The general objective of BIECO is to develop a framework that enables measurable, risk-based trust while developing, deploying and operating complex interconnected ICT systems.
We aim to achieve this by handling the reliability and trust aspects of ecosystem participants (ICT systems, ICT system components and actors) within the supply chain.
The following shows the specific SMART (Specific, Measurable, Achievable, Realistic, Time-bound) objectives of the project, taking into account the challenges of this kind of complex ecosystems.
Once the secure communication with a vehicle has been demonstrated for remote FW update, it is straightforward to extend it to general Service-Over-the-Air architecture and even further.
Securing remote and in-vehicle communications against cyber-attacks, possibly performed with quantum computers in the near future, is a major goal in the automotive sector. For such a purpose I-FEV focused on a thorough study and an architecture and protocol design to develop and implement a Service Over the Air (SOtA )system, starting from Electronic Control Unit (ECU) firmware update on its electric vehicles from remote.
Simulate the real time communication for the distributed based on the Time sensitive network simulation. Additionally, simulate the fail-operation clock synchronization methodology. This simulation will validate the communication stack.
The domain specific language enables specification of digital twin behaviour in a manner that can enable a predicted evaluation of its trustworthy behaviour in a simulated environment.
GdpR-based cOmbinatOrial Testing (GROOT) is a general combinatorial strategy for testing systems managing GDPR’s concepts (e.g., Data Subject, Personal Data or Controller).
The monitoring tool is an infrastructure in charge of setting up and managing a monitoring component. It is based on event messages and enables the collection of complex events.
The extended Manufacturer Usage Description (MUD) file is an extension of the MUD Internet Engineering Task Force (IETF) standard. The MUD specification’s major goal is to limit the threat and attack surface of a certain IoT device by allowing manufacturers to establish network behaviour profiles for their devices. Each profile is built around a set of policies, or Access Control Lists (ACLs), that specify the communication’s endpoints.
Security evaluation methodology to evaluate the security of an ICT system. The methodology is based on standards such as ISO 31000 standard for Risk Management, the ISO 29119 standard for Security Testing or the MUD standard. The methodology defines a set of high-level steps that should be followed by the security evaluator and is intended to serve as a basis for the security certification. Moreover, the proposed methodology is intended to be generic enough to be instantiated though different techniques and tools.
Log Forgery Blocker – a brand new product on the market.
Secured AI Investments platform using the outcome of the BIECO project.
This exploitation result consists in cybersecurity consultancy services supported by ResilBlockly (former Blockly4SoS), a Model-Driven Engineering tool that has been developed in the context of BIECO.
Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.
Vulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.
Vulnerability Exploitability Forecasting Tool will estimate the probability of a vulnerability to be exploited in the next 3, 6 or 12 months.
Vulnerability Detection Tool will detect existing vulnerabilities within the source code which may lead to the successful execution of an attack.
Data Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as for the failure prediction tools developed in T4.2.
BIECO Integrated Platform will integrate the tools in a loosely coupled way.
The rationale behind BIECO’s concept is to deliver a framework for improving trust and security within ICT supply chains. These are complex ecosystems comprising several heterogeneous technologies, processes, actors (e.g., end-users, software or hardware providers and organizations) and resources, all of which generate or exchange data forming extremely complex information management systems.
CISIS 2022 15th International Conference on Computational Intelligence in Security for Information Systems International Joint Conferences SOCO-CISIS-ICEUTE-HAIS 2022 Proceedings CISIS ICEUTE...