Collaboration
REWIRE
REWIRE envisions a holistic framework for continuous security assessment of open-source and open-specification hardware and software for IoT devices and the development of cybersecurity certification in accordance with the requirements and guidelines of recent EU regulation Cyber security Act. The proposed scalable and multifunctional cybersecurity platform will ensure the security throughout the life of the IoT devices with continuous security auditing, trust computing and theorem proofs for defining a HW based microarchitecture for enhanced protection targeting to open-hardware / software vulnerabilities.
ORSHIN
It is common wisdom that cyber security is only as strong as the weakest link in a chain. Therefore, the main challenge is to identify the critical points of IoT infrastructure. To address this issue, ORSHIN is creating the first generic and integrated methodology, called trusted lifecycle, to develop secure network devices based on open-source components while managing their entire lifecycle. ORSHIN’s trustworthy lifecycle consists of different phases (design, implementation, evaluation, installation, maintenance and retirement) that form a chain of trust. This lifecycle defines how the safety objectives are translated into policies for defined phases. Using this holistic view, ORSHIN will address critical links, reduce threats and improve security of open-source devices.
CERTIFY
CERTIFY defines a methodological, technological, and organizational approach towards IoT security lifecycle management based on (i) security by design support, (ii) continuous security assessment and monitoring (iii) timely detection, mitigation, and reconfiguration, (iv) secure IoT Over-The-Air (OTA) updating, and (v) continuous security information sharing. CERTIFY is a EU Horizon funded consortium research project with 12 partners including universities, SMEs and big organizations from 9 countries. CERTIFY provides IoT stakeholders with mechanisms for achieving high-level security.
APPTAKE
Nowadays, data has become fundamental to every company’s activities, making every company a “data company”. Thus, application security plays an increasingly crucial role in the modern economy to protect data and preserve business. However, the lack of integration of security practices into the Software Development Life Cycle poses a threat to companies’ ability to cope with vulnerabilities and flaws in their applications.
APPTake – Uptake of Innovative Application Security Solutions aims to integrate security solutions provided by 7 different vendors into a value chain tailored to the needs of European SMEs. The project will ensure market readiness, interoperability, and suitability of the toolchain for European SMEs. To achieve this goal, the project will implement a massive demonstration phase, with the involvement of 5 end-users where 5 pilots will be implemented. Pilots cover 5 different strategic sectors (Energy, Shared Mobility, Cybersecurity Managed Services, Online Advertising and Marketing, SaaS platforms), and will demonstrate the readiness, interoperability, and suitability of the solutions exhaustively. Additionally, the technology provider will establish a network of connections with commercial partners and customers across Europe through a digital communication strategy, online activities, and physical events. Physical events will take advantage of the technology providers being located in 6 different EU countries, to enable them to establish a dense network of partners and sales
channels across Europe. The project will maximize engagement with external relevant stakeholders through hackathons, open initiatives (an OWASP-supported project and an open source initiative), and the engagement of a qualified board of external technical advisors
CROSSCON
In many IoT systems, different devices coexist, and it’s an open challenge to guarantee that all the devices can offer the essential security services required to implement a security baseline across the whole IoT system to avoid “easy” entry points for attackers.
CROSSCON aims at addressing all these issues by designing a new open, modular, highly portable, and vendor-independent IoT security stack that can run on a wide range of devices that may use heterogeneous hardware architectures. CROSSCON aims also at improving and enriching the traditional trusted services offered by existing TEEs.
LAZARUS
LAZARUS (pLatform for Analysis of Resilient and secUre Software) is a three-year research and innovation project that aims to heal many of the security issues that befall modern software during its development life cycle. The recently introduced paradigm of DevSecOps – in medium to large companies – unfortunately, lacks automated security tools, while most existing solutions are targeting only one narrow step of the SDLC process but miss a much-needed holistic overview of the global security solution. LAZARUS innovates by intervening in multiple steps of the SDLC, performing targeted security checks and collecting valuable information and intelligence from each step, and exploiting advanced ML and AI methods to convert this intelligence into actionable insights and recommendations.
KINAITICS
KINAITICS aims to explore the new attack opportunities offered by the introduction of AI-based control and perceptive systems. The KINAITICS project will also adopt innovative defense approaches to protect systems from attack and ensure their robustness and resilience.
MEDIATE
MEDIATE’s vision is to produce a robust technology, which will address the security and privacy attributes of the computing continuum. For this, it will put forth a complex architecture that is based on the concept of zero-trust and will assume a federated learning approach in order to perform security-based scrutinisation at all continuum levels. i.e. IoT, edge and cloud, using security models that can be updated, redistributed and reconfigured across it. The actual features of the MEDIATE framework will support major topic outcomes such as cybersecurity resilience through reconfiguration, vulnerabilities mitigation through cyber threat analysis, secure integration at the IoT level through software and hardware-based security sensors and trust and security for massive ecosystems through the use of federated learning-based orchestration. Moreover, it will feature AI-based tools for cyber threat intelligence that assist a decision support system and privacy policies for data and identity protection.
ECSCI
The main objective of the ECSCI cluster is to create synergies and foster emerging disruptive solutions to security issues via cross-projects collaboration and innovation. Research activities will focus on how to protect critical infrastructures and services, highlighting the different approaches between the clustered projects and establishing tight and productive connections with closely related and complementary EU funded projects. To promote the activities of the cluster, ECSCI will organize international conferences, and national or international workshops, involving both policy makers, industry and academic, practitioners, and representatives from the European Commission.
