BIECO
The general objective of BIECO is to develop a framework that enables measurable, risk-based trust while developing, deploying and operating complex interconnected ICT systems.
Objectives
We aim to achieve this by handling the reliability and trust aspects of ecosystem participants (ICT systems, ICT system components and actors) within the supply chain.
The following shows the specific SMART (Specific, Measurable, Achievable, Realistic, Time-bound) objectives of the project, taking into account the challenges of this kind of complex ecosystems.
Framework
Providing a framework that allows reinforcing trust in ICT supply chains (WP2).
Vulnerability assessment
Performing advanced vulnerability assessment over ICT supply chains (WP3).
Achieving resilience
Achieving resilience in ecosystems formed by unreliable components (WP4).
Extending auditing
Extending auditing process to evaluate interconnected ICT systems (WP5).
Advanced risk analysis
Provide advanced risk analysis and mitigation strategies that support a view of the complete ICT supply chain (WP6).
Security assurance
Perform evidence-based security assurance and a harmonized certification for ICT systems (WP7).
Industrial validation
Industrial validation of BIECO’s framework within IoT ecosystems (WP8).
Exploitable Results
BIECO Integrated Platform
BIECO Integrated Platform will integrate the tools in a loosely coupled way.
Data Collection Tool
Data Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as for the failure prediction tools developed in T4.2.
Vulnerability Detection Tool
Vulnerability Detection Tool will detect existing vulnerabilities within the source code which may lead to the successful execution of an attack.
Vulnerability Exploitability Forecasting Tool
Vulnerability Exploitability Forecasting Tool will estimate the probability of a vulnerability to be exploited in the next 3, 6 or 12 months.
Vulnerability Propagation Tool
Vulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.
Fuzzing Tool
Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.
ResilBlockly
This exploitation result consists in cybersecurity consultancy services supported by ResilBlockly (former Blockly4SoS), a Model-Driven Engineering tool that has been developed in the context of BIECO.
Security tools for AI Investments platform
Secured AI Investments platform using the outcome of the BIECO project.
Log Forgery Blocker
Log Forgery Blocker – a brand new product on the market.
Security evaluation methodology
Security evaluation methodology to evaluate the security of an ICT system. The methodology is based on standards such as ISO 31000 standard for Risk Management, the ISO 29119 standard for Security Testing or the MUD standard…
Extended MUD file
The extended Manufacturer Usage Description (MUD) file is an extension of the MUD Internet Engineering Task Force (IETF) standard…
Monitoring Tool
The monitoring tool is an infrastructure in charge of setting up and managing a monitoring component. It is based on event messages and enables the collection of complex events.
Security Testing Tool
GdpR-based cOmbinatOrial Testing (GROOT) is a general combinatorial strategy for testing systems managing GDPR’s concepts (e.g., Data Subject, Personal Data or Controller).
Domain Specific Language
The domain specific language enables specification of digital twin behaviour in a manner that can enable a predicted evaluation of its trustworthy behaviour in a simulated environment
Fail-operation clock synchronization methodology
Synchronization loss can occur due to many reasons, either because of a device or link failure or due to a targeted attack on the reference node, which supplies the corrected time to the network’s nodes.
Time sensitive network simulation
Simulate the real time communication for the distributed based on the Time sensitive network simulation. Additionally, simulate the fail-operation clock synchronization methodology. This simulation will validate the communication stack.
Remote updating- upgrading of vehicle firmware
Securing remote and in-vehicle communications against cyber-attacks, possibly performed with quantum computers in the near future, is a major goal in the automotive sector.
Extension of the approach to the communications within the whole supply chain of the Microfactory
Once the secure communication with a vehicle has been demonstrated for remote FW update, it is straightforward to extend it to a general Service-Over-the-Air architecture and even further.
Ontology Manager Tool
Ontology Manager is a Framework responsible for managing the Core Ontology used in BIECO, called DAEMON. It aims to support organizing concepts and their relationships related to System of Systems (SoS), Internet of Things (IoT), and System Components management and Monitoring.
Vulnerabilities Forecasting Tool
The Vulnerabilities Forecasting Tool (VFT) provides historical vulnerability data and projections for time intervals of 1, 2, 3, 6, and 12 months for several major software components.
Failure Prediction Tool
The Failure Prediction Tool (FPT) performs failure predictions by monitoring the logs of the applications that make up a system. It has a REST interface through which it receives in real time the log messages from the monitored applications.
safeTbox
The pre-existing tool safeTbox (www.safetbox.de) has been extended to support interoperation with the ResilBlockly tool for combined safety and security analysis.
Conditional Safety Certificates for ICT
Conditional Safety Certificates (ConSerts) have been applied to support resiliency of ICT infrastructures. Support for deployment and execution of ConSerts in ICT infrastructure according to use case needs was provided additionally.
SafeML based reliability assessment
In earlier work, a statistical distance-based measure (SafeML) is proposed for machine learning components. In BIECO project, we propose extension of it with the use of Statistical Distance Dissimilarity across time series to obtain SDD based reliability and robustness estimate (StadRE and StadRO).
About BIECO
The rationale behind BIECO’s concept is to deliver a framework for improving trust and security within ICT supply chains. These are complex ecosystems comprising several heterogeneous technologies, processes, actors (e.g., end-users, software or hardware providers and organizations) and resources, all of which generate or exchange data forming extremely complex information management systems.
The BIECO team is proud to announce
NEWS
Final review Meeting 28 September 2023
DRAFT AGENDA: Thursday 28th September 2023 13.00 – 17.00 CET AGENDA Overview 13:00 - 13:10Project Overview13:10 - 13:25BIECO Tools13:25 - 14:35BIECO Use Cases,including Demos14:35:15:05WP3 & WP4 Presentations15:05 - 15:15BREAK15:15 - 16:15WP5 - WP8...
BIECO Integrated Platform
BIECO Integrated Platform Coordinated byHOLISUNBIECO Integrated Platform will integrate the tools in a loosely coupled way.DescriptionDescribe the innovation content of the result: A loosely coupled platform which can connect various tools and can design and run a...
Data Collection Tool
Data Collection ToolCoordinated byUTCData Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as...
Vulnerability Detection Tool
Vulnerability Detection Tool Coordinated byGradiantA tool, based on supervised learning algorithms, locates and identifies the type of vulnerability existing from potentially vulnerable source code.DescriptionDescribe the innovation content of the result: A tool,...
Vulnerability Exploitability Forecasting Tool
Vulnerability Exploitability Forecasting ToolCoordinated byGradiantVulnerability Exploitability Forecasting Tool will estimate the probability of a vulnerability to be exploited in the next 3, 6 or 12 months.DescriptionFebruary 2023Describe the innovation content of...
Vulnerability Propagation Tool
Vulnerability Propagation ToolCoordinated byGradiantVulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.DescriptionDescribe the innovation content of the result:Allows the developers or security experts to...