Building software that guarantees a secure network architecture

Professor Dr. Jan Nordholz is Professor of Secure and Trustworthy Network-Attached System Architectures. This is a joint professorship at PTB – National Metrology Institute of Germany and the Technische Universität Berlin; it is also associated with the Einstein Center Digital Future (ECDF). The 35-year-old, who has been interested in programming since he was a young child growing up in Hanover, initially studied mathematics and physics at Technische Universität Berlin for a few semesters before switching to computer science. He eventually completed a PhD in this subject, and took up his first postdoctoral position. Today, his research focuses on building software that guarantees a secure network architecture by, among other things, ensuring that different systems run securely and separately on one computer. “Examples include automotive applications such as navigation systems and distance control.  Or a smartphone with two operating systems that both access the same computer. Distance control still has to work even if, let's say, the navigation system fails,” explains Jan Nordholz. 

This requires system software that runs underneath the normal application software in the hierarchy, and ensures that the individual systems always run independently of each other. While this does not involve much code, it does place high demands on reliability. “There are different ways to achieve this,” says Nordholz. “I decided on a system in which you first write the code and then check retrospectively whether it fulfills all the necessary requirements. The main advantage of this approach is its speed.” Checking a code “retrospectively” means testing all possible events that could potentially occur using this code. That’s usually an impossible task, since the set of potential events and states is almost infinite. “However, the system software I have developed is so individually designed that it is tailored for only a few applications. This means that the number of possible events is not as great and can be tested,” explains the computer scientist. 

To give an example: Two different user environments are installed on a smartphone, an in-house company environment and a private one. It is crucial that the data from the two environments are securely separated from each other so that any virus that is caught while surfing the network privately cannot infiltrate the company’s internal operating environment and gain access to trade secrets. “The code used only has this one function, i.e. to separate these two Android worlds. This means the number of possible events to which this software must react is limited and can be simulated,” says Jan Nordholz.

PTB’s interest in this research topic lies, among other things, in the transfer of these concepts and procedures to devices such as supermarket scales or other measuring instruments whose software is subject to the special requirements of legal metrology in individual areas.