Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Improving Your Embedded Linux Security Posture with Yocto
Jon Szymaniak - NCC GroupPosted 3 Years Ago- Embedded devices are notoriously broken. This is not because of bad developers but a forced rush to the market. Because of this, several consistent and secure by default build system have been made. This whitepaper analyzes how to make more secure embedded devices using these build systems. In particular, OpenEmbedded and Yocto.
- The first interesting section is labeled Automating QA Tasks. This can be done in order to add security into the build process from the beginning. One trick is to use the cve-check build class to automatically pull for security advisories. Additionally, meta-security checks for other security misconfigurations.
- buck-security is a scanner used for basic checks on file permissions.
meta-security-isafw(Image Security Analyzer Framework) provides additionally build and configuration checks.ISA_kca_pluginis a kernel configuration analyzer... there are a bunch of these tools that are very useful. - Next, they talk about binary protections, such as Nx, format strings, Fortify and other protections, into the compilation scripts. From there, they go into privilege separation. The key component is principle of least privilege for handling permissions correctly.
- They talk about removing all entrenous functionality from these large frameworks to reduce attack surface. Good call out!
- Overall, good paper with very actionable items.
