Project description
Improved security for open-source solutions
Open-source software and hardware play a substantial role in the interconnected business market, providing businesses with functional solutions and reduced work needs. However, the nature of open-source options means that security is not easy to guarantee, particularly since there is no holistic process to check security throughout a production line and third party inclusions. The EU-funded SecOPERA project aims to develop a one-stop hub framework that will allow users to analyse and improve product security when working in networked environments. It will also allow them to test their security solutions, thus supporting the safe growth of open-source development and innovation.
Objective
Security of open-source solutions in the business interconnected market (especially in IoT where a single product may include components from various Tier 1 or OEM manufacturers) is hard to assure. OEM SW/HW developers that employ open-source solutions must assume that any component provided by 3rd parties needs to be reassessed for security as there is not holistic security auditing/testing process to cover the full production line. The plethora of open-source HW/SW solutions on devices with constrained resources and no trusted environments leads to a considerably expanded threat landscape. The restricted execution environment reduces bootstrapping new devices in an IoT network and deploying/patching them securely; and the full DevSecOps of connected device open-source HW/SW must be reformulated offering security guarantees on the usage of open-source solutions. SecOPERA will provide a one stop hub for complex OSS/OSH solutions offering to designers, implementers, operators and open-source HW/SW developers the means to analyse, assess, secure/harden and share open-source solutions as these are integrated in an overall complex product within a networked connected environment. SecOPERA provides a framework supporting the open source DevSecOps lifecycle that comprises (i) a decomposition and security audit/testing engine that analyses open source solutions (OSS/OSH) (ii) an adaptation engine that debloats OSS/OSH code to remove unrelated open-source code and reduce the code attack surface; and a security enhancement process to harden the OSS/OSH solution (iii) an updating/patching mechanism so that the SecOPERA open-source flows remain secure even if their open-source code starting points are vulnerable. On top of that, SecOPERA hub provides (iv) an open-source repository for secure modules that is used in the security enhancement mechanism of open-source solutions; and (v) an open-source repository of security hardened OSS/OSH solutions and their security guarantees.
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: https://op.europa.eu/en/web/eu-vocabularies/euroscivoc.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: https://op.europa.eu/en/web/eu-vocabularies/euroscivoc.
- natural sciences computer and information sciences internet internet of things
- natural sciences computer and information sciences software
You need to log in or register to use this function
We are sorry... an unexpected error occurred during execution.
You need to be authenticated. Your session might have expired.
Thank you for your feedback. You will soon receive an email to confirm the submission. If you have selected to be notified about the reporting status, you will also be contacted when the reporting status will change.
Keywords
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
HORIZON.2.3 - Civil Security for Society
MAIN PROGRAMME
See all projects funded under this programme -
HORIZON.2.3.3 - Cybersecurity
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
HORIZON-RIA - HORIZON Research and Innovation Actions
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) HORIZON-CL3-2021-CS-01
See all projects funded under this callCoordinator
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
731 00 CHANIA
Greece
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.