Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Beyond Security-by-design: Securing a compromised system

Awais Rashid, Sana Belguith, Matthew Bradbury, Sadie Creese, Ivan Flechais, Neeraj Suri

TL;DR

Convergent ultra-large-scale digital infrastructures face security challenges because outsourced components, legacy systems, complex interdependencies, and evolving threats invalidate security-by-design assumptions. The authors propose shifting to securing-a-compromised-system and outline four research dimensions—Predictability, Composition, Continual Assurance, and Incident Response—to address uncertainty, dynamic composition, ongoing assurance, and coordinated response. They critique current metrics, standards, and playbooks as insufficient for dynamic, cross-organizational environments, and argue for runtime reasoning and cross-domain orchestration to maintain safety and resilience. The paper frames a research agenda to guide both researchers and practitioners in building secure, resilient smart-city, Industry 4.0, and critical-infrastructure systems in which partial compromises are inevitable.

Abstract

Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems that are highly cyber-physical in nature with complex intersections between humans and technologies, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Diverse legacy and non-legacy software systems underpinned by heterogeneous hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate and complicated supply-chains with many digital assets and services outsourced to third parties. The reality is that, at any particular point in time, there will be untrusted, partially-trusted or compromised elements across the infrastructure. Given this reality, and the societal scale of digital infrastructures, delivering secure and resilient operations is a major challenge. We argue that this requires us to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.

Beyond Security-by-design: Securing a compromised system

TL;DR

Convergent ultra-large-scale digital infrastructures face security challenges because outsourced components, legacy systems, complex interdependencies, and evolving threats invalidate security-by-design assumptions. The authors propose shifting to securing-a-compromised-system and outline four research dimensions—Predictability, Composition, Continual Assurance, and Incident Response—to address uncertainty, dynamic composition, ongoing assurance, and coordinated response. They critique current metrics, standards, and playbooks as insufficient for dynamic, cross-organizational environments, and argue for runtime reasoning and cross-domain orchestration to maintain safety and resilience. The paper frames a research agenda to guide both researchers and practitioners in building secure, resilient smart-city, Industry 4.0, and critical-infrastructure systems in which partial compromises are inevitable.

Abstract

Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems that are highly cyber-physical in nature with complex intersections between humans and technologies, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Diverse legacy and non-legacy software systems underpinned by heterogeneous hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate and complicated supply-chains with many digital assets and services outsourced to third parties. The reality is that, at any particular point in time, there will be untrusted, partially-trusted or compromised elements across the infrastructure. Given this reality, and the societal scale of digital infrastructures, delivering secure and resilient operations is a major challenge. We argue that this requires us to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.
Paper Structure (8 sections)

This paper contains 8 sections.

Table of Contents

  1. Introduction
  2. Research Challenges
  3. Predictability
  4. Composition
  5. Continual Assurance
  6. Incident Response
  7. In Conclusion
  8. Acknowledgments.