English

Beyond Security-by-design: Securing a compromised system

Cryptography and Security 2025-01-14 v1 Distributed, Parallel, and Cluster Computing Human-Computer Interaction Software Engineering

Abstract

Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems that are highly cyber-physical in nature with complex intersections between humans and technologies, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Diverse legacy and non-legacy software systems underpinned by heterogeneous hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate and complicated supply-chains with many digital assets and services outsourced to third parties. The reality is that, at any particular point in time, there will be untrusted, partially-trusted or compromised elements across the infrastructure. Given this reality, and the societal scale of digital infrastructures, delivering secure and resilient operations is a major challenge. We argue that this requires us to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.

Keywords

Cite

@article{arxiv.2501.07207,
  title  = {Beyond Security-by-design: Securing a compromised system},
  author = {Awais Rashid and Sana Belguith and Matthew Bradbury and Sadie Creese and Ivan Flechais and Neeraj Suri},
  journal= {arXiv preprint arXiv:2501.07207},
  year   = {2025}
}

Comments

Article for the Rossfest Symposium in memory of Ross Anderson, Cambridge, UK, 25 March 2025

R2 v1 2026-06-28T21:04:28.153Z