Yvo Desmedt's Research on Secure Outsourcing and Secure Globalization
Main research
The main research focused on critical infrastructures.
These were modeled using AND/OR graphs. A node in these graphs could
correspond to a factory, a storage facility, a modem, a computer,
etc. Edges correspond with communications/transportation.
The OR was used to model choice (e.g., in the case of the construction
of a car between different brands of car tires). The AND
was used to model that different components are needed.
Security aspects
Labeling the nodes in these graphs with the name of the country the
facility is located, allows to study the vulnerability in case these
nodes are shut down on a country bases. Due to the premature termination
of the DARPA F30602-97-1-0205 grant, this labeling was only briefly studied
in this context.
This approach however was used in
followup research on communication/transportation networks.
Obviously, with factory shutdowns at a global scale, due to COVID-19, this
topic is of current interest!
Papers on the topic
Presentations on the topic
Related Research
In October 1997, the US President's Commission on Critical Infrastructure
Protection published its report.
On March 5, 1998, the author (in a private e-mail) pointed out that
several infrastructures were missing. This was further worked
out in his October 1999
lecture. For the paper published in May 2000
click here.
Followup Research
Consider modems made in different countries. An organization is using these
in a computer network and is worried whether these modems have
state sponsored malware. Such malware, under control of a state, may perform
a Denial of Service Attack (DOS), i.e., shut down all modems made in a certain
country (countries), or may
use these modems for spying. This work was partially funded by CCR-0209092
and published
here.
Preliminary ideas on the use of labels (called color) to
model platform dependent attacks on nodes were published in the context of PKI
in
Comm. of ACM.
After Snowden's leak it was revealed that malicious ethernet cables can
perform active eavesdropping. We however considered such possibilities well
before the Snowden leak and in 2011 studied the topic of securing a network
against state sponsored DOS when the cables have state sponsored malware.
This work was published in
IPL.