Hardware Supply Chain Security
Hardware Supply Chain Security
| Supervisor(s): | Michael Heinl, Nikolai Puch |
| Status: | open |
| Topic: | Others |
| Type of Thesis: | Guided Research |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
|
DescriptionLehrstuhl für Sicherheit in der Informatik / Prof. Dr. Claudia Eckert Guided Research Hardware Supply Chain Security Motivation Most customers put trust in their hardware vendors and the corresponding supply chain. No matter how well secured these customers’ own infrastructures are, this trust has the potential to devolve the weaknesses of their vendors (and even the vendors’ vendors etc.) into the customers’ own environment, constituting a blind spot in their overall security architecture. Proposals to address this multi-dimensional problem on the one hand include organizational measures as, for example, establishing Cyber Supply Chain Risk Management (C-SCRM) or demanding third-party certifications, which confirm conformance with standards such as the ISA/IEC 62443 series. On the other hand, technology-based approaches as, for example, physical unclonable functions or IDevID certificates can also help to decrease the amount of trust which has to be put into the hardware supply chain. Topic The overall goal of this guided research is to compile a comprehensive overview of the hardware supply chain security landscape including challenges and potential solutions/countermeasures. The focus should lie on but not solely be limited to industrial automation and control systems (IACS). The first part is to investigate both real-world incidents and academic approaches exploiting the hardware supply chain. Based on this preliminary research and reasoning, a holistic paradigm of trust relationships and corresponding problems in the hardware supply chain has to be derived and consolidated. In the second part, suitable countermeasures have to be investigated and mapped to this paradigm. These countermeasures should in turn be categorized based on their maturity (ready-to-use, academic PoC, proposal etc.). Requirements • Self-initiative and the ability to work in a self-directed way • Knowledge in the field of IT/IACS security Please attach a current grade sheet and a short CV to your application. Contact Michael Heinl Phone: +49 89 322-9986-125 Nikolai Puch Phone: +49 89 322-9986-142 Fraunhofer Research Institute for Applied and Integrated Security /AISEC Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de |
|