How to design secure software products for IoT, embedded application, smart metering, smart lighting, medical application with the help of Common Criteria
3. Cyber-attacks against businesses ‘doubled in
2015’ by venturebeat - read the article
Should Software Companies Be Legally Liable For
Security Breaches? by techcrunch - read
'The IoT is the Internet of Easy Home Hacking'
by venturebeat - read
6. „Like the physical universe, the digital universe is large – by 2020
containing nearly as many digital bits as there are stars in the universe.“
- Market Research EMC/IDC
„By 2020, 100 million light fixtures will be network controlled. At least as
many gaps to access sensitive customer data will emerge.“
- Forbes and On World
25 billion networked devices by 2020
9. Read it
STM secure MCU line
The ST33TPM12LPC has received security certification based on
the certified TPM protection profile (Revision 116) with
Common Criteria Evaluation Assurance Level (EAL) 4+. This
ensures that the product totally meets TCG certification
requirements and is now listed as Certified TPM by the TCG
organization
10. Read the full DS
STM’ Kerkey; Security Module for
Smartmetering system
- Protection profile for the Security Module of a Smart Meter
Gateway (Security Module PP)
- ECC support for NIST-P-256
- Digital signature generation and verification with ECDSA
- Key agreement with Diffie-Hellman (ECKA-ECDH) and El
Gamal (ECKA-EG)
- PACE with ECDH-GM-AES-CBC-CMAC-128 for secure
messaging
- On-chip ECC key pair generation
11. Embedded Security
Infineon Secure MCU line
Embedded security with Common Criteria certified
platforms OPTIGA™ Trust P – All-in-one device for
Authentication
12. IoT homepage
Infineon IoT landscape
Security matters: The IoT is built on many different
semiconductor technologies, including power management
devices, sensors and microprocessors. Performance and security
requirements vary considerably from one application to
another. One thing is constant, however. And that is the fact that
the success of smart homes, connected cars and Industrie 4.0
factories hinges on user confidence in robust, easy-to-use, fail-
safe security capabilities. The greater the volume of sensitive
data we transfer over the IoT, the greater the risk of data and
identity theft, device manipulation, data falsification, IP theft
and even server/network manipulation
IoT security
14. webinar
Build Your Software Securely
it’s challenging to keep pace with the rapidly changing
development environment while ensuring security and
compliance requirements are not compromised.
15. download pdf
The Ten Best Practices for Secure Software
Development
“In the 80’s we wired the world with cables and in the 90’s we
wired the world with computer networks. Today we are wiring
the world with applications (software).
Having a skilled professional capable of designing, developing
and deploying secure software is now critical to this evolving
world.”
Mark Curphey,
Director & Product Unit Manager, Microsoft Corporation,
16. read the blog
How to develop software the secure, Gary
McGraw way
Ensuring security in software, Gary McGraw has long argued,
means starting at the code level: That is, build security in from
the start. McGraw, chief technology officer at Cigital Inc. and
recognized as the industry's foremost software security expert,
has said that enterprises too often focus on repairing damage
post-breach and fixing bugs after launch. Instead, he argues,
greater attention to security in the earliest stages of software
development would greatly reduce the percentage of successful
attacks, and minimize damage when malicious hackers do
succeed.
18. Read the full intro
Why is CC recommended for developers?
1. Common Criteria is a standard about Information Technology
Security Evaluation, which, is true to its name Commonly
accepted all over the World, in 25 countries.
2. The standard defines a construct of creating the system of the
product security, in an implementation-independent structure
called Protection Profile, or in an implementation-dependent
structure called Security Target, giving the possibility to create a
truly product-fitting security requirement construct.
3. The security requirements are set up in a system based on the
assets of the product, and the threats to be countered, taking into
consideration the security policies and assumptions, satisfying
the security objectives . . .
21. External service providers in the value
chain: Providing Trust -Security
-----
intro DoSell solution providers
22. download intro pdf
Software & IT Security Evaluation Services
Common Criteria accredtited laboratory offers consultancy,
evaluation services, as a Certified Evaluation Facility.
• Card applets (ID cards, access cards, signature cards, etc.)
• Detection Devices and Systems(Log analysers, Vulnerability
managers, etc.)
• Data Protection Software (Backup solutions, Cryptographic
solutions, etc.)
• Access control systems (Access analysers, Authentication systems,
Policy managers, etc.)
• Boundary Protection Systems ( Software firewalls, Secure messaging
platforms, etc.)
• Other systems (Mobile computing, RFID systems, IoT, embedded
application, Smart metering etc.)
23. download case study
Secure Software Development HUB
Back-end architecture development: Java EE - OSGi, node.js
Enterprise Architecture Development end-to-end
Large scale CMS, E-commerce system development
RAD technology (framework)
Rapid application development: Angular JS
In-depth cryptography and software security solutions
for Start-up: up to MVP end to end product design, management
Scrum Project management, and Business Analyst service
Scrum teams outsourcing