The BIECO video presentation M18
The BIECO presentation
In the light of fast development of cyber threats, the complexity of heterogenous ICT ecosystems raise major security concerns.
In this regard, BIECO provides a set of tools and methodologies for building trust with respect to malicious attacks that can endanger the safety of a system and of the ecosystem.
More specifically, BIECO provides various mechanisms for malicious failure prediction and trust assurance, considering the design time and runtime phase of a system.
These mechanisms are instrumented by an online framework that connects various methods and tools.
Even though the approaches are general, for being more specific in explanations we exemplify the execution of BIECO within a robotic use case.
The research consortium, funded by the European Commission, through the Research and Innovation Program is composed of 11 partners, from 7 European countries (Portugal, Italy, Romania, Austria, Spain, Poland, Germany).
For the Design time phase, we will start with the Context Establishment, continue to the Risk Identification Step, further on the Security Testing and Security Assessment that result into the Labelling phase.
For runtime we present the auditing setup, followed by abstract rule definition, creation of Digital Twins, followed by teh execution of the Auditing framework.
The User Interface provides access to both Users and Tool Developers, in order to be able to define, control the status and interact with specific Tools.
Tools are defined in a similar fashion as Microservices, with asynchronous access, multi-tasking and loose-coupling. So, they are able to connect to the platform, receive and send data for specific jobs.
We define jobs as a collection of steps that need to be executed in order to provide some results to the user. One or more Tools can be defined in each Step, so they can be executed either in parallel or sequentially. This accommodates both the Runtime and Design-Time Methodologies, in an abstract, extendible and loosely-coupled way.
The BIECO Platform has 2 main components, the UI and the Orchestrator, components that cooperate and respond to User requests. Tools can be defined in the Tools section by Tool Developers. They can define different aspects, like endpoint, access tokens, inputs and also enable or disable the tool.
Services is the section that provides an overview of the connected Tools and their state. This page is continuously refreshed in order to retrieve the latest statuses. If any of the used Tools for a Methodology is not online, the platform will not be able to execute a specific Job.
Different projects for a user are defined as jobs, since they can be executed by a user. Defining a Job is easy, providing a name and description. Other information and settings will be defined as the project progresses.
The Job view has a direct connection with the UI and Orchestrator via a websocket connection. Any failure in the BIECO Platform will be immediately announced to the User. The Job’s status can be assessed from the overview, along with the last execution timestamp. The history table provides useful information about the last execution of the job with relevant events and results. This table can be downloaded in CSV format, for offline use.
The two Methodologies, Runtime and Design Time have their own tabs, with specific interface for both. Interaction with Tool UI’s can be done via specific buttons. Each Methodology provides its own possible actions, steps and results.
The Job execution does not stop when closing the browser window. It is possible to close it and come back later for the results.
The Data Collection Tool (DCT) allows the assessment a system’s components in terms of security and trust, before they are added to the supply chain.
It has a web interface and interacts with the other BIECO tools through a REST API.
The tool contains public and internal data. The public data refers to products, vulnerabilities, exploits and weaknesses. The desired information can be easily found using the DCT’s search facilities. For example, we can search for the vendor CANONICAL, which is the developer of UBUNTU, and find all its products and their vulnerabilities.
There are also searchers for products, versions, vulnerabilities, and weaknesses. The DCT also serves for MUD files storage. The internal data in the DCT is collected from the use cases and it refers to their software components and bugs. The information in the DCT is also used by the machine learning algorithms of BIECO, which are trained to forecast exploits and vulnerabilities.
In the BIECO UI, the user can find and open ResilBlockly in the Design Time tab. Authentication with ResilBlockly is performed in a silent way.
By opening the UC4 model, in Risk Assessment-> Communication rules, we select an interface of the modelled system and import the original MUD from DCT by specifying the related id.
The MUD is automatically extended with information retrieved from the model and previously associated with the model’s interface (e.g., vulnerabilities, weaknesses, identified risk) as well as with additional data inserted in dedicated tabs of ResilBlockly GUI.
The original and extended MUD files are visible side by side and can be compared.
Finally, the extended MUD can be sent to and stored in DCT by pressing the dedicated button.
The vulnerability forecasting tool can be used to evaluate the level of trust in the supply chain components. It uses neural network models to forecast the number of vulnerabilities and bugs that will be discovered in certain timeframes.
The tool is currently under development, but there are already working models, which are related to use case 4.
The first set of models are referring to the UBUNTU operating system. All the versions of UBUNTU and their number of vulnerabilities are shown here.
The tool presents forecasts for the monthly vulnerabilities, and the averages for the next 2, 3 and 6 months. The information is presented both in numeric and graphic format.
The second set of tools is related to the bugs of the Robot Operating system. Bugs can lead to weaknesses, which could be exploited and thus turn into vulnerabilities.
For training our prediction models, we used the dataset provided by the ROSIN project, which also has a GitHub repository.
The dataset contains bugs and warnings, based on which we calculated cumulative warning levels, which are also used as inputs to our models.
The forecasting models estimate the number of bugs for the next month, and the averages for the next 2, 3 and 6 months.
Other prediction models will be added to the forecasting tool in the remaining months.
The BIECO UI integrates the Graphwalker tool, which can be used by the user for model-based testing.
BIECO Integrated Platform will integrate the tools in a loosely coupled way.
Data Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as for the failure prediction tools developed in T4.2.
Vulnerability Detection Tool will detect existing vulnerabilities within the source code which may lead to the successful execution of an attack.
Vulnerability Exploitability Forecasting Tool will estimate the probability of a vulnerability to be exploited in the next 3, 6 or 12 months.
Vulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.
Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.