Defense in depth your embedded systems
Security is part of our product development life cycle. Instead hunting the bugs we can put in place a number of defense mechanisms that will protect our products from unknown and future possible attacks. That is a reactive approach and less prioritized today in the Security Development Lifecycle process. In the talk, I will cover several examples of defense in depth mechanisms that security architects and development teams can embrace to improve their FW security. I will show that even if those mechanism aren’t available out of the box like in common OS, there are still things to do and will explain how to approach when we design those.
Dan Horovitz is an experienced Security Researcher, worked at Intel, McAfee, Checkpoint as well on several security startups for the last 15+ years, doing security product development as well as security assurance, security code review, architecture and design review and security validation. Dan is a life-long hacker, security advocate, he has always had a passion for deconstructing technology, particularly since getting his first Commodore 64 at the age of 7 teaching himself BASIC programming. In his career, Dan has performed all forms of security assessments but given his developer and management background, he has a dedication to security architecture, security features development and security assurance. Dan have MBA & B.Sc in computer science from BGU and presented papers in different conferences such: iSecCon, SWPC, Intel System Engineer, Intel TechWeek, QA&Test and MPower.