WP5 – Methods and Tools for Auditing complex systems

 Coordinated by
 CNR (M04-M30)

Objective

This work package will focus on the development of techniques, methods and tools supporting the audit activity in the BIECO framework. Auditing includes retrieval of data from the field, such as data regarding the usage mode of an ICT system subject to runtime adaptation through the delivery of software updates. The main goal is to provide ecosystem trustworthiness’s evaluation leveraging executable simulation environments and runtime monitoring facilities. The monitoring results aim to provide useful feedback for setting up the simulation environment.

This work package has the following objectives:

  1. Definition of the executable simulation models and of the parameters against which the behavior of the ICT systems and their interacting actors within an ecosystem is judged as being trustworthy or not.
  2. Definition of monitoring methodologies and tools detecting malicious behaviors of ICT systems and interacting actors within the ecosystems and assessing the validity of the simulation models.
  3. Developing monitoring tools able to validate through real-time data of systems sensors and actuators the validity of simulation decisions.

Deliverables

Outcomes

Fuzzing Tool

Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.

ResilBlockly

This exploitation result consists in cybersecurity consultancy services supported by ResilBlockly (former Blockly4SoS), a Model-Driven Engineering tool that has been developed in the context of BIECO.

Security evaluation methodology

Security evaluation methodology to evaluate the security of an ICT system. The methodology is based on standards such as ISO 31000 standard for Risk Management, the ISO 29119 standard for Security Testing or the MUD standard…

Extended MUD file

The extended Manufacturer Usage Description (MUD) file is an extension of the MUD Internet Engineering Task Force (IETF) standard…

BIECO Project

SUBSCRIBE and become part of the BIECO community!

We don’t spam!

Share This