AuthorsO. Lysne, K. J. Hole, C. Otterstad, Ø. Ytrehus, R. Aarseth and J. Tellnes
TitleVendor malware: detection limits and mitigation
AfilliationCommunication Systems
Publication TypeJournal Article
Year of Publication2016
JournalIEEE Computer
Date Published08/2016
KeywordsComputer architecture, Computer crime, Computer security, Malware, Software Engineering, Supply chain management

Computing device vendors can introduce malware that is nearly impossible to detect with known methods, but microservice solutions can limit the negative impact. Malware contains instructions whose execution negatively impacts stakeholders, typically leading to unauthorized access and computation, data theft, loss of privacy, inability to inspect data, or prolonged downtime. A computing system's robustness to malware attacks strongly depends on the ability of the technical system and its stakeholders to either detect inactive malware before it executes or to detect active executing malware as soon as possible, before it causes serious damage. Many previous works discuss the general difficulty of detecting malware, but we focus on the ability of buyers and other legitimate stakeholders to detect malware inserted in computing devices by vendors and other insiders with access to the devices before they reach the buyers.


Contact person