In domains of high criticality such as aerospace, railway or finance, high investments are already made for software testing and static analysis methods. IoT applications, however, usually have shorter development cycles and demand very low development costs. It is therefore difficult to apply strong static analysis methods to ensure the safety and security of IoT systems.

The VESSEDIA project is aiming to enhance the possibilities of software analysis tools. Its goal is to ease the use of tools for highly-dynamic systems in domains of lower criticality, thus increasing the number of potential applications of the tools. In addition, the developed analysis methods should not incur additional costs.

Objective of VESSEDIA

The objectives of the VESSEDIA project are pursued by theoretical research as well as practical application. The main focus is on:

• the development of a methodology to use static analysis tools efficiently,
• the standardization of static analysis tools in order to expand the possible applications,
• the demonstration of improved analysis methods on the operating system Contiki OS, which is widely used for the development of IoT applications,
• the development of a “Security Certification Level” (SCL) for IoT applications with no budget for Common Criteria (CC) certification.

Safety and Security

Within the VESSEDIA project, Fraunhofer FOKUS is responsible for “Safety and Security Verification Methodologies”. This includes:

• Quality assurance for the developed static analysis tools,
• development of a prototypical verification server to speed up the verification process with the analysis tool Frama-C,
• the development of guidelines for a cost-effective combination of static analysis and test techniques for IoT applications.