safeTbox
Coordinated by
IESE
The pre-existing tool safeTbox (www.safetbox.de) has been extended to support interoperation with the ResilBlockly tool for combined safety and security analysis.
Description
Describe the innovation content of the result:
A safety and security co-engineering approach is made possible by importing architecture and security analysis results into safeTbox.
Who will be the customer?
Research and industry safety and/or security analysts responsible for assurance of systems which feature both concerns e.g. ICT in critical infrastructure.
What benefit will it bring to the customers?
Linking causal analysis for safety with results from security analyses (e.g. CWE, CVE) and modeling system effects.
When is the expected date of achievement in the project (Mth/yr)?
The methodology was described in D6.4 (12/2021) and technical implementation for UC1 was finalized by 07/2021.
When is the time to market (Mth/yr)?
SafeTbox is already commercially available. The BIECO results will be reviewed and integrated after project completion.
What are the costs to be incurred after the project and before exploitation?
Unclear; relatively small development overhead expected for integration, but additional costs for QA may be incurred.
What is the approximate price range of this result/price of licences?
SafeTbox is available for trial freely. Purchased licenses are available for IESE customers on negotiation.
What are the market size in Millions € for this result and relevant trend?
Unclear; depends on project contracts negotiated involving the use of SafeTbox, which can significantly vary.
How will this result rank against competing products in terms of price/performance?
SafeTbox is marketed as a research tool, and is not positioned to compete with other commercial tools.
Who are the competitors for this result?
To name some characteristic examples, Isograph Reliability Workbench, Ansys Medini Analyze, and ThreatGet.
How fast and in what ways will the competition respond to this result?
2 years or less, depending on expertise level with Enterprise Architect add-in development.
Who are the partners involved in the result?
RESILTECH, UMU.
Who are the industrial partners interested in the result (partners, sponsors, etc.)?
RESILTECH
Have you protected or will you protect this result? How? When?
SafeTbox is copyrighted by Fraunhofer IESE.
Other results
Security Testing Tool
GdpR-based cOmbinatOrial Testing (GROOT) is a general combinatorial strategy for testing systems managing GDPR’s concepts (e.g., Data Subject, Personal Data or Controller).
Domain Specific Language
The domain specific language enables specification of digital twin behaviour in a manner that can enable a predicted evaluation of its trustworthy behaviour in a simulated environment
Fail-operation clock synchronization methodology
Synchronization loss can occur due to many reasons, either because of a device or link failure or due to a targeted attack on the reference node, which supplies the corrected time to the network’s nodes.
Time sensitive network simulation
Simulate the real time communication for the distributed based on the Time sensitive network simulation. Additionally, simulate the fail-operation clock synchronization methodology. This simulation will validate the communication stack.
Remote updating- upgrading of vehicle firmware
Securing remote and in-vehicle communications against cyber-attacks, possibly performed with quantum computers in the near future, is a major goal in the automotive sector.
Extension of the approach to the communications within the whole supply chain of the Microfactory
Once the secure communication with a vehicle has been demonstrated for remote FW update, it is straightforward to extend it to a general Service-Over-the-Air architecture and even further.