The Huawei and Snowden Questions : Can Electronic Equipment from Untrusted Vendors Be Verified? Can an Untrusted Vendor Build Trust into Electronic Equipment?

Intro -- Foreword -- Preface -- Contents -- 1 Introduction -- 1.1 A New Situation -- 1.2 What Are We Afraid Of? -- 1.3 Huawei and ZTE -- 1.4 Trust in Vendors -- 1.5 Points of Attack -- 1.6 Trust in Vendors Is Different from Computer Security -- 1.7 Why the Problem Is Important -- 1.8 Advice for Readers -- References -- 2 Trust -- 2.1 Prisoner's Dilemma -- 2.2 Trust and Game Theory -- 2.3 Trust and Freedom of Choice -- 2.4 Trust, Consequence, and Situation -- 2.5 Trust and Security -- 2.6 Trusted Computing Base -- Trust Between Components -- 2.7 Discussion -- References -- 3 What Is an ICT System? -- 3.1 Transistors and Integrated Circuits -- 3.2 Memory and Communication -- 3.3 Processors and Instruction Sets -- 3.4 Firmware -- 3.5 Operating Systems, Device Drivers, Hardware Adaptation Layers, and Hypervisors -- 3.6 Bytecode Interpreters -- 3.7 The Application on Top -- 3.8 Infrastructures and Distributed Systems -- 3.9 Discussion -- References -- 4 Development of ICT Systems -- 4.1 Software Development -- 4.2 Hardware Development -- 4.3 Security Updates and Maintenance -- 4.4 Discussion -- References -- 5 Theoretical Foundation -- 5.1 G�odel and the Liar's Paradox -- 5.2 Turing and the Halting Problem -- 5.3 Decidability of Malicious Behaviour -- 5.4 Is There Still Hope? -- 5.5 Where Does This Lead Us? -- References -- 6 Reverse Engineering of Code -- 6.1 Application of Reverse Engineering in ICT -- 6.2 Static Code Analysis -- 6.3 Disassemblers -- 6.4 Decompilers -- 6.5 Debuggers -- 6.6 Anti-reversing -- 6.7 Hardware -- 6.8 Discussion -- References -- 7 Static Detection of Malware -- 7.1 Malware Classes -- 7.2 Signatures and Static Code Analysis -- 7.3 Encrypted and Oligomorphic Malware -- 7.4 Obfuscation Techniques -- 7.5 Polymorphic and Metamorphic Malware -- 7.6 Heuristic Approaches -- 7.7 Malicious Hardware.

7.8 Specification-Based Techniques -- 7.9 Discussion -- References -- 8 Dynamic Detection Methods -- 8.1 Dynamic Properties -- 8.2 Unrestricted Execution -- 8.3 Emulator-Based Analysis -- 8.4 Virtual Machines -- 8.5 Evasion Techniques -- 8.6 Analysis -- 8.7 Hardware -- 8.8 Discussion -- References -- 9 Formal Methods -- 9.1 Overview -- 9.2 Specification -- 9.3 Programming Languages -- 9.4 Hybrid Programming and Specification Languages -- 9.5 Semantic Translation -- 9.6 Logics -- 9.7 Theorem Proving and Model Checking -- 9.8 Proof-Carrying Code -- 9.9 Conclusion -- References -- 10 Software Quality and Quality Management -- 10.1 What is Software Quality Management? -- 10.2 Software Development Process -- 10.3 Software Quality Models -- 10.4 Software Quality Management -- 10.5 Software Quality Metrics -- 10.6 Standards -- 10.7 Common Criteria (ISO/IEC 15408) -- 10.8 Software Testing -- 10.9 Verification Through Formal Methods -- 10.10 Code Review -- 10.11 Discussion -- References -- 11 Containment of Untrusted Modules -- 11.1 Overview -- 11.2 Partial Failures and Fault Models -- 11.3 Erlang: A Programming Language Supporting Containment -- 11.4 Microservices: An Architecture Model Supporting Containment -- 11.5 Hardware Containment -- 11.6 Discussion -- References -- 12 Summary and Way Forward -- 12.1 Summary of Findings -- 12.2 The Way Forward -- 12.2.1 Encryption -- 12.2.2 Formal Methods -- 12.2.3 Heterogeneity and Containment -- 12.3 Concluding Remarks.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2023. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.