WP5 – Methods and Tools for Auditing complex systems
Coordinated by
CNR (M04-M30)
Objective
This work package will focus on the development of techniques, methods and tools supporting the audit activity in the BIECO framework. Auditing includes retrieval of data from the field, such as data regarding the usage mode of an ICT system subject to runtime adaptation through the delivery of software updates. The main goal is to provide ecosystem trustworthiness’s evaluation leveraging executable simulation environments and runtime monitoring facilities. The monitoring results aim to provide useful feedback for setting up the simulation environment.
This work package has the following objectives:
- Definition of the executable simulation models and of the parameters against which the behavior of the ICT systems and their interacting actors within an ecosystem is judged as being trustworthy or not.
- Definition of monitoring methodologies and tools detecting malicious behaviors of ICT systems and interacting actors within the ecosystems and assessing the validity of the simulation models.
- Developing monitoring tools able to validate through real-time data of systems sensors and actuators the validity of simulation decisions.
Deliverables
- D5.1 Definition of the simulation model and monitoring methodologies WP5 (3 – CNR) Report Confidential, only for members of the consortium (including the Commission Services) M12
- D5.2 First version of the simulation environment and monitoring solutions WP5 (3 – CNR) Report Public M24
- D5.3 Final version of the simulation environment and monitoring tools WP5 (2 – Fraunhofer) Report Public M30
Outcomes
Fuzzing Tool
Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.
ResilBlockly
This exploitation result consists in cybersecurity consultancy services supported by ResilBlockly (former Blockly4SoS), a Model-Driven Engineering tool that has been developed in the context of BIECO.
Security tools for AI Investments platform
Secured AI Investments platform using the outcome of the BIECO project.
Log Forgery Blocker
Log Forgery Blocker – a brand new product on the market.
Security evaluation methodology
Security evaluation methodology to evaluate the security of an ICT system. The methodology is based on standards such as ISO 31000 standard for Risk Management, the ISO 29119 standard for Security Testing or the MUD standard…
Extended MUD file
The extended Manufacturer Usage Description (MUD) file is an extension of the MUD Internet Engineering Task Force (IETF) standard…