Abstraction: An abstraction is a representation of an object or concept. It could be something such as a door, a speedometer, or a data structure in computer science. Abstraction decouples the design from the implementation. The gauges in an automobile are an abstraction of the performance of a car. A map is an abstraction of the earth.
Least Privilege: One of the ways to protect information is by limiting what people can see and do with your information and resources. The principle of least privilege says to allow the minimum number of privileges necessary to accomplish the task.
Minimization: Minimization refers to having the least functionality necessary in a program or device. The goal of minimization is to simplify and decrease the number of ways that software can be exploited. This can include turning off ports that are not needed, reducing the amount of code running on a machine, and/or turning off unneeded features in an application. This lesson focuses specifically on turning off ports that aren’t in use. Unnecessairily open ports can lead to security issues.
Modularization: The concept of modularity is like building blocks. Each block (or module) can be put in or taken out from a bigger project. Each module has its own separate function that is interchangeable with other modules.
This lesson will introduce students to the Raspberry Pi platform, discuss its components and how they related to the Cybersecurity First Principles. Students will demonstrate their understanding of the component relationships by building a Raspberry Pi from a kit, booting it up, and installing updates. The Raspberry Pi will be the student’s primary computer for developing their own Internet of Things (IoT) app.
By the end of this lesson students will be able to:
The Raspberry Pi kit goes together very quickly; the main thing to remember is to ensure each student has ample room to spread out their parts and work. Some of the parts are small and once the students get started it often looks like Christmas morning with boxes and packing paper being flung everywhere. What tends to work well is to only unbox what is needed, as it’s needed, explain the part, and install it. After each step, ensure everyone is caught up before moving on.
Have the students unbox the Raspberry Pi and identify/discuss with them the various components shown in the diagram below:
This is an example of Modularity. The Raspberry Pi board has several components, each doing a specialized function. You will later add components such as a camera, keyboard, mouse, and power supply. At a higher level, the Raspberry Pi is a modular component in and of itself, fitting into a larger IoT application. The principle of Abstraction also applies here as the Raspberry Pi itself is an abstraction of all the supporting components doing the input/output/storage and processing functions.
Remove the backing paper from the heat sinks and stick them to the chips as shown in the picture below. The heat sinks look like silver plates with fins off the top. Heat sinks will help keep the chips below them cool by spreading the chips heat out over a larger area and exposing it to more air. Make sure that the larger heatsink goes on the larger chip, and the smaller heatsink on the smaller chip.
The micro SD card holds both Raspian, an operating system based on Debian Linux designed specifically for the Raspberry Pi, as well as any installed applications and user data. Due to its small size and accessibility, it is possible to have multiple SD cards with different operating systems and applications loaded. Simply removing the SD card and replacing with a different one can give the user a completely new computer environment. This is another example of the modularity principle.
The camera provides the ability for the Raspberry Pi to take photos and video. This is another example of modularity. The camera provides a special capability not native to the Pi, cutting down the cost of the basic Pi.
The case provides protection for the Raspberry Pi. It comes in three parts. If you are actively using the camera or GPIO ports the cover can be left off.
You have a couple options for mounting your camera for use:
With a brand new Raspberry Pi, although the operating system comes pre-loaded you will need to install it.
Now we need to tell the Raspberry Pi that you have installed a camera.
Even though you just assembled a brand new Raspberry Pi, it’s a good idea to update the software on the system. It’s very common that security updates or new application capabilities may have been recently developed but are not yet installed.
You will notice you get an error message. That is because installing or updating software requires administrative privileges. Although the user pi is an administrator, the Raspberry Pi enforces the first principle of least privilege which says a user should have no more privileges than what is needed to do their job. Generally, you do not need administrator privileges to use the Raspberry Pi so by default they are not provided. We need to tell the Pi we want to use administrative privileges by using the command
sudo, which is short for ‘super user do’. By proceeding a command with the command
sudo we are telling the system to execute that program as an administrator or super user. If the user is not an approved administrator this command will fail.
sudo apt-get update
apt-get is a Linux program used to install and update software. The option
update tells the operating system to download the most recent list of available software. Now enter the following:
sudo apt-get upgrade
The upgrade options to
apt-get tell the operating system to compare the current software against the new catalog you just downloaded with the update command. Any software that has a newer version is now downloaded and installed. The ability to update software removing vulnerabilities as well as remove software you are not using is an example of the First Principle of minimization. We are minimizing the amount of software an attacker could take advantage of.
Now that the software has been updated we are done with the Raspberry Pi for now and can turn it off. We could do this through the GUI with the mouse but since we already have a terminal window open, here’s a command to turn off the Raspberry Pi off from the command line:
Use Kahoot to assess comprehension:
sudodemonstrates the Cybersecurity First Principle: Least Privilege
Discuss to ensure all understand the material.
For more information, investigate the following.
Lesson content: Copyright (C) Doug Rausch 2017-2018.
This lesson is licensed by the author under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.