Home > Research > Publications & Outputs > Security-by-design Securing a compromised system

Research

Associated organisational units

Electronic data

  • Rossfest2025

    Accepted author manuscript, 267 KB, PDF document

    Available under license: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License

View graph of relations

<del>Security-by-design</del> Securing a compromised system

Research output: Contribution to Journal/MagazineConference articlepeer-review

Forthcoming

Standard

<del>Security-by-design</del> Securing a compromised system. / Rashid, Awais; Belguith, Sana; Bradbury, Matthew et al.
In: Rossfest Symposium, 07.01.2025.

Research output: Contribution to Journal/MagazineConference articlepeer-review

Harvard

Rashid, A, Belguith, S, Bradbury, M, Creese, S, Flechais, I & Suri, N 2025, '<del>Security-by-design</del> Securing a compromised system', Rossfest Symposium.

APA

Rashid, A., Belguith, S., Bradbury, M., Creese, S., Flechais, I., & Suri, N. (in press). <del>Security-by-design</del> Securing a compromised system. Rossfest Symposium.

Vancouver

Rashid A, Belguith S, Bradbury M, Creese S, Flechais I, Suri N. <del>Security-by-design</del> Securing a compromised system. Rossfest Symposium. 2025 Jan 7.

Author

Rashid, Awais ; Belguith, Sana ; Bradbury, Matthew et al. / <del>Security-by-design</del> Securing a compromised system. In: Rossfest Symposium. 2025.

Bibtex

@article{f056e345c6d04f51bf4ceefabbbce7e1,
title = "Security-by-design Securing a compromised system",
abstract = "Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems that are highly cyber-physical in nature with complex intersections between humans and technologies, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Diverse legacy and non-legacy software systems underpinned by heterogeneous hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate and complicated supply-chains with many digital assets and services outsourced to third parties. The reality is that, at any particular point in time, there will be untrusted, partially-trusted or compromised elements across the infrastructure. Given this reality, and the societal scale of digital infrastructures, delivering secure and resilient operations is a major challenge. We argue that this requires us to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.",
author = "Awais Rashid and Sana Belguith and Matthew Bradbury and Sadie Creese and Ivan Flechais and Neeraj Suri",
year = "2025",
month = jan,
day = "7",
language = "English",
journal = "Rossfest Symposium",

}

RIS

TY - JOUR

T1 - Security-by-design Securing a compromised system

AU - Rashid, Awais

AU - Belguith, Sana

AU - Bradbury, Matthew

AU - Creese, Sadie

AU - Flechais, Ivan

AU - Suri, Neeraj

PY - 2025/1/7

Y1 - 2025/1/7

N2 - Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems that are highly cyber-physical in nature with complex intersections between humans and technologies, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Diverse legacy and non-legacy software systems underpinned by heterogeneous hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate and complicated supply-chains with many digital assets and services outsourced to third parties. The reality is that, at any particular point in time, there will be untrusted, partially-trusted or compromised elements across the infrastructure. Given this reality, and the societal scale of digital infrastructures, delivering secure and resilient operations is a major challenge. We argue that this requires us to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.

AB - Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems that are highly cyber-physical in nature with complex intersections between humans and technologies, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Diverse legacy and non-legacy software systems underpinned by heterogeneous hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate and complicated supply-chains with many digital assets and services outsourced to third parties. The reality is that, at any particular point in time, there will be untrusted, partially-trusted or compromised elements across the infrastructure. Given this reality, and the societal scale of digital infrastructures, delivering secure and resilient operations is a major challenge. We argue that this requires us to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.

M3 - Conference article

JO - Rossfest Symposium

JF - Rossfest Symposium

ER -