Browse and download our research within the Publications category.


Who Owns Your Kernel?

Presented at Summercon 2021, we discuss the open source supply chains, information operations targeting them, and how to identify these attacks (with some crazy examples of course). This project, to explore and protect the integrity of open source code, was funded via DARPA's SocialCyber program.

Huawei and the Third Offset

In order to effectively mitigate the security risks posed by Huawei, the U.S. Department of Defense needs to fund and integrate cutting-edge technologies from the private sector.

Although concern over Huawei’s implications for national security remains high, current U.S. strategies against Huawei have largely been framed as a counter to Chinese spying and focused on retrospective actions, such as lobbying allies against adopting Huawei’s 5G kit (when those allies’ mobile networks are already dependent on Huawei infrastructure), and using the Department of Justice (DOJ) to hold Huawei accountable for intellectual property theft and sanction violations. Unnoted by many, however, is that Huawei’s actions are part of the military competition between Beijing and Washington, a cycle of technology offsets and counter offsets to offsets.

Read the Full Post from the Link Below:

The Risks of Huawei Risk Mitigation

While there is widespread agreement that Huawei devices in 5G infrastructure pose some risk to the U.S. and allied nations, the policy community—in particular the U.K.’s National Cyber Security Centre—has paid insufficient attention to the technical aspects. The discussion must examine not simply whether China would use this technology maliciously, but the specific threats that Huawei equipment could pose and the extent to which these threats can be mitigated. This is especially important in the face of recent news that the U.K.’s National Security Council has okayed the use of Huawei technology for the country’s new 5G network.

Read the Full Post from the Link Below:

Hacking the Motherboard – Exploiting Implicit Trust in all of the Forgotten Places

Our economy is becoming more specialized and more and more tasks are being automated. We must have confidence in these systems and the technical infrastructure that supports them. However, this confidence relies on too much implicit trust – overlooking serious risks. Assurance in this area is hard won, manual, and costly.

Last year, Bloomberg’s Big Hack article gave everyone a – questionably accurate but – much needed scare which forced companies to evaluate their exposure to supply chain intervention attacks. We need to understand the attack vectors and the inherent hardware vulnerabilities used by these backdoors, as well as the steps we can take to protect ourselves.

Several recent hacks highlight this problem including the ASUS software update hijacking, the SuperMicro supply chain, and the political-economic arguments for Huawei 5G. Including a technical overview of various types of hardware implants, the access they enable, and what we should be doing to detect and mitigate.


« Return to Recent Publications