Concept of SecOPERA
In SecOPERA, we view open-source solutions of a connected device as a series of interrelated components associated with Cognitive, Network, Application, and Device layers. A SecOPERA secure flow is a series of security credentials generated through security audit/testing of open-source components, each belonging to one of the four SecOPERA connected devices layers. The SecOPERA security flows constitute guarantees of an open-source solution but also an anchor of its current and future security. To provide and support through the full OSS-OSH development lifecycle its DevSecOps, for the security flows, in SecOPERA we introduce five pillars that complement each other:
SecOPERA Pillars
This pillar acts as the entry point of all other pillars. In SecOPERA, an open-source solution provided as input to the SecOPERA ecosystem is analysed and decomposed in OSS-OSH components that fit into the four SecOPERA layers. Apart from that, in the decompose pillar using open-source code scanning and component analysis techniques, we associate all components with their respected open-source repositories and create a dependency graph that describes the association of all open-source structures within an open-source component as well as the association between open- source components within the open-source solution.
Provided open-source solutions are decomposed on the various layer components and that their dependencies are mapped, a vulnerability scan is performed on the dependent OSS-OSH structures that constitute the open-source component to discover known vulnerabilities as those are stored in CWE-CVE databases. The found CVEs are associated with the dependency graph of the open-source components, thus forming a vulnerability graph, and are integrated in the SecOPERA secure flow node.
However, given the open-source sustainability problem that makes it hard to report and formalize CVEs associated with specific libraries, in SecOPERA we provide a security auditing/testing capability that extensively audit/assess open-source components for their security status using various different state-of-the-art and beyond the state-of-the-art techniques and tools for each SecOPERA layer.
Common to all layers is that vulnerabilities are discovered using penetration testing. What is different, for each layer, is: (a) the mechanics of penetration testing, and (b) the type of vulnerabilities the auditing is searching for.
In SecOPERA, we aim to provide several open-source security modules that can be used to enhance the security of an open-source component or the overall OSS-OSH solution. These modules will be designed and developed for each one of the connected device layers i.e., the cognitive layer, the network layer, the application layer, and the device layer. Their goal will be to “harden” the security of open-source components of each layer as part of a SecOPERA secure flow achievement especially when auditing a particular layer may be incomplete. In these cases, secure pillar modules will be applied on the layer for containing likely existing, but not yet discovered, vulnerabilities. The secure pillar’s final goal is to provide to the SecOPERA ecosystem a secure module pool that can be accessed by the adapt pillar operations or by any third party that participates in the overall ecosystem.
The Adapt pillar aims at combining the SecOPERA secure modules that can harden open-source solutions with the actual audited components of an open-source solution for a given series of defined services. The outcome would be an open-source flow corresponding to the initial open-source solution that is secured against a broad range of cybersecurity attacks (of all four SecOPERA layers) and that is adapted to the prescribed services of this solution as well as the capabilities of the device in which the solution will be deployed. In SecOPERA, we will provide the tools to securely combine open-source components and provide open-source hardware/software solutions tailored to services.
In SecOPERA, we also provide a mechanism that through formal verification will be able to support the full lifecycle of open-source services by offering tailored patching. We will build upon work done in the Vessedia project, where some experiments were done to analyse the 6LoWPAN management platform, for distributing OtA update to low-power devices connected through a 6LoWPAN network. Higher-level models of the code under analysis will be built, and lower-level formal properties (the ones that generic Frama-C analysers can attempt to verify) will be automatically derived from this high-level view. The use of the SecOPERA secure flow guarantee for a given open-source solution (open flow) acts as the starting point of formally verifiable patches since such patches rely on the existing open flow which through the SecOPERA secure flow is fully characterized for its security. The dependency graph within the SecOPERA secure flow is revisited during update/patch and the code structures to be updated can be easily linked with all the other components that it interacts within an open flow. When introducing an update, the security audit is repeated but the assessment is performed in a more focused way since the secure flow information allows the speed up of the process.
Conceptual Architecture of the SecOPERA solution
The SecOPERA hub is fully in line with the SecOPERA pillars and can interact with multiple open-source software repositories (e.g., Github, Gitlab, BitBucket) but also with open-source hardware repositories like open cores and the RISC-V multiple company-owned repositories. Also, the SecOPERA hub is supporting third-party developers that have been using open-source solutions (as part of their overall product) and want to a) assess in terms of security their open-source solution b) security enhance/harden an open-source solution, and c) share their solution with the open-source community in a way that supports security and provides guarantees. Moreover, the SecOPERA hub is providing feedback to the CVE/CWE repositories by discovering unknown vulnerabilities residing in open-source hardware and software code using the SecOPERA framework.
To achieve the above goals the SecOPERA Hub services are supported by the SecOPERA framework that includes a decomposition and dependability analysis engine that provides structured input to the security assessment/testing engine, a mechanism that can be used by security experts to create secure modules that can be integrated in adaptable open-source solutions (that in SecOPERA we denote as open-source flows), an adaptation engine that is capable of adapting the open-source solution to services specified by the developers and an updating mechanism that handle in a secure and reliable manner possible updates and patches linked with security as well as deploy them in a working connected device in a secure way. The SecOPERA framework supports the DevSecOps of open-source solutions and provides security assurance using the SecOPERA secure flow concept. The SecOPERA framework further supports the ecosystem by maintaining a secure open-source flow repository where all produced open flows (the adapted open-source solutions) reside and offer continuous integration-deployment (CI-CD) of the provided open flows and associated secure flows to connected devices that use them.