attacks
We gain further insight into the state of current tooling for attacks on SoCs, as well as the state of current academic research activities and known attacks in this chapter. We will also see how to rate the attack complexity by referring to a rating system widely used in SoC evaluations: the JIL rating scheme.
Evaluation approach for a SoC
The final chapter is targeted to evaluators/analysts. We first describe the methodology under which an evaluation is carried out (focusing on vulnerability discovery, attacks and mitigations, and the threat landscape) and what is a secure development lifecycle and its relevance for a secure SoC. Finally, we turn to some practical aspects of a secure SoC evaluation, such as the situation where different security countermeasures combine in a SoC, as well as aligning planning and development of upcoming chips.
Actionable and indispensable knowledge of security in Embedded Systems and IoT devices. Training on hardware and software security in a classroom setting, online or hosted in your own knowledge program.
What people say
“Very interesting learning approach and material across different aspects of state-of-the-art SoC development with Security in mind. I really want to thank Riscure for offering such good trainings, and the their trainers who make amazing use of their skills, experiences and kindness to easily communicate complex concepts to the audience.”
Get Started Today
Don’t let your organization’s embedded systems become an easy target. Invest in the security and success of your business by partnering with Riscure Academy. Contact us today to discuss your training needs and explore our approach. Together, we’ll empower your team to secure your organization’s future.
Frequently asked questions
Do you do individual training?
Individual training is available for self-enrollers within enterprises, but we do not training for individuals outside of organizations. For individuals we recommend Self-Paced or Open training. If you are unsure, please get in touch by filling in the form below.
What is the minimum group size for your expert-led training program?
Are your programs delivered online or as classroom ?
customer's location. Our online programs blend self-paced e-learning, exercises, assessments, and in certain cases expert-sessions (like Q&A webinars or Group Exercises) with Riscure experts.
When can we start with the training/ what do the training schedules look like?
We do not have pre-defined dates for our training sessions. Instead, we aim to accommodate your preferred start time and schedule the spacing of training and relevant sessions accordingly. To ensure a seamless scheduling process, please provide advance notice of 3-4 weeks for our online group programs and 6-8 weeks for classroom programs, as this allows us to secure our trainers' availability. For online training by individuals (self-paced) any enrollment will be facilitated within days or weeks, depending on the level of integration with the customer training platform or HR system. For Open Training schedules, please, contact us by filling in the form below.
Does customer have access to the training materials after the program?
For expert-led group training, including online/hybrid and classroom formats, access to relevant training materials remains available after the training period. The formal training schedule with deadlines is coordinated between Riscure and the customer.