Institute for Technology Assessment and  Systems Analysis (ITAS)

Quattro S: Security, Safety, Sovereignty, Social Product

  • Project team:

    Weber, Arnd (Project leader)

  • Start date:

    2017

  • End date:

    2019

  • Project partners:

    Fraunhofer SIT, Fraunhofer Singapore, RheinMain University of Applied Sciences, TU Berlin/T-Labs

  • Research group:

    Innovation processes and impacts of technology

Project description

This project will provide solutions to multiple problems. The first one is the security of information technology. The range of issues addressed includes zero-day exploits (e.g., WannaCry ransomware), denial of service attacks (e.g., Mirai), hardware attacks (e.g., based on the Meltdown and Spectre CPU flaws) up to novel types of hardware Trojans. The possibilities for these attacks originate from weaknesses in the long IT supply chains and threaten the confidentiality, integrity, and availability of systems.

The second problem is that these attacks can also threaten the safety of products, e.g., in energy infrastructures or in the automotive industry.

The third problem lies in the  loss of value added because of a migration of production and competences towards competing economies (e.g., US and China). Sovereignty would mean to have full control of the characteristics of information technology, to be sure that no hidden features are implemented, that no business secrets can be stolen, and to benefit economically from such control.

These objectives are difficult to meet because any component involved in the supply chain may have multiple flaws, possibly even due to problems in the development tools used. Furthermore, while more secure components will reduce overall costs, developing them may initially increase costs. Hence, regulation making secure systems mandatory can help because competing companies would operate under the same conditions. Since other parts of the world are also working on controlling the supply chains, research on options and there implementation in industry is indispensable.

The project will include the following activities:

  • Risk analysis
  • Exploration of technical options, such as (1) the control of the entire supply chain, from the application layers through to the operating system and the hardware and tools used; (2) open, certified and proven paths; (3) migration paths of solutions, e.g., from small systems to large ones
  • Exploration of supportive economic and legislative actions
  • Contribution to setting up a transition process and participation in the development of prototypes
  • Discussion of results, involving stakeholders, and refinement of options, prototypes, and product visions

The objectives will be pursued by means of expert interviews, dissemination activities, workshops, maintenance of a website, as well as participation in the specification and development of prototypes.

Further information in the flyer “Eradicate Faults and Backdoors in Information Technology and Facilitate Innovation”.

Events

Workshop on “Security and Sovereignty in the Information Technology Supply Chain”, organized by KIT, Fraunhofer SIT and Télécom ParisTech, on January 12, 2017

Selected publications

Weber, A.; Heiser, G.; Kuhlmann, D.; Schallbruch, M.; Chattopadhyay, A.; Guilley, S.; Kasper, M.; Krauß, C.; Krüger, P. S.; Reith, S.; Seifert, J.-P.
Secure IT without vulnerabilities and back doors. TATuP - Zeitschrift für Technikfolgenabschätzung in Theorie und Praxis 29(2020)1, S. 30-36
Volltext/pdf

Weber, A.; Reith, S.; Kuhlmann, D.; Kasper, M.; Seifert, J.-P.; Krauß, C.
Open source value chains for addressing security issues efficiently efficiency policies. In: IEEE Xplore (Hrsg.): Proceedings of the 3rd Annual IEEE Workshop on Cyber Resilience and and Economics (CRE 2018), 16.-20.07.2018, Lissabon, Portugal. Lissabon, Portugal: IEEE Conference Publications 2019, S. 599-606, DOI: 10.1109/QRS-C.2018.00105
Volltext/pdf

Weber, A.; Reith, S.; Kasper, M.; Kuhlmann, D.; Seifert, J.-P.; Krauß, C.
Sovereignty in information technology. Security, safety and fair market access by openness and control of the supply chain. Karlsruhe, Wiesbaden, Singapur, Darmstadt, Berlin: KIT-ITAS, HS RheinMain, Fraunhofer Singapur/SIT, TU Berlin 2018, publ. online
Volltext/pdf Titelbild/jpg

Publications


2020
Journal Articles
Weber, A.; Heiser, G.; Kuhlmann, D.; Schallbruch, M.; Chattopadhyay, A.; Guilley, S.; Kasper, M.; Krauß, C.; Krüger, P. S.; Reith, S.; Seifert, J.-P.
Sichere IT ohne Schwachstellen und Hintertüren.
2020. TATuP, 29 (1), 30–36. doi:10.14512/tatup.29.1.30Full textFull text of the publication as PDF document
2018
Journal Articles
Weber, A.; Guilley, S.; Kasper, M.; Krauß, C.; Krüger, P. S.; Kuhlmann, D.; Reith, S.; Seifert, J.-P.
IT-Sicherheit gründlich lösbar?.
2018. Zukunftsmotor, 2018 (2), 12–13 
Weber, A.; Krauß, C.; Reith, S.
Sichere, offene IT-Wertschöpfungskette.
2018. Funkschau, 2018 (12), 36–37 
Weber, A.; Reith, S.; Kasper, M.; Kuhlmann, D.; Seifert, J.-P.; Krauß, C.
Souveränität und die IT-Wertschöpfungskette.
2018. Datenschutz und Datensicherheit, 42 (5), 291–293. doi:10.1007/s11623-018-0943-z
Conference Papers
Weber, A.; Reith, S.; Kuhlmann, D.; Kasper, M.; Seifert, J.-P.; Kraub, C.
Open Source Value Chains for Addressing Security Issues Efficiently.
2018. 18th IEEE International Conference on Software Quality, Reliability, and Security Companion, QRS-C 2018; Lisbon; Portugal; 16 July 2018 through 20 July 2018, 599–606, Institute of Electrical and Electronics Engineers (IEEE). doi:10.1109/QRS-C.2018.00105
Reports/Preprints
Weber, A.; Reith, S.; Kasper, M.; Kuhlmann, D.; Seifert, J.-P.; Krauß, C.
Sovereignty and the information technology supply chain: Security, safety and fair market access by openness and control of the supply chain.
2018. Karlsruher Institut für Technologie (KIT) 
Presentations
Weber, A.
Cybersecurity for Industry.
2018. International Conference on Cyber Security Opportunities and Challenges (2018), Bangkok, Thailand, December 6–7, 2018 
Weber, A.
A Global Agenda.
2018. International Conference on Cyber Security Opportunities and Challenges (2018), Bangkok, Thailand, December 6–7, 2018 
Weber, A.
Full Stack Open Supply Chains.
2018. Fraunhofer Singapore (2018), Singapore, Singapore, December 12, 2018 
Weber, A.
Offenheit der IT Supply Chain einschließlich Tools und Fabs.
2018. Gulaschprogrammiernacht (GPN), Karlsruhe, 10.-13.Mai 2018 

Contact

Dr. Arnd Weber
Karlsruhe Institute of Technology (KIT)
Institute for Technology Assessment and Systems Analysis (ITAS)
P.O. Box 3640
76021 Karlsruhe
Germany