> A system called TEMPEST that can tell if part of a computer has been compromised just from its electromagnetic emissions.
this is basically the only way you really can at this point, right?
with an increasing number of components per board assembly coming from a variety of sources, in a field where you can stuff an entire malicious payload inside a large capacitor, accounting for all counter-counter^n measures a nation-state can take...
all you can really validate is whether something under test functions identically to a known good copy/ies by watching its every move: will it behave the same way as 100 other copies we've built, factoring out thermal noise/environmental factors/TOP SECRET parameters
Where does it all end? I have a feeling that in the limit this turns into thermodynamics somehow.. Let's see, a component can behave correctly in one way, but be compromised in many possible ways. Taken together compromise is a higher entropy state.
Only if you label everything but the intended deterministic state "compromised", but when you put operator error and programming bugs into the "compromised" bucket, it's sort of loses it's meaning.
this is basically the only way you really can at this point, right?
with an increasing number of components per board assembly coming from a variety of sources, in a field where you can stuff an entire malicious payload inside a large capacitor, accounting for all counter-counter^n measures a nation-state can take...
all you can really validate is whether something under test functions identically to a known good copy/ies by watching its every move: will it behave the same way as 100 other copies we've built, factoring out thermal noise/environmental factors/TOP SECRET parameters