The general objective of BIECO is to develop a framework that enables measurable, risk-based trust while developing, deploying and operating complex interconnected ICT systems.
We aim to achieve this by handling the reliability and trust aspects of ecosystem participants (ICT systems, ICT system components and actors) within the supply chain.
The following shows the specific SMART (Specific, Measurable, Achievable, Realistic, Time-bound) objectives of the project, taking into account the challenges of this kind of complex ecosystems.
Advanced risk analysis
Provide advanced risk analysis and mitigation strategies that support a view of the complete ICT supply chain (WP6).
Perform evidence-based security assurance and a harmonized certification for ICT systems (WP7).
Extension of the Approach to the Communications within the Whole Supply Chain of the Microfactory
Once the secure communication with a vehicle has been demonstrated for remote FW update, it is straightforward to extend it to general Service-Over-the-Air architecture and even further.
Remote Updating – Upgrading of Vehicle Firmware
Securing remote and in-vehicle communications against cyber-attacks, possibly performed with quantum computers in the near future, is a major goal in the automotive sector. For such a purpose I-FEV focused on a thorough study and an architecture and protocol design to develop and implement a Service Over the Air (SOtA )system, starting from Electronic Control Unit (ECU) firmware update on its electric vehicles from remote.
Time Sensitive Network Simulation
Simulate the real time communication for the distributed based on the Time sensitive network simulation. Additionally, simulate the fail-operation clock synchronization methodology. This simulation will validate the communication stack.
Fail-operation clock synchronization methodology
Domain Specific Language
The domain specific language enables specification of digital twin behaviour in a manner that can enable a predicted evaluation of its trustworthy behaviour in a simulated environment.
Security Testing Tool
GdpR-based cOmbinatOrial Testing (GROOT) is a general combinatorial strategy for testing systems managing GDPR’s concepts (e.g., Data Subject, Personal Data or Controller).
The monitoring tool is an infrastructure in charge of setting up and managing a monitoring component. It is based on event messages and enables the collection of complex events.
Extended MUD File
The extended Manufacturer Usage Description (MUD) file is an extension of the MUD Internet Engineering Task Force (IETF) standard. The MUD specification’s major goal is to limit the threat and attack surface of a certain IoT device by allowing manufacturers to establish network behaviour profiles for their devices. Each profile is built around a set of policies, or Access Control Lists (ACLs), that specify the communication’s endpoints.
Security Evaluation Methodology
Security evaluation methodology to evaluate the security of an ICT system. The methodology is based on standards such as ISO 31000 standard for Risk Management, the ISO 29119 standard for Security Testing or the MUD standard. The methodology defines a set of high-level steps that should be followed by the security evaluator and is intended to serve as a basis for the security certification. Moreover, the proposed methodology is intended to be generic enough to be instantiated though different techniques and tools.
Log Forgery Blocker
Log Forgery Blocker – a brand new product on the market.
AI Investments Platform
Secured AI Investments platform using the outcome of the BIECO project.
This exploitation result consists in cybersecurity consultancy services supported by ResilBlockly (former Blockly4SoS), a Model-Driven Engineering tool that has been developed in the context of BIECO.
Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.
Vulnerability Propagation Tool
Vulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.
Vulnerability Exploitability Forecasting Tool
Vulnerability Exploitability Forecasting Tool will estimate the probability of a vulnerability to be exploited in the next 3, 6 or 12 months.
Vulnerability Detection Tool
Vulnerability Detection Tool will detect existing vulnerabilities within the source code which may lead to the successful execution of an attack.
Data Collection Tool
Data Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as for the failure prediction tools developed in T4.2.
BIECO Integrated Platform
BIECO Integrated Platform will integrate the tools in a loosely coupled way.
The rationale behind BIECO’s concept is to deliver a framework for improving trust and security within ICT supply chains. These are complex ecosystems comprising several heterogeneous technologies, processes, actors (e.g., end-users, software or hardware providers and organizations) and resources, all of which generate or exchange data forming extremely complex information management systems.
Barcelona IOT Solution World Congress – Official website
Barcelona IOT Solutiona World Congress - Official websitehttps://ecatalogue.firabarcelona.com/iotswc23/exhibitor/205777/detail?lang=en_GB UNINOVA Barcelona Cybersecurity Congress CYBERSECURITY Gran Via, Hall 4, Level 0, Street C, Stand 350 BIECO is an EU...
Barcelona IOT Solution World Congress – Day 3
Barcelona IOT Solutiona World Congress - Official websitehttps://www.firabarcelona.com/en/gran-via/ Fira de Barcelona is one of the most important trade fair organisations in Europe in terms of the volume and quality of its events, the high level of its venues and...
Barcelona IOT Solution World Congress – Day 2
Barcelona IOT Solutiona World Congress - Day 2
Barcelona IOT Solution World Congress – Day 1
Barcelona IOT Solution World Congress - Day 1
BIECO onsite meeting – Barcelona
BIECO onsite meeting – Barcelona - January 2023Discussions about the integration of the 3 use cases.
CISIS CONFERENCE 2022
CISIS 2022 15th International Conference on Computational Intelligence in Security for Information Systems International Joint Conferences SOCO-CISIS-ICEUTE-HAIS 2022 Proceedings CISIS ICEUTE...