ExpectedOutcome:
Projects are expected to contribute to some of the following expected outcomes:
- Effective access control to system components and management of trustworthy updates
- Modelling of security and privacy properties and frameworks for validating and integration on the testing process
- Integrated process for testing, formal verification, validation and consideration of certification aspects (including potential synergies with the EU cybersecurity certification framework, as established by the EU Cybersecurity Act)
- Tools providing assurance that third-party and open source components are free from vulnerabilities, weaknesses and/or malware
- Data security “by design” e.g. via secure crypto building blocks
- Instrumentation and secured communication with system components for dynamic testing
- Methods and environments for secured coding by-design and by-default and secure hardware and software construction
- Effective audit procedures for cybersecurity testing
- Methods or procedures to make supply chains secure
The proposal should provide appropriate indicators to measure its progress and specific impact.
Scope:
Trustworthy methodologies and tools for advanced analysis and verification, and dynamic testing of potentially vulnerable, insecure hardware and software components calls for good practices for system security, with a particular focus on software development tools, IT security metric and guidelines for secure products and services throughout their lifetime. A holistic methodology is needed, integrating runtime methods for monitoring and enforcement as well as design-time methods for static analysis and programme synthesis, which allows for the construction of secure systems with the strongest possible formal guarantees. The firmware of devices, implementations of communication protocols and stacks, Operating Systems (OSs), Application Programming Interfaces (APIs) supporting interoperability and connectivity of different services, device drivers, backend cloud and virtualisation software, as well as software implementing different service functionalities, are some examples of how software provides the essence of systems and smart (networked) objects. Supply chain issues, including integration of software and hardware, should be considered appropriately.
R&I will be funded to develop hybrid, agile and high-assurance tools capable of automating evaluation processes, accountability tools for audit results and updates and lightweight, isolated virtualisation environments capable of securely inspecting and orchestrating appliances in heterogeneous hardware and software architectures. Moreover, KPIs, metrics, procedures and tools for dynamic certification of implementation security and scalable security, from chip-level to software-level and service-level, should be developed. It may also include testing methods like coverage guided fuzzing as well as symbolic execution.
The participation of SMEs is strongly encouraged. In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.
Specific Topic Conditions:
Activities are expected to achieve TRL 4 by the end of the project – see General Annex B.
Cross-cutting Priorities:
Artificial IntelligenceDigital Agenda
