Huawei and Snowden Questions Can Electronic Equipment from Untrusted Vendors be Verified? Can an Untrusted Vendor Build Trust into Electronic Equipment?
Produktdetaljer
Om bidragsyterne
Olav Lysne is Director and founder of the Center for Resilient Networks and Applications (CRNA) at Simula research laboratory, and professor in computer science at Simula and the University of Oslo. He holds a PhD in Computer Science from the University of Oslo, and his experience in research, education, management and innovation reaches back to 1989.
Lysne was the leader of a National Commission that assessed whether the Norwegian Intelligence Service (Etterretningstjenesten) should be allowed to do lawful interception of Internet-traffic crossing the national borders of Norway (Lysne II utvalget). The commission started its work in January 2016, and handed over its report to the Norwegian Minister of Defence in August 2016.
Lysne was the leader of National Commission for Digital Vulnerability formed by the Norwegian government (Lysne I utvalget). The commission was active from August 2014 to September 2015, and consisted of nine experts from all relevant sectors in Norway. Their mandate was to write a report that forms the basis for the Government's cyber-policy.The early research contributions of Lysne were in the field of algebraic specification and term rewriting, with a particular emphasis on automated deduction. While working in this field he was a visiting researcher at Université de Paris-Sud. Later in his career he has been working on resilient computer architecture for supercomputing and cloud infrastructures, routing and switching techniques for IP-networks and measurement of national network infrastructures.
Since 2010 Lysne has been working on developing methods for measurement of resilience in Mobile Broadband Networks. This work has resulted in the formation of a nation-wide monitoring system of mobile broadband in Norway, funded directly by the Norwegian government. This system has been extended to Sweden, Italy and Spain through the EU project MONROE.
This open access book answers two central questions: firstly, is it at all possible to verify electronic equipment procured from untrusted vendors? Secondly, can I build trust into my products in such a way that I support verification by untrusting customers? In separate chapters the book takes readers through the state of the art in fields of computer science that can shed light on these questions. In a concluding chapter it discusses realistic ways forward.
In discussions on cyber security, there is a tacit assumption that the manufacturer of equipment will collaborate with the user of the equipment to stop third-party wrongdoers. The Snowden files and recent deliberations on the use of Chinese equipment in the critical infrastructures of western countries have changed this. The discourse in both cases revolves around what malevolent manufacturers can do to harm their own customers, and the importance of the matter is on par with questions of national security.
This book is of great interest to ICT and security professionals who need a clear understanding of the two questions posed in the subtitle, and to decision-makers in industry, national bodies and nation states.
1 Introduction.- 2 Trust.- 3 What is an ICT-System?.- 4 Development of ICT Systems.- 5 Theoretical Foundation.- 6 Reverse Engineering of Code.- 7 Static Detection of Malware.- 8 Dynamic Detection Methods.- 9 Formal Methods.- 10 Software Quality and Quality Management.- 11 Containment of Untrusted Modules.- 12 Summary and Way Forward.
This book is open access under a CC BY 4.0 license.
This book answers two central questions: firstly, is it at all possible to verify electronic equipment procured from untrusted vendors? Secondly, can I build trust into my products in such a way that I support verification by untrusting customers? In separate chapters the book takes readers through the state of the art in fields of computer science that can shed light on these questions. In a concluding chapter it discusses realistic ways forward.
In discussions on cyber security, there is a tacit assumption that the manufacturer of equipment will collaborate with the user of the equipment to stop third-party wrongdoers. The Snowden files and recent deliberations on the use of Chinese equipment in the critical infrastructures of western countries have changed this. The discourse in both cases revolves around what malevolent manufacturers can do to harm their owncustomers, and the importance of the matter is on par with questions of national security.
This book is of great interest to ICT and security professionals who need a clear understanding of the two questions posed in the subtitle, and to decision-makers in industry, national bodies and nation states.
Produktdetaljer
Om bidragsyterne
Olav Lysne is Director and founder of the Center for Resilient Networks and Applications (CRNA) at Simula research laboratory, and professor in computer science at Simula and the University of Oslo. He holds a PhD in Computer Science from the University of Oslo, and his experience in research, education, management and innovation reaches back to 1989.
Lysne was the leader of a National Commission that assessed whether the Norwegian Intelligence Service (Etterretningstjenesten) should be allowed to do lawful interception of Internet-traffic crossing the national borders of Norway (Lysne II utvalget). The commission started its work in January 2016, and handed over its report to the Norwegian Minister of Defence in August 2016.
Lysne was the leader of National Commission for Digital Vulnerability formed by the Norwegian government (Lysne I utvalget). The commission was active from August 2014 to September 2015, and consisted of nine experts from all relevant sectors in Norway. Their mandate was to write a report that forms the basis for the Government's cyber-policy.The early research contributions of Lysne were in the field of algebraic specification and term rewriting, with a particular emphasis on automated deduction. While working in this field he was a visiting researcher at Université de Paris-Sud. Later in his career he has been working on resilient computer architecture for supercomputing and cloud infrastructures, routing and switching techniques for IP-networks and measurement of national network infrastructures.
Since 2010 Lysne has been working on developing methods for measurement of resilience in Mobile Broadband Networks. This work has resulted in the formation of a nation-wide monitoring system of mobile broadband in Norway, funded directly by the Norwegian government. This system has been extended to Sweden, Italy and Spain through the EU project MONROE.