Emerging Security Threats in Modern Digital Computing Systems: A Power Management Perspective

Shridevi, Rajesh Jayashankara

01 May 2019

Design of computing systems — from pocket-sized smart phones to massive cloud based data-centers — have one common daunting challenge : minimizing the power consumption. In this effort, power management sector is undergoing a rapid and profound transformation to promote clean and energy proportional computing. At the hardware end of system design, there is proliferation of specialized, feature rich and complex power management hardware components. Similarly, in the software design layer complex power management suites are growing rapidly. Concurrent to this development, there has been an upsurge in the integration of third-party components to counter the pressures of shorter time-to-market. These trends collectively raise serious concerns about trust and security of power management solutions. In recent times, problems such as overheating, performance degradation and poor battery life, have dogged the mobile devices market, including the infamous recall of Samsung Note 7. Power outage in the data-center of a major airline left innumerable passengers stranded, with thousands of canceled flights costing over 100 million dollars. This research examines whether such events of unintentional reliability failure, can be replicated using targeted attacks by exploiting the security loopholes in the complex power management infrastructure of a computing system. At its core, this research answers an imminent research question: How can system designers ensure secure and reliable operation of third-party power management units? Specifically, this work investigates possible attack vectors, and novel non-invasive detection and defense mechanisms to safeguard system against malicious power attacks. By a joint exploration of the threat model and techniques to seamlessly detect and protect against power attacks, this project can have a lasting impact, by enabling the design of secure and cost-effective next generation hardware platforms.

power management

security assurance

third party components

hardware trojan

Electrical and Computer Engineering

Usage of third party components in Heterogeneous systems : An empirical study

Raavi, Jaya Krishna

January 2016

Context: The development of complex systems of systems leads to high development cost, uncontrollable software quality and low productivity. Thus Component-based software development was used to improve development effort and cost of the software. Heterogeneous systems are the system of systems that consist of functionally independent sub-systems with at least one sub-system exhibiting heterogeneity with respect to other systems. The context of this study is to investigate the usage of third party components in heterogeneous systems. Objectives. In this study an attempt was made to investigate the usage of third party components in heterogeneous systems in order to accomplish the following objectives: Identify different types of third party components. Identify challenges faced while integrating third-party components in heterogeneous systems. Investigate the difference in test design of various third party components Identify what the practitioners learn from various third party components   Methods: We have conducted a systematic literature review by following Systematic literature review guidelines by Kitchenham to identify third party components used, challenges faced while integrating third-party components and test design techniques. Qualitative interviews were conducted in order to complement, supplement the finding from the SLR and further provide guidelines to the practitioners using third party components. The studies obtained from the SLR were analyzed in relation to the quality criteria using narrative analysis. The data obtained from interview results were analyzed using thematic analysis. Results: 31 primary studies were obtained from the systematic literature review (SLR).  3 types of third components, 12 challenges, 6 test design techniques were identified from SLR.  From the analysis of interviews, it was observed that a total of 21 challenges were identified which complemented the SLR results. In addition, from interview test design techniques used for testing of heterogeneous systems having third party components were investigated. Interviews have also provided 10 Recommendations for the practitioners using different types of third party components in the product development. Conclusions: To conclude, commercial of the shelf systems (COTS and Open software systems (OSS) were the third party components mainly used in heterogeneous systems rather than in-house software from the interview and SLR results. 21 challenges were identified from SLR and interview results. The test design for testing of heterogeneous systems having different third party components vary, Due to the non-availability of source code, dependencies of the subsystems and competence of the component. From the analysis of obtained results, the author has also proposed guidelines to the practitioners based on the type of third party components used for product development. / <p>All the information provided are correct as per my knowledge.</p>

Software Engineering

Programvaruteknik

Handling Third-Party Component Licenses:A Case Study in a Swedish Company : How well do existing license management tools detect potentially unsafe third-party component licenses?

Bruckner, Fanny, Njie, Isac

January 2023

Modern software development relies heavily on third-party components, which are pre-built software modules developed by other organisations and can be either open-source or commercial. These components serve as building blocks for developers to create complex applications more efficiently. What many do not know or realise is that all these third-party components come with licenses that might restrict the software, and it can become a challenge for companies that develop software to manage all the licenses that come with the used third-party components.This thesis investigates three third-party component license management tools: OWASP Dependency-Check, Snyk, and Debricked. The research question was:“How well can the three chosen third-party component license management tools, OWASP Dependency-Check, Snyk and Debricked detect potentially unsafe licenses within software projects?” To answer this question, controlled experiments were conducted to compare the functionality of these tools in two different projects: one advanced project, and one simple project. A comprehensive literature review was conducted to identify the lack of previous research, this provided a theoretical background for the study. The results of the controlled experiments proved that the three chosen tools can help developers in different ways as they satisfy different needs. For users looking to manage their dependencies, OWASP Dependency-Checkis a preferable option. Debricked has demonstrated its ability to detect potentially unsafe licenses in software projects and offers identification of license families. This feature can be valuable to developers as it simplifies the comprehension of the project’s licenses. Snyk, on the other hand, provided warnings about risks associated with licenses. While Debricked out-performed Snyk in license detection, Snyk still proved to be useful in identifying potentially unsafe licenses in software projects, specifically in this case. The findings of this thesis can benefit software developers, project managers, and organisations that rely on third-party components for their software development. The results of this study may be used to guide the selection and use of third-party components and the appropriate license management tools. Overall, this thesis adds to the body of knowledge on managing third-party component licenses and offers practical insights for methods of software development practices.

Third-party components

software licenses

component analysis tools

Software Engineering

Programvaruteknik