Beyond Security-by-design: Securing a compromised system
Abstract
Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems that are highly cyber-physical in nature with complex intersections between humans and technologies, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Diverse legacy and non-legacy software systems underpinned by heterogeneous hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate and complicated supply-chains with many digital assets and services outsourced to third parties. The reality is that, at any particular point in time, there will be untrusted, partially-trusted or compromised elements across the infrastructure. Given this reality, and the societal scale of digital infrastructures, delivering secure and resilient operations is a major challenge. We argue that this requires us to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.
Cite
@article{arxiv.2501.07207,
title = {Beyond Security-by-design: Securing a compromised system},
author = {Awais Rashid and Sana Belguith and Matthew Bradbury and Sadie Creese and Ivan Flechais and Neeraj Suri},
journal= {arXiv preprint arXiv:2501.07207},
year = {2025}
}
Comments
Article for the Rossfest Symposium in memory of Ross Anderson, Cambridge, UK, 25 March 2025