Dr. David Long

Principal Technical Staff, Doulos

Dr David Long is the Principal Member of Technical Staff at Doulos, where he has worked since 2001, developing and presenting training courses for professional engineers. During that time, he has trained several thousand engineers in more than 20 different countries, in subjects ranging from HDL-based design and verification of digital and mixed-signal hardware through to virtual prototypes, embedded software and security. He is also the co-author of the IEEE 1666 SystemC Language Reference Manual.

Prior to joining Doulos, David worked for over 15 years in both industry and academia. He has an MSc in VLSI Design and a PhD in Mixed-Signal Simulation.

ABSTRACT

“Using Free Tools to Test the Security of a Small Embedded System”

Security is an increasing concern for developers of many small embedded applications such as IoT Edge devices. Unfortunately the choice of tools suitable for testing security on such systems is limited. This is quite different to web-based, desktop and even embedded Linux application developers who are able to select security tools from a wide range of commercial and open-source providers, such as those included in the popular Kali Linux distribution.

This tutorial provides an overview of open-source and free tools that are suitable to use for security testing of IoT edge devices based on a Cortex-M processor. It considers how and where these tools may be used within the security testing process. Examples include the use of the NSA’s Ghidra software reverse engineering tools and tools based on the open-source Unicorn emulator. We will also discuss the steps required to perform fuzz testing on some example code for a Cortex-M processor using AFL-Unicorn, GDB, GEF and python scripts, together with hints and tips that will be useful for anyone in the audience who wishes to try this for themselves.