Hardware/Firmware Security
The intent of the Hardware/Firmware Security Knowledge Unit is to provide students with an understanding of the diverse components in hardware/firmware, their roles, and the associated security concerns.
Topics
- Physical Vulnerabilities.
- Sourcing attacks
- Pirated, Fake, and Counterfeit Parts
- Supply chain disruption
- Bootloader vulnerabilities
- Microcode vulnerabilities
- Firmware vulnerabilities
- Physical Security Attributes
- Hardware side channel attacks
a. Timing
b. Power Analysis
c. Electromagnetic
d. RF analysis
e. Hardware insertion (smartcards, USB, bus devices)
f. Access through out-of-band management channels
Outcomes
- Outline physical vulnerabilities of hardware devices.
- Explain and make use of security capabilities implemented in hardware.
- Describe how systems are initialized and how software is validated and loaded.
- Describe the security role of intermediate software such as hardware abstraction layers or other forms of middleware.
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
ID |
DESCRIPTION |
K0280 |
Knowledge of systems engineering theories, concepts, and methods. |
K0169 |
Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. |
K0009 |
Knowledge of application vulnerabilities. |
K0015 |
Knowledge of computer algorithms. |
K0018 |
Knowledge of encryption algorithms |
K0172 |
Knowledge of middleware (e.g., enterprise service bus and message queuing). |