@article{14386,
  keywords = {Computer crime, Software Engineering, Computer architecture, Malware, Computer security, Supply chain management},
  author = {Olav Lysne and Kjell Hole and Christian Otterstad and {\O}yvind Ytrehus and Raymond Aarseth and J{\o}rgen Tellnes},
  title = {Vendor malware: detection limits and mitigation},
  abstract = {Computing device vendors can introduce malware that is nearly impossible to detect with known methods, but microservice solutions can limit the negative impact. Malware contains instructions whose execution negatively impacts stakeholders, typically leading to unauthorized access and computation, data theft, loss of privacy, inability to inspect data, or prolonged downtime. A computing system\&$\#$39;s robustness to malware attacks strongly depends on the ability of the technical system and its stakeholders to either detect inactive malware before it executes or to detect active executing malware as soon as possible, before it causes serious damage. Many previous works discuss the general difficulty of detecting malware, but we focus on the ability of buyers and other legitimate stakeholders to detect malware inserted in computing devices by vendors and other insiders with access to the devices before they reach the buyers.},
  year = {2016},
  journal = {IEEE Computer},
  volume = {49},
  pages = {62-69},
  month = {08/2016},
  publisher = {IEEE},
  issn = {0018-9162},
  doi = {10.1109/MC.2016.227},
}