Muutke küpsiste eelistusi

E-raamat: Huawei and Snowden Questions: Can Electronic Equipment from Untrusted Vendors be Verified? Can an Untrusted Vendor Build Trust into Electronic Equipment?

4.00/5 (19 hinnangut Goodreads-ist)
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 4,08 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Huawei and Snowden Questions: Can Electronic Equipment from Untrusted Vendors be Verified? Can an Untrusted Vendor Build Trust into Electronic Equipment?Suurem pilt
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Preliminary

This book is open access under a CC BY 4.0 license.

This book answers two central questions: firstly, is it at all possible to verify electronic equipment procured from untrusted vendors? Secondly, can I build trust into my products in such a way that I support verification by untrusting customers? In separate chapters the book takes readers through the state of the art in fields of computer science that can shed light on these questions. In a concluding chapter it discusses realistic ways forward.

In discussions on cyber security, there is a tacit assumption that the manufacturer of equipment will collaborate with the user of the equipment to stop third-party wrongdoers. The Snowden files and recent deliberations on the use of Chinese equipment in the critical infrastructures of western countries have changed this. The discourse in both cases revolves around what malevolent manufacturers can do to harm their own customers, and the importance of the matter is on par with questions of national security.

This book is of great interest to ICT and security professionals who need a clear understanding of the two questions posed in the subtitle, and to decision-makers in industry, national bodies and nation states.

1 Introduction
1(10)
1.1 A New Situation
2(1)
1.2 What Are We Afraid Of?
2(2)
1.3 Huawei and ZTE
4(1)
1.4 Trust in Vendors
5(1)
1.5 Points of Attack
6(1)
1.6 Trust in Vendors Is Different from Computer Security
6(1)
1.7 Why the Problem Is Important
7(1)
1.8 Advice for Readers
8(3)
References
9(2)
2 Trust
11(10)
2.1 Prisoner's Dilemma
11(2)
2.2 Trust and Game Theory
13(1)
2.3 Trust and Freedom of Choice
14(1)
2.4 Trust, Consequence, and Situation
14(1)
2.5 Trust and Security
15(1)
2.6 Trusted Computing Base; Trust Between Components
16(1)
2.7 Discussion
17(4)
References
18(3)
3 What Is an ICT System?
21(10)
3.1 Transistors and Integrated Circuits
21(1)
3.2 Memory and Communication
22(1)
3.3 Processors and Instruction Sets
23(1)
3.4 Firmware
24(1)
3.5 Operating Systems, Device Drivers, Hardware Adaptation Layers, and Hypervisors
25(1)
3.6 Bytecode Interpreters
26(1)
3.7 The Application on Top
26(1)
3.8 Infrastructures and Distributed Systems
27(1)
3.9 Discussion
28(3)
References
29(2)
4 Development of ICT Systems
31(8)
4.1 Software Development
31(3)
4.2 Hardware Development
34(1)
4.3 Security Updates and Maintenance
35(1)
4.4 Discussion
36(3)
References
37(2)
5 Theoretical Foundation
39(8)
5.1 Godel and the Liar's Paradox
39(1)
5.2 Turing and the Halting Problem
40(1)
5.3 Decidability of Malicious Behaviour
41(2)
5.4 Is There Still Hope?
43(1)
5.5 Where Does This Lead Us?
44(3)
References
45(2)
6 Reverse Engineering of Code
47(10)
6.1 Application of Reverse Engineering in ICT
47(2)
6.2 Static Code Analysis
49(1)
6.3 Disassemblers
50(1)
6.4 Decompilers
50(1)
6.5 Debuggers
51(1)
6.6 Anti-reversing
51(1)
6.7 Hardware
52(1)
6.8 Discussion
53(4)
References
54(3)
7 Static Detection of Malware
57(10)
7.1 Malware Classes
57(2)
7.2 Signatures and Static Code Analysis
59(1)
7.3 Encrypted and Oligomorphic Malware
59(1)
7.4 Obfuscation Techniques
60(2)
7.5 Polymorphic and Metamorphic Malware
62(1)
7.6 Heuristic Approaches
62(1)
7.7 Malicious Hardware
63(1)
7.8 Specification-Based Techniques
64(1)
7.9 Discussion
64(3)
References
65(2)
8 Dynamic Detection Methods
67(8)
8.1 Dynamic Properties
67(1)
8.2 Unrestricted Execution
68(1)
8.3 Emulator-Based Analysis
69(1)
8.4 Virtual Machines
69(1)
8.5 Evasion Techniques
70(1)
8.6 Analysis
70(1)
8.7 Hardware
71(1)
8.8 Discussion
72(3)
References
73(2)
9 Formal Methods
75(12)
9.1 Overview
75(2)
9.2 Specification
77(1)
9.3 Programming Languages
78(1)
9.4 Hybrid Programming and Specification Languages
79(1)
9.5 Semantic Translation
80(1)
9.6 Logics
81(1)
9.7 Theorem Proving and Model Checking
81(1)
9.8 Proof-Carrying Code
82(1)
9.9 Conclusion
82(5)
References
83(4)
10 Software Quality and Quality Management
87(12)
10.1 What is Software Quality Management?
87(1)
10.2 Software Development Process
88(1)
10.3 Software Quality Models
89(1)
10.4 Software Quality Management
90(1)
10.5 Software Quality Metrics
90(1)
10.6 Standards
91(1)
10.7 Common Criteria (ISO/TEC 15408)
92(1)
10.8 Software Testing
93(1)
10.9 Verification Through Formal Methods
94(1)
10.10 Code Review
94(1)
10.11 Discussion
95(4)
References
96(3)
11 Containment of Untrusted Modules
99(10)
11.1 Overview
99(1)
11.2 Partial Failures and Fault Models
100(1)
11.3 Erlang: A Programming Language Supporting Containment
101(1)
11.4 Microservices: An Architecture Model Supporting Containment
102(2)
11.5 Hardware Containment
104(1)
11.6 Discussion
104(5)
References
106(3)
12 Summary and Way Forward
109
12.1 Summary of Findings
109(3)
12.2 The Way Forward
112(3)
12.2.1 Encryption
112(1)
12.2.2 Formal Methods
113(1)
12.2.3 Heterogeneity and Containment
114(1)
12.3 Concluding Remarks
115
Olav Lysne is Director and founder of the Center for Resilient Networks and Applications (CRNA) at Simula research laboratory, and professor in computer science at Simula and the University of Oslo. He holds a PhD in Computer Science from the University of Oslo, and his   experience in research, education, management and innovation reaches back to 1989. 

Lysne was the leader of a National Commission that assessed whether the Norwegian Intelligence Service (Etterretningstjenesten) should be allowed to do lawful interception of Internet-traffic crossing the national borders of Norway (Lysne II utvalget).  The commission started its work in January 2016, and handed over its report to the Norwegian Minister of Defence in August 2016.

Lysne was the leader of National Commission for Digital Vulnerability formed by the Norwegian government (Lysne I utvalget). The commission was active from August 2014 to September 2015, and consisted of nine experts from all relevant sectors in Norway.  Their mandate was to write a report that forms the basis for the Government's cyber-policy. 



The early research contributions of Lysne were in the field of algebraic specification and term rewriting, with a particular emphasis on automated deduction.  While working in this field he was a visiting researcher at Université de Paris-Sud.  Later in his career he has been working on resilient computer architecture for supercomputing and cloud infrastructures, routing and switching techniques for IP-networks and measurement of national network infrastructures.



Since 2010 Lysne has been working on developing methods for measurement of resilience in Mobile Broadband Networks.   This work has resulted in the formation of a nation-wide monitoring system of mobile broadband in Norway, funded directly by the Norwegian government.  This system has been extended to Sweden, Italy and Spain through the EU project MONROE.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97833197495016e.html