< Back to previous page

Publication

Security Through Transparency and Openness in Computer Design

Book Contribution - Book Chapter Conference Contribution

Trust in information technology depends on the level of security promised by the software and hardware stack operating on a platform. Consumers rely on cybersecurity updates of the software and firmware running on their devices to keep their privacy and data protected from malicious use. Businesses and governments procure technology which they expect to run for long periods and be kept in line with the state of the art in security. Presently, however, neither consumer, nor business solutions provide sufficient transparency regarding potential cybersecurity risks stemming from either the software or hardware stack embedded in them. Businesses need transparency in order to plan sustainable long-term operations, while consumers need devices that can be easily maintained and repaired and which offer sufficient information regarding real or perceived safety or security hazards. In the quest for security, transparency is a key sociotechnical requirement which lies at the core of trust in computing. As one of the most important abstractions interfacing the hardware and the lowest level software, the instruction set architecture (ISA) is perhaps the most essential element in the path to trust through transparency. Currently, however, the market is dominated by two proprietary ISAs in a duopolistic configuration, and their implementations are controlled by two major companies. This status quo has impacted significantly the integrated circuit supply chain in terms of both diversity and transparency. This paper argues that open ISAs, such as RISC-V, would bring much-needed democratisation of microprocessor design while enabling higher levels of security through their modular design and extensibility. However, open ISAs are facing certain technical, organisations and legal challenges that require conceptual interdisciplinary thinking and coordinated legislative and regulatory response.
Book: Garcia-Alfaro J., Leneutre J., Cuppens N., Yaich R. (eds) Risks and Security of Internet and Systems. CRiSIS 2020. Lecture Notes in Computer Science, vol 12528. Springer, Cham
Pages: 105 - 116
ISBN:978-3-030-68886-8
Publication year:2021
Accessibility:Open