The Huawei and Snowden Questions : : Can Electronic Equipment from Untrusted Vendors Be Verified? Can an Untrusted Vendor Build Trust into Electronic Equipment?
Saved in:
| Superior document: | Simula SpringerBriefs on Computing Series ; v.4 |
|---|---|
| : | |
| Place / Publishing House: | Cham : : Springer International Publishing AG,, 2018. ©2018. |
| Year of Publication: | 2018 |
| Edition: | 1st ed. |
| Language: | English |
| Series: | Simula SpringerBriefs on Computing Series
|
| Online Access: | |
| Physical Description: | 1 online resource (123 pages) |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Table of Contents:
- Intro
- Foreword
- Preface
- Contents
- 1 Introduction
- 1.1 A New Situation
- 1.2 What Are We Afraid Of?
- 1.3 Huawei and ZTE
- 1.4 Trust in Vendors
- 1.5 Points of Attack
- 1.6 Trust in Vendors Is Different from Computer Security
- 1.7 Why the Problem Is Important
- 1.8 Advice for Readers
- References
- 2 Trust
- 2.1 Prisoner's Dilemma
- 2.2 Trust and Game Theory
- 2.3 Trust and Freedom of Choice
- 2.4 Trust, Consequence, and Situation
- 2.5 Trust and Security
- 2.6 Trusted Computing Base
- Trust Between Components
- 2.7 Discussion
- References
- 3 What Is an ICT System?
- 3.1 Transistors and Integrated Circuits
- 3.2 Memory and Communication
- 3.3 Processors and Instruction Sets
- 3.4 Firmware
- 3.5 Operating Systems, Device Drivers, Hardware Adaptation Layers, and Hypervisors
- 3.6 Bytecode Interpreters
- 3.7 The Application on Top
- 3.8 Infrastructures and Distributed Systems
- 3.9 Discussion
- References
- 4 Development of ICT Systems
- 4.1 Software Development
- 4.2 Hardware Development
- 4.3 Security Updates and Maintenance
- 4.4 Discussion
- References
- 5 Theoretical Foundation
- 5.1 Gödel and the Liar's Paradox
- 5.2 Turing and the Halting Problem
- 5.3 Decidability of Malicious Behaviour
- 5.4 Is There Still Hope?
- 5.5 Where Does This Lead Us?
- References
- 6 Reverse Engineering of Code
- 6.1 Application of Reverse Engineering in ICT
- 6.2 Static Code Analysis
- 6.3 Disassemblers
- 6.4 Decompilers
- 6.5 Debuggers
- 6.6 Anti-reversing
- 6.7 Hardware
- 6.8 Discussion
- References
- 7 Static Detection of Malware
- 7.1 Malware Classes
- 7.2 Signatures and Static Code Analysis
- 7.3 Encrypted and Oligomorphic Malware
- 7.4 Obfuscation Techniques
- 7.5 Polymorphic and Metamorphic Malware
- 7.6 Heuristic Approaches
- 7.7 Malicious Hardware.
- 7.8 Specification-Based Techniques
- 7.9 Discussion
- References
- 8 Dynamic Detection Methods
- 8.1 Dynamic Properties
- 8.2 Unrestricted Execution
- 8.3 Emulator-Based Analysis
- 8.4 Virtual Machines
- 8.5 Evasion Techniques
- 8.6 Analysis
- 8.7 Hardware
- 8.8 Discussion
- References
- 9 Formal Methods
- 9.1 Overview
- 9.2 Specification
- 9.3 Programming Languages
- 9.4 Hybrid Programming and Specification Languages
- 9.5 Semantic Translation
- 9.6 Logics
- 9.7 Theorem Proving and Model Checking
- 9.8 Proof-Carrying Code
- 9.9 Conclusion
- References
- 10 Software Quality and Quality Management
- 10.1 What is Software Quality Management?
- 10.2 Software Development Process
- 10.3 Software Quality Models
- 10.4 Software Quality Management
- 10.5 Software Quality Metrics
- 10.6 Standards
- 10.7 Common Criteria (ISO/IEC 15408)
- 10.8 Software Testing
- 10.9 Verification Through Formal Methods
- 10.10 Code Review
- 10.11 Discussion
- References
- 11 Containment of Untrusted Modules
- 11.1 Overview
- 11.2 Partial Failures and Fault Models
- 11.3 Erlang: A Programming Language Supporting Containment
- 11.4 Microservices: An Architecture Model Supporting Containment
- 11.5 Hardware Containment
- 11.6 Discussion
- References
- 12 Summary and Way Forward
- 12.1 Summary of Findings
- 12.2 The Way Forward
- 12.2.1 Encryption
- 12.2.2 Formal Methods
- 12.2.3 Heterogeneity and Containment
- 12.3 Concluding Remarks.