Trustworthy methodologies, tools and data security “by design” for dynamic testing of potentially vulnerable, insecure hardware and software components

Trustworthy methodologies and tools for advanced analysis and verification, and dynamic testing of potentially vulnerable, insecure hardware and software components calls for good practices for system security, with a particular focus on software development tools, IT security metric and guidelines for secure products and services throughout their lifetime. A holistic methodology is needed, integrating runtime methods for monitoring and enforcement as well as design-time methods for static analysis and programme synthesis, which allows for the construction of secure systems with the strongest possible formal guarantees. The firmware of devices, implementations of communication protocols and stacks, Operating Systems (OSs), Application Programming Interfaces (APIs) supporting interoperability and connectivity of different services, device drivers, backend cloud and virtualisation software, as well as software implementing different service functionalities, are some examples of how software provides the essence of systems and smart (networked) objects. Supply chain issues, including integration of software and hardware, should be considered appropriately.

R&I will be funded to develop hybrid, agile and high-assurance tools capable of automating evaluation processes, accountability tools for audit results and updates and lightweight, isolated virtualisation environments capable of securely inspecting and orchestrating appliances in heterogeneous hardware and software architectures. Moreover, KPIs, metrics, procedures and tools for dynamic certification of implementation security and scalable security, from chip-level to software-level and service-level, should be developed. It may also include testing methods like coverage guided fuzzing as well as symbolic execution.

The participation of SMEs is strongly encouraged. In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.