Presentation is loading. Please wait.

Presentation is loading. Please wait.

Designing a Secure OTA Update Implementation

Published byNiina Anne-Mari Hukkanen Modified over 6 years ago

Similar presentations

Presentation on theme: "Designing a Secure OTA Update Implementation"— Presentation transcript:

1 Designing a Secure OTA Update Implementation
August, 2018 Nick Lethaby, IoT Ecosystem Manager, Texas Instruments Richard Barry, Principal Engineer, AWS

2 In this webinar, we will examine
Introduction An OTA (Over-The-Air) update is a method of distributing and installing new firmware software updates via wireless connections The ability to perform OTA updates is critical to IoT applications as it allows low-cost patching of bugs and security vulnerabilities, as well as addition of new features In this webinar, we will examine The potential for OTA updates to impact security and reliability An OTA update solution based on an integration of Amazon FreeRTOS with the Texas instruments SimpleLink Wi-Fi microcontrollers and how this addresses security and reliability concerns via: Cloud-based services Embedded software Hardware architecture 1 2

3 OTA Updates: Understanding the risks
IoT Device Vendor User IoT Service Internet Reliability Risks: Flawed update crashes IoT device Power loss during update leaves non-functional image Remote Network Attack: Send earlier version of IoT device image as OTA update Remote Network Attack: Man-in-the-middle Remote Network Attack: Sniff packets Unauthorized device asking for the update Local Network Attack: Sniff packets 22° Smart Home Device To deliver a more secure OTA update solution, it’s important to understand the potential attack vectors: An attacker may obtain the device to acquire physical access in the hope of reading security credentials in storage, analyzing the run-time image for flaws, or copying the run-time image for cloning. By accessing either via the local network or via the internet, an attacker can use a variety of techniques to trick the IoT device into installing malware rather than a legitimate update. If an attacker can gain access to the device management service of the IoT device vendor, it would then be possible to send “malware” as an legitimate update. Remote Network Attack: Unauthorized OTA operator Physical Attack: Extract image or keys from memory Physical Attack: Boot malicious image RUN-TIME STORAGE Local Network Access Physical Access Remote Access TRANSFER

4 AWS Cloud Computing Cloud computing is the on-demand delivery of compute power, database storage, applications, and other IT resources via the internet with pay-as-you-go pricing.

5 AWS Cloud Computing - OTA

6 AWS IoT Architecture Things Sense & Act Cloud Storage & Compute
Secure local triggers, actions, and data sync Secure device connectivity and messaging Fleet onboarding, management and SW updates Fleet audit and protection IoT data analytics and intelligence Endpoints The AWS IoT Core services and AWS Greengrass are the backbone for IoT deployments to securely connect all your devices and handle their data… But there is more to it. Once our customers are at scale, they also have to Maintain their fleet health Keep their fleets secure An naturally, they want to easily analyze their IoT data Gateway Intelligence Insights & Logic → Action

7 FreeRTOS Kernel

8 Amazon FreeRTOS Augments FreeRTOS kernel with functionality that enables MCUs to securely connect to cloud services Completely free to use for any application Open source MIT license

9 OTA on Amazon FreeRTOS: User Actions
Developer authors update Upload to cloud and sign image Schedule an update job Notify device update is available Update process is split into three phases First actions taken by operator Upload new image to cloud file system called S3. Sign image Schedule the OTA at which point the OTA agent is notified

10 OTA on Amazon FreeRTOS: Agent Actions
Developer authors update Upload to cloud and sign image Schedule an update job Notify device update is available Device downloads image (or streams over MQTT) Write image to flash Close file and verify signature Notify application that new image is ready Application activates when it is ready (set boot flags and reset) Second actions taken by agent running on the device Download and validate signature Let the application know

11 OTA on Amazon FreeRTOS: Reboot Actions
Developer authors update Upload to cloud and sign image Schedule an update job Notify device update is available Device downloads image (or streams over MQTT) Write image to flash Close file and verify signature Notify application that new image is ready Application activates when it is ready (set boot flags and reset) Verify image at boot Initialize OTA agent and confirm current image is latest Hand control to application for self test On passing self test, commit new image Update cloud status to completed. Finally the reboot Checks the image again Allows for a self test before committing.

12 OTA on Amazon FreeRTOS: An Overview
AWS Signer Service AWS IoT Jobs Service Developer authors update Upload to cloud and sign image Schedule an update job Notify device update is available Device downloads image (or streams over MQTT) Write image to flash Close file and verify signature Notify application that new image is ready Application activates when it is ready (set boot flags and reset) Verify image at boot Initialize OTA agent and confirm current image is latest Hand control to application for self test On passing self test, commit new image Update cloud status to completed. AWS IoT Streaming Service Cloud services that interact to perform the OTA. Now look at these services

13 Code Signing Service Amazon FreeRTOS OTA updates require a signed image The IoT device can authenticate the source of the OTA image The signing service is integrated with the Amazon Certificate Manager (ACM) Device providers register their code signing certificate with the ACM Code signing service Allows device to authenticate the source and integrity of received image Also uses the Amazon Certificate Manager, with which you register the signing certificate

14 Job Service (Scheduling Updates)
OTA uses the AWS IoT Job Service The Job Service is used to define a set of remote operations (OTA is the operation in this case) You specify a list of targets to perform that job (a device group in this case) Not specific to OTA Defines remote operations for subsets of devices

15 Thing Groups Manage several devices/things at once by categorizing them into groups. Send OTA images to individual devices, or all devices in a group { "thingGroups": [ { "groupName": "LightBulbs", "groupArn": "arn:aws:iot:us-west-2:thinggroup/LightBulbs" }, "groupName": "RedLights", "groupArn": "arn:aws:iot:us-west-2:thinggroup/RedLights" ]} Demonstrate (screen shot) how IoT devices are grouped by whatever attributes are chosen.

16 Device Side OTA Agent Uses MQTT Streaming Service and all communications through a single TLS connection Minimizes resource usage by downloading OTA via the existing TLS connection used for MQTT communication with AWS IoT Simply API Just start agent on start up Subscribes to topic Downloads in background

17 Cloud Operator Security Starts with IAM
Identity and Access Management (IAM) lets you manage access to AWS services and resources securely Create and manage AWS users and groups Use permissions to allow and deny their access to AWS resources Need to protect access to these services Fine grained control Same security mechanism as used through AWS access controls. Every API call made through the control plane API undergoes standard IAM Signature Version 4 authentication and authorization. Must have permissions to invoke the CreateDeployment, CreateJob, and CreateStream APIs. [In addition, in your Amazon S3 bucket policy or ACL, you must give read permissions to the AWS IoT service principal so that the firmware update stored in Amazon S3 can be accessed during streaming.]

18 IAM Users, Roles and Policies
SAMPLE POLICY { "Version": " ", "Statement": [ "Sid": "FullAccess", "Effect": "Allow", "Action": ["s3:*"], "Resource": ["*"] }, "Sid": "DenyCustomerBucket", "Effect": "Deny", "Resource": ["arn:aws:s3:::customer", "arn:aws:s3:::customer/*" ] } ] IAM Users allow you to define specific users of an AWS account with different permissions IAM Roles allow applications to access AWS services programmatically with specified permissions IAM Policies are documents that define the fine-grained permissions for each IAM User and Role

19 Preventing Unauthorized Job Operators
An OTA User Policy grants your IAM user access to a number of job-related and OTA services. The following actions are performed during the FreeRTOS OTA workflow, and the following policies are therefore needed the IAM user. "s3:ListBucket", "s3:ListAllMyBuckets", "s3:CreateBucket", "s3:PutBucketVersioning", "s3:GetBucketLocation", "s3:GetObjectVersion", "acm:ImportCertificate", "acm:ListCertificates", "iot:ListThings", "iot:ListThingGroups", "iot:CreateStream", "iot:CreateOTAUpdate", "iot:GetOTAUpdate", "iot:ListJobs", "iot:ListJobExecutionsForJob", "iot:DescribeJob", "iot:GetJobDocument", "iam:ListRoles", "signer:ListSigningJobs", "signer:StartSigningJob", "signer:DescribeSigningJob" All the items an IoT deployment needs access to or permission to perform

20 Managed (Pre-Configured) Access Policies
The OTA Service Role is a role that AWS IoT takes on to perform OTA actions on your behalf An AWS managed policy is a standalone policy that is created and administered by AWS, making it easier for you to assign appropriate permissions. Create a role, and add permissions to it using the managed policy called AWSIoTOTAUpdate, which contains the permissions needed for AWS IoT to create jobs and use signed images. Help is at hand through managed policies Pre-canned Groups all the required permissions allowing a single permission to AWSIoTOTAUpdate Hand over Nick will show how the CC3220 architecture minimizes overhead, non intrusive

21 SimpleLink Wi-Fi: Architected for better security
Single chip enclosed architecture for reduced attack surface 2 Separate execution environments: MCU + NWP for enhanced assets isolation and easy application integration CC32xx Wireless-MCU Network Processor SPI Power Management Wi-Fi Baseband Radio MAC Internet TLS/SSL TCP/IP HTTPS Applications MCU ARM Cortex M4 80MHz 256KB RAM + Opt. 1MB XIP Flash User Application HW Crypto Engine Embedded security features reduce need for external secure components HW crypto engines enable fast TLS secure connection establishment within 200msec Cryptographic utilities simplify sign & verify operations to validate any new image Encrypted File System for Customer IP/data and end user’s data security The unique architecture of this device, and its wide range of built-in security features, empower designers to implement a variety of security measures to protect their product from unauthorized theft and malicious control. The Single Chip enclosed architecture reduces the number of possible attack surfaces commonly observed in systems which have the User-Application MCU externally attached to the wi-fi network processor via an interface such as UART or SPI. In this particular architecture the MCU is integrated within the Silicon The two on-chip, yet physically separate, execution environments of the user-applications MCU and the Wi-Fi network Processor, allow for enhanced assets isolation between the developers’ IP and the network processor activities. This device supports personal and enterprise security protocols for the local segment of the network (between the AP and the STA). It supports 16 sockets, out of which 6 can be secured (SSL/TLS protocols). The Internal HTTPS server runs on top of a TLS socket, with support for client authentication The Device Identity is an Unmodifiable unique 128-bit number that TI stores in the device during production. It may serve as a unique device identity (UDID). The trusted Root Certificate catalog is a built-in file, provided and signed by TI, which contains a list of known and trusted root certificate authorities (CAs). It is used to ensure that a CA is trusted as root of certificate chain for the purpose of TLS and for file signing. The TI root of trust public key is a hardware-based mechanism that allows authenticating TI as the genuine origin of a given content (such as software service pack, trusted root-certificate catalog) using asymmetric keys. One of the most important embedded HW security features are the Hardware crypto engines. These engines offload the ARM® Cortex®-M4 MCU from the complex and time-consuming arithmetic involved in cryptographic algorithms. The HW crypto engines enable fast secure TLS/SSL connection establishment within 200mSec. These Cryptographic utilities also simplify sign & verify operations to validate the authenticity of any new image. Some of the hardware crypto engine are accessible at the application level. Those crypto engines are: AES, DES, SHA/MD5, and (Cyclic redundancy) CRC. The device unique-key is a hardware based, readable only by the NWP. IT is used for cloning protection mechanism. The Debug security enables blocking access to debug capabilities such as JTAG interface and file-by-file access from external tools. There are numerous built-in software security features that aim to reduce the need for additional external secure components – such as secure MCU or secure elements. File system security features encompasses file encryption, authentication, bundle protection, access control and more. [CLICK] All of the encrypted files for the customer’s IP/data and the consumer’s data can be securely stored on the sFlash. The secure files/data are accessible only by the NWP with the correct access control. We even enable initial secure programming, which is referring to the fact that an image can be encrypted with a secure key before it is loaded on the board. Then a trusted person can activate the image that is loaded on the device by using Uniflash. … This is Very useful for factory code protection. Secure boot is used to validate the authenticity of any image before its initial runtime. Serial Flash File system security: Encryption, Access control, Authentication, Bundle protection, Software tamper detection, Cloning protection Initial secure programming Secure Boot Software Hardware Crypto Engine for advanced fast security, including: AES, DES, SHA/MD5, and CRC. Device-Unique Key Debug Security: JTAG and Debug Ports can be Locked Embedded HW Personal and enterprise security: WPA/WPA2 PSK, WPA2 Enterprise Full TCP/IP stack with TLS Embedded HTTPS Server Unique Device Identity Trusted Root-Certificate Catalog Networking

22 Amazon FreeRTOS integration with SimpleLink SDK
SimpleLink connected MCUs have a standard SDK across all devices The SimpleLink SDK feature extensive run-time libraries that Amazon FreeRTOS leverages in its secure OTA solution SimpleLink W-Fi Device Device Drivers FreeRTOS Kernel User Applications Secure Wi-Fi Stack TLS TCP/IP Secure Bootloader (ROM’d) MQTT Client OTA Agent Crypto Utilities Manage Keys Accelerators, RNG Secure Filesystem Images Keys Wi-Fi Manager

23 OTA reliability: SimpleLink Bundle Protection
Create failsafe files Amazon FreeRTOS uses the SimpleLink Bundle protection mechanism to avoid OTA updates bricking a device Amazon FreeRTOS tests the image can connect and communicate with AWS/IoT Amazon FreeRTOS also provides a hook for developers to add their own testing Add files to bundle Write image files to bundle Restart processor & set watchdog timer Watchdog timeout Test image Power failure fail Rollback back to the previous version pass Commit bundle as the new boot image

24 OTA Reliability: Factory Image Recovery
As an additional recovery mechanism to use for malfunctioning or bricked devices, SimpleLink Wi-Fi devices include a capability to restore to a device to a factory image End Product PCB If the application MCU is still running and the IoT device has an UI, it can provide an option to reset the network processor to a factory image combined with the most recent service pack downloaded Serial Flash UI Factory Image SimpleLink Wi-Fi Current working image SOP If the IoT Device is totally unresponsive, both the application MCU and network processor can be reset to a factory image via the SOP (Sense-On-Power) pins. Slot for next OTA image

25 Hardware Crypto Engines Personal and Enterprise
OTA Update Security Measures Hardware Crypto Engines Local network with WPA/WPA2 encryption by the HW crypto engines, offloading the host Personal and Enterprise Wi-Fi Security OTA Security The SimpleLink device opens a secured Wi-Fi connection to the Access-Point Local Network Attack: Sniff packets Application Servers End Product PCB It is important to first establish a secure local area network connection. This can be done by leveraging the NWP embedded personal and enterprise security features. CC32xx Wireless-MCU Network Processor SPI Power Management Wi-Fi Baseband Radio MAC Internet TLS/SSL TCP/IP HTTPS Applications MCU ARM Cortex M4 80MHz 256KB RAM + Opt. 1MB XIP Flash User Application HW Crypto Engine Serial Flash Internet IoT Device Vendor User Access Point RUN-TIME STORAGE Local Network Access Physical Access Remote Access TRANSFER

26 Hardware Crypto Engines Secure Sockets (TLS\SSL)
OTA Update Security Measures Hardware Crypto Engines HW encryption engines establish a fast TLS/SSL internet connection within <200mSec Secure Sockets (TLS\SSL) TLS/SSL are in the NWP, within the BSD Socket layer OTA Security The SimpleLink device has a secured TLS connection to the AWS IoT service. Remote Attack: Sniff packets Application Servers End Product PCB To prevent remote packet sniffing, the connection through the internet to the application server will leverage the built-in TLS protocol with hardware crypto engines to quickly establish a secure connection within 200mSec. CC32xx Wireless-MCU Network Processor SPI Power Management Wi-Fi Baseband Radio MAC Internet TLS/SSL TCP/IP HTTPS Applications MCU ARM Cortex M4 80MHz 256KB RAM + Opt. 1MB XIP Flash User Application HW Crypto Engine Serial Flash Internet IoT Device Vendor User Access Point RUN-TIME STORAGE Local Network Access Physical Access Remote Access TRANSFER

27 OTA Update Security Measures
Hardware Crypto Engines Trusted Root-Certificate Catalog Built-in secure mechanism to ensure a CA is trusted as root of certificate chain for TLS purpose and file signing. TI Root of Trust Public Key OTA Security During the TLS connection the server is authenticated to the SimpleLink’s trusted root certificate catalog. HW-based mechanism that allows authenticating TI as the genuine origin of a given content, using asymmetric keys. Application Servers Remote Attack: MITM End Product PCB In order to prevent any potential MITM attack, the application server has to be authenticated as a genuine server, against CC3220 trusted certificate catalog, which contains the list of known and trusted root Certificate Authorities (CA) The CC3220 must also authenticate itself as the genuine origin of any given content, such as the trusted root certificate catalog. All of this is handled by the NWP. The signed image generated by AWS and authenticated by the OTA agent (using the CC3220 HW crypto engine) offers further protection against a MITM trying to substitute malware in place of the actual OTA update. CC32xx Wireless-MCU Network Processor SPI Power Management Wi-Fi Baseband Radio MAC Internet TLS/SSL TCP/IP HTTPS Applications MCU ARM Cortex M4 80MHz 256KB RAM + Opt. 1MB XIP Flash User Application HW Crypto Engine Serial Flash Internet IoT Device Vendor User Access Point RUN-TIME STORAGE Local Network Access Physical Access Remote Access TRANSFER

28 Hardware Crypto Engines
OTA Update Security Measures Hardware Crypto Engines Device Identity Unmodifiable unique 128-bit number that TI burns into the device during production OTA Security The simplelink device uses its unique device identity in order to be validated and approved to continue with a SW update Application Servers Unauthorized device asking for the update End Product PCB Although not supported currently by Amazon FreeRTOS OTA at this time, each CC3220 has a unique device identity that can be validated and approved by the application servers, before the application server can authorize the release of the latest software . This unmodifiable 128bit is burned into each device during production. It cannot be modified. This prevent any unauthorized device from accessing the application server and getting the software update. CC32xx Wireless-MCU Network Processor SPI Power Management Wi-Fi Baseband Radio MAC Internet TLS/SSL TCP/IP HTTPS Applications MCU ARM Cortex M4 80MHz 256KB RAM + Opt. 1MB XIP Flash User Application HW Crypto Engine Serial Flash Internet IoT Device Vendor User Access Point RUN-TIME STORAGE Local Network Access Physical Access Remote Access TRANSFER

29 OTA Update Security Measures
Hardware Crypto Engines Unique Key - Cloning Protection The file system is readable only by the device which first booted the image File system is encrypted so image cannot be read without the key File Encryption File System Security OTA Security The updated files access control and authenticity are validated and then stored on the Simplelink’s secured file system Physical Access Attack: Read App Code or keys Physical Access Attack: Copy and run binary on counterfeit HW IoT Application Servers End Product PCB The new bundle files from the server are decrypted by the NWP, and stored on the sFlash. It is recommended to store them as encrypted image to prevent any physical access attack to read the app code. The Device unique-key is leverage by the intrinsic cloning protection mechanism, which ensures that the file system is readable only by the NWP, which first wrote that image to the sFlash. In other words, an encrypted image on the sFlash is only readable by the NWP, it was first attached to. CC32xx Wireless-MCU Network Processor SPI Power Management Wi-Fi Baseband Radio MAC Internet TLS/SSL TCP/IP HTTPS Applications MCU ARM Cortex M4 80MHz 256KB RAM + Opt. 1MB XIP Flash User Application HW Crypto Engine Serial Flash Internet IoT device vendor User Access Point RUN-TIME STORAGE Local Network Access Physical Access Remote Access TRANSFER

30 Hardware Crypto Engines Attempt to hijack device by running
OTA Update Security Measures STORAGE Hardware Crypto Engines Validate the integrity and authenticity of the run-time binary during boot OTA Security At boot the application code is loaded and run on the MCU Secure Boot Attempt to hijack device by running malicious SW Application Servers End Product PCB The over ther air transfer of the new software image is complete. The CC3220 will restart with the new image. First the secure boot will validate the integrity and authenticity of the binary. If the image is not valid, the device will default to the previously known good image. This is done in order to protect against attempts to hijack the device with malicious SW. CC32xx Wireless-MCU Network Processor SPI Power Management Wi-Fi Baseband Radio MAC Internet TLS/SSL TCP/IP HTTPS Applications MCU ARM Cortex M4 80MHz 256KB RAM + Opt. 1MB XIP Flash User Application HW Crypto Engine Serial Flash Internet IoT Device Vendor User Access Point RUN-TIME STORAGE Local Network Access Physical Access Remote Access TRANSFER

31 SimpleLink Wi-Fi: Multi Layer Security Measures
Secure Content Delivery Trusted Root-Certificate Catalog Initial Secure Programming Secure Sockets (TLS\SSL) Personal and Enterprise Wi-Fi Security Secure Boot File Encryption Unique Key - Cloning Protection Software Tamper Detection TI Root of Trust Public Key Device Identity HTTPS Service Debug Security Hardware Crypto Engines Secure Key Storage File Authentication File Access Control Factory Image Recovery File Bundle Protection File System Security CC3220S, and CC3220SF have several built-in features that will enable you to design products with a variety of security measures to fit the needs for that product’s application. Amazon FreeRTOS uses many of these to deliver its secure OTA update solution. Application Servers End Product PCB Internet CC32xx Wireless-MCU Network Processor SPI Power Management Wi-Fi Baseband Radio MAC Internet TLS/SSL TCP/IP HTTPS Applications MCU ARM Cortex M4 80MHz 256KB RAM + Opt. 1MB XIP Flash User Application HW Crypto Engine Serial Flash IoT Device Vendor User Access Point

32 For more information Resources SimpleLink Wi-Fi devices and tools
Getting started with a CC3220SF Launchpad Review CC3220 technical documents Amazon FreeRTOS and Secure OTA AWS IoT

33 Summary OTA Updates are a critical capability for an IoT device but introduce the potential for security and reliability risks Amazon offers an end-to-end secure OTA solution based on AWS IoT cloud services and Amazon FreeRTOS embedded software Amazon FreeRTOS is integrated with the SimpleLink SDK, enabling it to leverage SimpleLink Wi-Fi’s built-in OTA security and reliability features DATA CODE

Download ppt "Designing a Secure OTA Update Implementation"

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Understanding Active Directory

Understanding Active Directory
Customer Sales Presentation Stoneware webNetwork Powered by ThinkServer.

Customer Sales Presentation Stoneware webNetwork Powered by ThinkServer.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Computer Emergency Notification System (CENS)

Computer Emergency Notification System (CENS)
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Wireless and Mobile Security

Wireless and Mobile Security
The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.

The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.

TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation.

4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation.
Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.

Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.

Similar presentations

Ads by Google