AuthorsO. Lysne, K. J. Hole, C. Otterstad, Ø. Ytrehus, R. Aarseth and J. Tellnes
TitleVendor malware: detection limits and mitigation
AfilliationCommunication Systems
StatusPublished
Publication TypeJournal Article
Year of Publication2016
JournalIEEE Computer
Volume49
Issue8
Pagination62-69
Date Published08/2016
PublisherIEEE
ISSN0018-9162
KeywordsComputer architecture, Computer crime, Computer security, Malware, Software Engineering, Supply chain management
Abstract

Computing device vendors can introduce malware that is nearly impossible to detect with known methods, but microservice solutions can limit the negative impact. Malware contains instructions whose execution negatively impacts stakeholders, typically leading to unauthorized access and computation, data theft, loss of privacy, inability to inspect data, or prolonged downtime. A computing system's robustness to malware attacks strongly depends on the ability of the technical system and its stakeholders to either detect inactive malware before it executes or to detect active executing malware as soon as possible, before it causes serious damage. Many previous works discuss the general difficulty of detecting malware, but we focus on the ability of buyers and other legitimate stakeholders to detect malware inserted in computing devices by vendors and other insiders with access to the devices before they reach the buyers.

DOI10.1109/MC.2016.227

Contact person