Due to the Internet of Things (IoT), the amount of connected devices is continuously growing. This presents new challenges in terms to software security. In the “Verification Engineering of Safety and Security Critical Industrial Applications” (VESSEDIA) project, which ended on December 31,2019, verification tools and and methods originally designed for safety critical applications were adapted for a more cost-effective certification of IoT devices.
In domains of high criticality such as aerospace, railway or finance, high investments are already made for software testing and static analysis methods. IoT applications, however, usually have shorter development cycles and demand very low development costs. It is therefore difficult to apply strong static analysis methods to ensure the safety and security of IoT systems.
The VESSEDIA project is aiming to enhance the possibilities of software analysis tools. Its goal is to ease the use of tools for highly-dynamic systems in domains of lower criticality, thus increasing the number of potential applications of the tools. In addition, the developed analysis methods should not incur additional costs.
Objective of VESSEDIA
The objectives of the VESSEDIA project are pursued by theoretical research as well as practical application. The main focus is on:
- the development of a methodology to use static analysis tools efficiently,
- the standardization of static analysis tools in order to expand the possible applications,
- the demonstration of improved analysis methods on the operating system Contiki OS, which is widely used for the development of IoT applications,
- the development of a “Security Certification Level” (SCL) for IoT applications with no budget for Common Criteria (CC) certification.
Safety and Security
Fraunhofer FOKUS was responsible for the projects “Safety and Security Verification Methodologies” sector, in which the quality assurance for the further developed static analysis tools was carried out. Furthermore, a cloud based solution was implemented, which allows for static analyses to be carried out faster using the Frama-C tool. Additionally, a guideline for a cost-efficient combination of static analysis and testing of IoT-applications was created.
Project Partners
In the VESSEDIA project, ten partners from industry and research work together for a period of three years. The project partners are from Belgium, Germany, Finland, France, Austria, Spain and Hungary. The VESSEDIA project has received funding from the European Union’s program for research and innovation “Horizon 2020”.