Dr. Matthew Bradbury

Matthew Bradbury is a Senior Lecturer conducting research into security, context privacy and trust assessment in resource-constrained and distributed systems.

Security-by-design Securing a compromised system

Awais Rashid, Sana Belguith, Matthew Bradbury, Sadie Creese, Ivan Flechais, and Neeraj Suri. Security-by-design Securing a compromised system. In Rossfest Symposium. Cambridge, UK, 25 March 2025.

[ bibtex] [ file] [ project]

There has been a large effort to sell a concept of secure-by-design by both the UK, USA and others. The reality is that being secure-by-design is not realistic.

Perspectives

Specific aspects of being secure-by-design are feasible, for example, with the Digital Security by Design project which seeks to eliminate entire classes of memory vulnerabilities via new capabilities in CHERI hardware such as with Arm Morello.

However, the reality is that it is impossible to secure all aspects of a system by design.

  • Systems may interact or depend on systems which are not under the control of the system owner
  • Complex technology stacks provide scope for misplaced assumptions about threat models
  • Threat actors evolve quickly, so what was once appropriate to be considered secure is no longer
  • Critical systems evolve slowly, taking time and investment to change a system
  • Not all legacy systems are feasible to upgrade
  • Inter-dependencies with people can lead to unintended or new interactions within a system that were not secured

Therefore, in this paper we argue that we need to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.