Posted on

UBITECH kicks off the ASSURED Research and Innovation Action on Sustainable Operational Assurance and Verification for Systems-of-Systems Security and Privacy

UBITECH participates in the virtual kick-off meeting, hosted by the MARTEL GMBH (September 25, 2020), of the ASSURED Research and Innovation Action, officially started on September 1st, 2020. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 952697) and spans on the period September 2020 – August 2023. The ASSURED project aims to design and implement a novel policy-driven, formally verified, runtime assurance framework in the complex domain of Cyber-Physical Systems (CPS), capable of ensuring the safe operation of a system that contains functional components, which may not be sufficiently reliable, or sufficiently verified, according to current developments or certification standards. The core idea is to leverage and enhance runtime property-based attestation and verification techniques so as to allow intelligent (unverified) controllers to perform within a predetermined envelope of acceptable behavior, and a risk management approach to extend this to a larger System of Systems (SoS).

ASSURED will pursue a different approach based on the coordination of deployed TEE agents (within the systems) that can provide runtime verification and attestation of identified properties. This model is horizontal in scope, encompassing numerous technologies applicable to everything, from edge devices to gateways in the cloud. Such technologies that may form part of a solution include: DICE for binding devices to firmware/software, trusted execution environments, formal modelling of protocols and software processes, software attestation, blockchain technology for distributed verification of transactions between system elements and control-flow attestation techniques for enhancing the operational correctness of such devices. To achieve the above, ASSURED considers the mutual verification of system components in distributed multi-operator environments. The goal is to enable a smooth transition and advancement beyond current strategies where network security management services are considered in an isolated manner relying on traditional perimeter security and forensics in a “catch-and-patch” approach without dwelling on the assurance and safety of the overall network as a whole, to holistic network security services capable of minimizing attack surfaces through appropriate configuration of system elements, trusted and verifiable computation systems and environments as well as operational assurance, advanced verification and functional safety.

Within ASSURED, UBITECH is responsible for the overall Technical Management, addressing the technology requirements through the validation and the selection of the most suitable available technologies, while UBITECH will constitute one of the main drivers of the integration activities of the project. Moreover, UBITECH is responsible for the definition, design and implementation of the Continuous Cyber Risk Assessment Mechanism of the ASSURED Framework towards the definition of necessary and sufficient attestation policies, involving the: (i) identification of holistic security and adversarial models for the overall SoS-enabled supply chain, (ii) low-level interpretation of the security, privacy, trust, operational assurance and data sharing restrictions to be considered in the cyber security policy identification and deployment, (iii) risk assessment and threat identification at design/configuration time and run-time with regards to the threats and vulnerabilities of the entire SoS ecosystem integrating also other risk analysis such as safety, (iv) specification of the ASSURED Security Context Broker for capturing the threat intelligence and attestation data sharing behaviors and the enforcement of the compiled attestation policies via smart contracts, (v) development and implementation of ASSURED Collective Threat Intelligence Analysis and Forecasts Engine for replicating and testing all identified threats and better evaluating the identified mitigation actions (through the attestation policies) in a constrained, virtual environment before their actual enforcement, thus, allowing for better, real-time prediction & management of risks, and (vi) identification of appropriate security mechanisms for protecting the ASSURED functional blocks against possible exploitation. Finally, UBITECH contributes towards the development of efficient remote attestation processes for providing enhanced operational assurance and functional safety of the entire SoS-enabled supply chain for checking and assuring the integrity and execution correctness of the deployed safety-critical CPSs.