Hi [[ session.user.profile.firstName ]]

Use Proper Taint Analysis, Especially in the IoT

In this class, we will teach software developers, testers, and analysts how taint analysis can identify exploitable areas within an application and/or system that could be used as an entry point by a hacker. Using IoT as our example, we will help perform proper taint analysis, evaluating how data modified purposely by a user or system (such as a variable set by a field in a web form or a package of information send across an automotive CAN bus) poses a potential security risk. With the continuing surge in code and data spawned by the IoT’s popularity, this is especially needed to maximize security and maintain an efficient data flow, regardless of whether it’s data within an application or data that’s transferred between applications. Given the enormous increase in application and system connectivity, all software should be analyzed for taint defects. Day 1 sponsored by GrammaTech.
Recorded Nov 15 2016 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
Presentation preview: Use Proper Taint Analysis, Especially in the IoT

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Keeping Your IoT Devices Secure – From Design to Decommissioning Oct 12 2017 3:00 pm UTC 60 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    In our first two classes, we have looked at the needs of a cloud-based IoT solution and how to design and build it. In this final class our expert instructor will cover the critical aspects of how to test and deploy our IoT solution, and more importantly, how to keep it secure and operational through ongoing monitoring and maintenance. We will look at how Device Cloud enables ongoing monitoring and maintenance for the devices through the entire life cycle of the IoT solution from design through end-of life. Particular elements to be covered will include Device Cloud functionality such as edge management and data management. Still in its relative infancy, the IoT is already being hacked at an alarming rate. We need to include the tools and the platform to stay one step ahead, keep our devices secure and up-to-date, and maintain a vigilant ‘eye’ on the system throughout its life. Sponsored by Wind River.
  • Designing for the IoT Oct 11 2017 3:00 pm UTC 60 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    As we learned in our first class, we need a cohesive platform of tools and various ‘building blocks’ to build a robust cloud-based IoT solution to meet the needs of even high-reliability IIoT applications. In this second class on cloud-based design for the IoT, our expert instructor will discuss how a combination of Industrial Internet of Things (IIoT) technologies and software-defined architecture (SDA) from Wind River® is ushering in a new era of IoT innovation. Some of the topics to be covered include development tools and example pre-build platforms for many popular targets, connectivity and control APIs, and network and infrastructure platforms and services. Our instructor will also cover the topics of how to assure our communications and data are secure and properly communicated, filtered, collected, and safely stored. Current industry estimates are that only 10-25% of data is actually collected and stored – when this data increases by perhaps two orders of magnitude in the next five years, how can we assure that we can indeed collecting, communicating, using, and saving the data we need? We will look at some of the answers to that question in this class. Sponsored by Wind River.
  • IoT and Cloud Computing Basics Oct 10 2017 3:00 pm UTC 60 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    Before we begin our IoT system solution, we need to fully understand the overall structure and key elements of a robust and secure cloud-based system. In this leadoff class, our expert instructor will review these needs as well as the possible challenges that we face and will continue to face in our IoT system throughout its life cycle. We will review the basics of designing for the IoT as well as the primary elements that are needed in its design. Issues to be covered include safety, security, device management, data management, network communications and infrastructure, and maintenance. We will look at Wind River Helix Device Cloud, a SaaS IoT device management platform, and how its ready-built elements can be integrated into our IoT design. Sponsored by Wind River.
  • Virtualization Increases Your IoT Critical Infrastructure System’s Cybersecurity Sep 28 2017 3:00 pm UTC 60 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    With the connection to the Internet and the connectivity to a plethora of devices, cybersecurity is a big issue. This dovetails with the need for multiple levels of safety that were discussed in Day 2, as it pertains to the cost of certification in critical infrastructure IoT. While this may sound like a complex endeavor, it doesn’t have to be. Attend Day 3 of this three-day course, and we’ll make sure that you’re headed in the right direction. We will show you how your IoT applications can be made secure and updated with critical cybersecurity patches while at the same time your safe and certified critical infrastructure applications remain untouched. In addition, we’ll provide a wrap-up of the three days and be sure to answer any outstanding questions. Sponsored by Wind River.
  • Use Virtualization To Enable Safety-Certified IoT Critical Infrastructure System Sep 27 2017 3:00 pm UTC 60 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    Companies are updating their critical infrastructure, and safety has become a key issue, with increased regulation and risk of litigation driving the need for safety certification in industries such as aerospace, energy, industrial automation, medical, and robotics. One area of concern is partitioning safety certified and non-safe code and that’s what we’ll cover in Day 2 of this three-day course. We’ll look at how using virtualization, Java, analytics and various types of partitioning in your IoT design can maximize safety and reduce your overall design cost and risk. Sponsored by Wind River.
  • How to Design Safe, Secure, and Reliable IoT Critical Infrastructure Systems Sep 26 2017 3:00 pm UTC 60 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    There’s no way around it; as a software developer, system engineer, or system architect, you’re going to encounter design complexity when developing safe, secure and reliable IoT systems for today’s critical infrastructure. But in this new software-defined world and with the IoT exploding around us, companies like yours must adapt to stay relevant. While legacy critical infrastructure is too expensive to just replace completely, there are ways to implement new features that will define premium products for your market and meet the safety and security requirements necessary for connecting to the IoT. In Day 1 of this three-day class, we’ll look at how you can transform digitally and ensure that your applications remain safe and secure. Sponsored by Wind River.
  • Powering the Industrial Internet of Things Recorded: Jun 22 2017 61 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    Don’t confuse the Internet of Things (IoT) with the Industrial IoT (IIoT), which typically has much more stringent characteristics. That’s because the IIoT usually involves some sort of manufacturing, robotics, or other mission-critical application, where down-time can be measured in dollars, often lots of them. In Day 3 of this three-day class, we’ll look at how to best power your IIoT application, which could include FPGA power and design considerations for high-speed RS-485 data links. The class will use the Intersil PowerCompass tool to help simplify the design. Day 3 sponsored by Intersil
  • Designing for Safety in Non-Mobile Applications Recorded: Jun 21 2017 60 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    Ensuring that currents don’t exceed safe levels is just one area that will be explored in Day 2 of this three-day class. Using specific product examples to remove the guesswork, our expert instructor will explain how to protect against overcurrent damage using a 12-V buck regulator family as the design example. You’ll also get an understanding of how linear and low drop-out (LDO) regulators operate, including their key performance parameters. Day 2 sponsored by Intersil
  • Designing for Safety in Battery-Powered Applications Recorded: Jun 20 2017 62 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    Recent events have proven that you can never be too careful when you’re designing batteries into your systems, and that covers everything from wearables to hybrid/EV battery packs. In Day 1 of this three-day class, we’ll look at how to make your battery packs safer; how to build a USB-to-controller interface that “talks” to a power device; and how to extend battery life in wearable devices. The class concludes with a question and answer period between the attendees and the expert instructor. Day 1 sponsored by Intersil.
  • IoT Device Management Recorded: Mar 23 2017 64 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    In our final class, we will look at the “Things” of the IoT – our nodes and devices – and how we can effectively commission, monitor, and detect problems in them throughout their lifecycle. We will look at methods for adding device management capabilities in our devices from the design stage as well as ways to add these capabilities in the legacy devices we looked at in the previous class. One topic we will look at is effective commissioning and decommissioning of devices in the network – how can we add or remove a node from the network without adversely impacting the rest of the network? Another area we will look at is security assurance and testing: how can we be sure of the device security – and how can we test it? And lastly we will look at maintenance. What methods can we use for testing devices or paths within the network and how can we effectively and safely perform system updates? To conclude our class, we will review our checklist and see what other issues we may need to be aware of in our IoT design. Day 3 sponsored by Wind River
  • Monitoring and Securing IoT Data and Communications Recorded: Mar 22 2017 61 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    In our second class, we will begin at the heart of the Internet of Things – the sending and receiving of data to our “things.” Whether it’s collecting a simple room temperature reading or capturing a video frame for analysis, the IoT enables us to collect huge amounts of data for analysis then send out data in the form of commands or as human-readable data. The diversity of end devices makes this task difficult at best, as it involves myriad data types and protocols. This is key as we want to ensure the safety, security, and integrity of that data from its source to its intended destination. We will look at various methods we can use in our device design to effectively monitor and secure our data flow throughout the entire IoT network. Also, we will look at ways that we can approach communications issues with different protocols and physical layers in our network, which often consist of legacy devices that were not originally designed for the robustness required in the IoT. Day 2 sponsored by Wind River
  • IoT Overview and the Major Issues Recorded: Mar 21 2017 61 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    In this lead-off class, we will briefly review the principles of the IoT and some of the basic configurations that we may encounter (star with gateway, tree, and mesh) and how the devices are best connected to maximize efficiency. We will look at the major issues we face as these networks and associated “things” become more complex, including data issues, communication issues, device monitoring and troubleshooting, and system security. We will identify potential weaknesses in each of these areas and compile a checklist of features that we need in a management system that will carry out these needs. We will also look at ways to prioritize the criticality of the devices and/or their data to help us in assigning levels of security and monitoring capabilities (for example, a temperature sensor used to sense a fire versus a temperature sensor for outside ambient temperature). Day 1 sponsored by Wind River
  • The Software is the Differentiator Recorded: Dec 15 2016 61 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    Putting together the various pieces of an IoT system is like assembling a jigsaw puzzle. But it's a finite task that most engineers can get through. When it comes to the operating system, other runtime software and the development tools available, here are seemingly endless possibilities. Hence, on Day 3 of this three-day class, we'll help you figure out what software is needed for your system, where you can find that software, how you can evaluate the software, what tools are available to help assemble the pieces and build your applications, and how to test it after it's been deployed. Day 3 sponsored by Intel.
  • Building Out Your IoT Application Recorded: Dec 14 2016 59 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    While we can't build your complete system, we can take you through some of the key stages that'll put you well on the way toward finishing your design. In Day 2 of this three-day class, we'll look at the common subsystems with an IoT edge device and what you need to know to connect to the Fog and the Cloud. We'll also show you what some of the typical hurdles/stumbling blocks are, and most importantly, we'll show you how to navigate that slippery slope using an Intel Atom processor as our design example. Day 2 sponsored by Intel.
  • Determine Which Processor is Right for your IoT Application Recorded: Dec 13 2016 60 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    All processors are the same, right? Well, not exactly. In fact, they vary greatly in terms of price, performance, power consumption, and a host of other features that can make or break your design. In Day 1 of this three-part class, we will go over different design requirements and where the Intel Atom processor fits. Then we'll get into the feature set that's best for your specific IoT application: performance, security, media processing, image processing, time coordinated, computing, etc. Day 1 sponsored by Intel.
  • Mitigate the Software Supply-Chain Risk Recorded: Nov 17 2016 60 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    Class 3 will delve into mitigating software supply-chain risk by implementing a thorough security audit process of one’s software, which has become more critical as more code is being “leveraged” as opposed to written. We will discuss potential risks of leveraged code: previously trusted legacy code, commercial third-party code, and open-source code. We will discuss binary analysis technologies for efficiently assessing risk. This need is growing as too often this code isn’t properly tested, especially with the specific target hardware. The instructor will be covering both the technical aspects and the process that should be followed, with special attention paid to software that’s written for the IoT. Day 3 sponsored by GrammaTech.
  • Don’t Let Concurrency Bring your System Down Recorded: Nov 16 2016 61 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    Class 2 will be a follow-on topic to class 1, where we will discuss the concept of concurrency. It’s clear that today’s developers need to be designing more efficient and higher performing applications using multi-threading, and testers need to understand how to efficiently pinpoint potential race conditions caused by concurrency defects that will lead to system failure. This is especially true when it comes to programming for multicore processors. Within the class, we will provide key insights and techniques for identifying concurrency defects, key to quality and safety, particularly as it pertains to the Internet of Things (IoT). Day 2 sponsored by GrammaTech.
  • Use Proper Taint Analysis, Especially in the IoT Recorded: Nov 15 2016 61 mins
    Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
    In this class, we will teach software developers, testers, and analysts how taint analysis can identify exploitable areas within an application and/or system that could be used as an entry point by a hacker. Using IoT as our example, we will help perform proper taint analysis, evaluating how data modified purposely by a user or system (such as a variable set by a field in a web form or a package of information send across an automotive CAN bus) poses a potential security risk. With the continuing surge in code and data spawned by the IoT’s popularity, this is especially needed to maximize security and maintain an efficient data flow, regardless of whether it’s data within an application or data that’s transferred between applications. Given the enormous increase in application and system connectivity, all software should be analyzed for taint defects. Day 1 sponsored by GrammaTech.
  • The Future of 3D Printing Recorded: Oct 27 2016 61 mins
    Jim Snodgrass, Technical Training Manager, Cimquest
    What's coming down the road, what to expect and what is just a myth?. This will cover where things will go including 4d printing, conductive materials, bionic applications, accessible metal printing, true mass customization and if there will ever be a 3d printer in every home. You'll walk away with some ideas on what to look out for in technological advancements and how you can put yourself in a position to take advantage of these coming advancements. Day 3 sponsored by Stratasys
  • 3D Printing - Application Beyond Prototyping Recorded: Oct 26 2016 61 mins
    Jim Snodgrass, Technical Training Manager, Cimquest
    Advanced processes and practices that show the value of 3d printing as a process and production aide. We will discuss the more cutting edge applications, who is advancing these methods and why? Also we will explore the less complex but most impactful applications being used in industry. This will help you understand what is possible when you start to really dive into how the technologies can be used. Day 2 sponsored by Stratasys
Educational events hosted by industry experts.
Educational events hosted by industry experts, brought to you by OpenSystems Media.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Use Proper Taint Analysis, Especially in the IoT
  • Live at: Nov 15 2016 4:00 pm
  • Presented by: Charles J. Lord, PE, President & Chief Trainer, Blue Ridge Advanced Design and Automation
  • From:
Your email has been sent.
or close