I posted this in /r/softwaredevelopment, too but it's still waiting on mod approval :/ Anyway...
Hello everyone, I’m hoping someone could provide some guidance. I’m working the Capstone for my cybersecurity degree and it consists of solving a (security-related) problem for an organization. I’m really into quantum physics and cryptography, so my topic combines those two into a project which I’m sure we’ll see a lot more of over the next decade or so.
My project is to harden a small business from quantum attacks. To fit with a realistic threat model, my scenario will address a small software developer with valuable IP that a foreign nation (one with advancing quantum computers) would consider to be of high economic value. This fake company makes software for autonomous vehicles.
Here’s where I’m stuck. I’ve never worked in software company or as a developer. I'm trying to put together an imaginary firm's infrastructure so I can conduct my analysis, but my lack of experience in such a company is slowing me down. I was thinking of following a basic startup infrastructure laid out in this article https://about.gitlab.com/blog/2017/08/07/how-startups-build-it-infrastructure/ though it doesn’t give any attention to the physical network layout at all (I’m not sure how important that is either).
After laying out the infrastructure, “my security company” will harden the network as per guidelines set out in the book Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto by Roger Grimes. That book is the foundation for my IT solution which will involve ensuring systems are “crypto agile”, or can switch out cryptographic modules for algorithms that are quantum-resistant. The other main protections are increasing key lengths for symmetric and hash algorithms in use.
So, I just want to create a realistic network that I can modify to be protected against breaches of confidentiality, even if their data were intercepted. I was thinking of making a situation where the company moves source code and databases onto self-hosted systems and to make my improvements from there, but I don’t even know how realistic this is for an autonomous car software startup. I have so many questions, but many of them will depend on what sort of feedback or direction it’s suggested I take. I’ve started using Packet Tracer but I’m not required to create the network with it all, I just like it a lot. I would certainly appreciate any insight or resources I can learn from. Once I have something to fix, I’ll finally be able to move forward!
P.S. I also found the article at https://medium.com/@olley_io/what-software-do-autonomous-vehicle-engineers-use-part-1-2-275631071199 to be quite interesting, but it still doesn’t lead to me how their IT infrastructure might be set up. Also, stay safe and I hope you all stay healthy through this tough time.
No comments:
Post a Comment