BIECO

The general objective of BIECO is to develop a framework that enables measurable, risk-based trust while developing, deploying and operating complex interconnected ICT systems.

Objectives

We aim to achieve this by handling the reliability and trust aspects of ecosystem participants (ICT systems, ICT system components and actors) within the supply chain.

The following shows the specific SMART (Specific, Measurable, Achievable, Realistic, Time-bound) objectives of the project, taking into account the challenges of this kind of complex ecosystems.

Framework

Providing a framework that allows reinforcing trust in ICT supply chains (WP2).

Vulnerability assessment

Performing advanced vulnerability assessment over ICT supply chains (WP3).

Achieving resilience

Achieving resilience in ecosystems formed by unreliable components (WP4).

Extending auditing

Extending auditing process to evaluate interconnected ICT systems (WP5).

Advanced risk analysis

Provide advanced risk analysis and mitigation strategies that support a view of the complete ICT supply chain (WP6).

Security assurance

Perform evidence-based security assurance and a harmonized certification for ICT systems (WP7).

Industrial validation

Industrial validation of BIECO’s framework within IoT ecosystems (WP8).

Exploitable Results

Remote Updating – Upgrading of Vehicle Firmware

Securing remote and in-vehicle communications against cyber-attacks, possibly performed with quantum computers in the near future, is a major goal in the automotive sector. For such a purpose I-FEV focused on a thorough study and an architecture and protocol design to develop and implement a Service Over the Air (SOtA )system, starting from Electronic Control Unit (ECU) firmware update on its electric vehicles from remote.

Time Sensitive Network Simulation

Simulate the real time communication for the distributed based on the Time sensitive network simulation. Additionally, simulate the fail-operation clock synchronization methodology. This simulation will validate the communication stack.

Domain Specific Language

The domain specific language enables specification of digital twin behaviour in a manner that can enable a predicted evaluation of its trustworthy behaviour in a simulated environment.

Security Testing Tool

GdpR-based cOmbinatOrial Testing (GROOT) is a general combinatorial strategy for testing systems managing GDPR’s concepts (e.g., Data Subject, Personal Data or Controller).

Monitoring Tool

The monitoring tool is an infrastructure in charge of setting up and managing a monitoring component. It is based on event messages and enables the collection of complex events.

Extended MUD File

The extended Manufacturer Usage Description (MUD) file is an extension of the MUD Internet Engineering Task Force (IETF) standard. The MUD specification’s major goal is to limit the threat and attack surface of a certain IoT device by allowing manufacturers to establish network behaviour profiles for their devices. Each profile is built around a set of policies, or Access Control Lists (ACLs), that specify the communication’s endpoints.

Security Evaluation Methodology

Security evaluation methodology to evaluate the security of an ICT system. The methodology is based on standards such as ISO 31000 standard for Risk Management, the ISO 29119 standard for Security Testing or the MUD standard. The methodology defines a set of high-level steps that should be followed by the security evaluator and is intended to serve as a basis for the security certification. Moreover, the proposed methodology is intended to be generic enough to be instantiated though different techniques and tools.

ResilBlockly

This exploitation result consists in cybersecurity consultancy services supported by ResilBlockly (former Blockly4SoS), a Model-Driven Engineering tool that has been developed in the context of BIECO.

Fuzzing Tool

Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.

Vulnerability Detection Tool

Vulnerability Detection Tool will detect existing vulnerabilities within the source code which may lead to the successful execution of an attack.

Data Collection Tool

Data Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as for the failure prediction tools developed in T4.2.

About BIECO

The rationale behind BIECO’s concept is to deliver a framework for improving trust and security within ICT supply chains. These are complex ecosystems comprising several heterogeneous technologies, processes, actors (e.g., end-users, software or hardware providers and organizations) and resources, all of which generate or exchange data forming extremely complex information management systems.

Consortium

BIECO Project

SUBSCRIBE and become part of the BIECO community!

We don’t spam!

close

BIECO Project

SUBSCRIBE and become part of the BIECO community!

We don’t spam!

Share This