Skip to main content
European Commission logo
English English
CORDIS - EU research results
CORDIS
CORDIS Web 30th anniversary CORDIS Web 30th anniversary

Assurance and certification in secure Multi-party Open Software and Services.

Deliverables

Model validation techniques - report and prototype

A report will be delivered that explains the validation and traceability to code techniques developed in T2.3. It will be accompanied by a prototype that implements these techniques.

Qualification and certification of deployed Service - Prototype

In this deliverable a prototype for qualification and certification of deployed Service will be developed, as well as the efficacy of the certification scheme will be tested and evaluated.

Security indicators and analytics - report and prototype

An analytics tool implementing the described resilience indicators will be delivered as a prototype.

Detectors for model extraction - prototype

The implemented DevBot and detectors will be delivered as a prototype.

Validated tool for automated corrections

This deliverable consists of the validated and improved version of the prototype tool from D3.3. We also provide a manual validation report of the tool.The demonstration parts of software prototypes will be made available to boost replication whereas for the other parts (including source code) the consortium will identify a suitable intellectual property management strategy and misuses prevention strategy so that they will be made available as confidential annexes or disseminated to the Open Source Community.

Run-time access based control -- report and prototype

Models from T4.2 will be used to detect anomalous components, which will be automatically isolated by a prototype tool. A set of fingerprint models will be created and analyzed. The usability of these fingerprints and models for automatic security controls will be tested and evaluated.The demonstration parts of software prototypes will be made available to boost replication whereas for the other parts (including source code) the consortium will identify a suitable intellectual property management strategy and misuses prevention strategy so that they will be made available as confidential annexes or disseminated to the Open Source Community.

Final tool chain for risk assessment and integrated delta evaluation

This deliverable will include the tools along the overall pipe for evaluation and certification developed in T5.3: the delta evaluation tools for source code integrated by SLAB and the overall risk assessment monitor and testbed of indicators developed by EU-VRi.

Prototype for learning state machine models from MOSS component logs during run-time

A prototype for learning state machine models from MOSS component logs during run-time will be developed.

Dev-time vs run-time model comparison techniques - report and prototype

A report will be delivered that describes the techniques used to link code to states and identify mismatches between design and run-time models. A plugin component will be built for DevBot that visualizes the models and mismatches for developers, and guides that developer to the relevant code.

Preliminary tool chain for delta evaluation and verification of software

This deliverable will include the first version of the integrated tool chain for delta evaluation of open source software developed in T5.3 and will be made available for use in T6.5. pilot task.

Preliminary tool and updated methodology for indicator-based risk assessment

This deliverable will include the first version of the customized indicator-based tool of T5.3 and a final version of the updated methodology developed in T5.1.A draft version will be available for review at M15.

Final Report on Stakeholders' Engagement and Liaising with other EC Initiatives

This final report will include a description of the results of the advisory board meetings relevant stakeholders engagement activities including the final conference event The deliverable will report on the liaison activities carried out by consortium with regards to other relevant EU initiatives

Exploitation strategy

This report will present the exploitation strategy defined by the project partners including exploitation perspectives envisaged individually and jointly by the partners a qualitative assessment of the expected impacts The report will contain a plan for the use of knowledge and IPR management

Recommendations for cybersecurity certification and Policy Making

A White Paper will identify key enablers for cybersecurity certification and major policy recommendations for decision makers to use AssureMOSS findings in support of Security European Strategies

Validation report for the project impact on the threat scenarios

This is the overall validation report of the impact of the AssureMOSS toolchain on the scenarios identified by T54The demonstration parts of software prototypes will be made available to boost replication whereas for the other parts including source code the consortium will identify a suitable intellectual property management strategy and misuses prevention strategy so that they will be made available as confidential annexes or disseminated to the Open Source Community

Methodologies and Algorithms for qualification, certification, and learning from deployed Service

The set of performance measures to be evaluated for the security qualification and certification tool of virtualized workloads will be defined Modern state machine algorithms will be adapted to capture the behavior of MOSS components T42 Methods for dealing with timing and metrics from WP2 need to be developed This is the joint deliverable of the methodological contribution of T41 and T42

AssureMOSS Integrated Toolflow Evaluation and Demonstration Plan

This deliverable will provide a coherent framework for the execution of the demonstrations to be run in T63 T64 and T65 also defining KPIs for the evaluation of the toolflow

Detectors for model extraction - report

The preliminary concepts for the architecture of the DevBot and detectors along with security model detectors as developed in T21 will be described in a report The security indicators and analytics concepts developed in T22 will be described in a report

Innovation management plan

This report will present the innovation management strategy defined by the partners to handle the project outcomes as well as the activities performed in this domain during the project implementation and the perspective ones to be implemented behind the project completion

Dissemination and communication plan and report 1

This report will include the strategic approach for dissemination and communication of project information and results the matrix of target audiences and stakeholders the evidences of the tools and materials envisaged for dissemination purposes eg project website project logo flyers and brochures social media profiles and KPIs that will be used to monitor the effectiveness of the envisaged dissemination activities this set of information will be included in the first release of D72 M6 to orient the activities of all partners All partners will provide inputs to this report and UNIVIE will edit it

Report on Stakeholders' Engagement and Liaising with other EC Initiatives 1

This first version of the report will include a description of the results of the advisory board meetings relevant stakeholders engagement activities including the final conference event The deliverable will report on the liaison activities carried out by consortium with regards to other relevant EU initiativesA draft version will be available for review at M15

AssureMOSS Pilots: Plan & Preliminary Report

This document will provide a description of the plans for the implementation of the three demonstrations run in T63 T64 and T65 SAP will be responsible to provide the plans and the preliminary report for the activities carried out in T63 THALES will be responsible to provide the plans and the preliminary report for the activities carried out in T64 SLAB will be responsible to provide the plans and the preliminary report for the activities carried out in T65

Risk Management and preparation to Software Certification based on the AssureMOSS framework

Leveraging the outcomes of the two pilots T63 and T64 and of the showcase T65 this deliverable will provide an integrated view of how the AssureMOSS suite can be leveraged to ensure an effective management of the risks associated with software design development and deployment fostering thus a highly efficient approach toward software certification

Dissemination and communication plan and report 2

Second release of the report including strategic approach for dissemination and communication of project information and results the matrix of target audiences and stakeholders the evidences of the tools and materials envisaged for dissemination purposes and KPIs This report will be turned into a draft dissemination highlights report The idea of this dissemination highlights report is to provide a snap summary of the most interesting scientific results and insights in magazine style ie understandable and interesting for interested practioners This report will include highlights of the major scientific results from all partners and will be edited by UNIVIE As an appendix the report will also include a summary of other relevant dissemination activities as a brief summary and the disseminationrelated KPIs again provided by all partners and edited by UNIVIE including an assessment of the target audience reached through these activities and of the disseminationrelated KPIs achieved to be used in the periodic reportA draft version will be available for review at M15

Final Exploitation strategy

This final report will present the final exploitation strategy defined by the project partners including exploitation perspectives envisaged individually and jointly by the partners a qualitative assessment of the expected impacts The report will contain a plan for the use of knowledge and IPR management

Final Dissemination and communication plan and report

Final dissemination highlights report The idea of this dissemination highlights report is to provide a snap summary of the most interesting scientific results and insights in magazine style ie understandable and interesting for interested practioners This report will include highlights of the major scientific results from all partners and will be edited by UNIVIE As an appendix the report will also include a summary of other relevant dissemination activities as a brief summary and the disseminationrelated KPIs again provided by all partners and edited by UNIVIE including an assessment of the target audience reached through these activities and of the disseminationrelated KPIs achieved to be used in the periodic report

Source code representation methods

This deliverable describes novel approaches to learning representations of source code changes leveraging large corpora of annotated samples that are either readily available or that can be extracted using the toolkit of Task 62

Methodology for Incremental and Continuous Certification Scheme of software

This deliverable will include the methodology process and algorithms for delta evaluation and delta verification of source code to achieve a continuous recertification scheme developed in T52

Methodology for Risk Indicators

A preliminary version of the methodology developed in Task T51 to be consumed by other partners and external stakeholder for a preliminary validation

AssureMOSS Pilots: Final Report and demonstration

This will be the final demonstration of the three pilots of WP6. SAP will be responsible to provide the report for the activities carried out in T6.3. THALES will be responsible to provide report for the activities carried out in T6.4. SLAB will be responsible to provide the report for the activities carried out in T6.5.

Final release of Repository mining toolkit and dataset

This deliverable will provide the final release of the toolkit to mine source code repositories and of a dataset to be used in WP3 and WP6.

Repository mining toolkit and dataset

This deliverable will include both a toolkit to mine source code repositories, possibly in combination with other sources of related information (e.g., bug tracking systems, mailing list archives, pull request trails, and the like), and a dataset obtained applying the toolkit and that can be used for the other tasks of in WP3 and WP6.A draft version will be available for review at M15.

Project website and social accounts

The public website will include the description of the project the consortium main deliverables and news about the project It will be continuously updated during the project life time and a closed version will be maintained for the 3 years following the end of the project

Publications

Commit2Vec: Learning Distributed Representations of Code Changes

Author(s): Rocío Cabrera Lozoya, Arnaud Baumann, Antonino Sabetta & Michele Bezzi
Published in: SN Computer Science, 2021, ISSN 2661-8907
Publisher: Springer Nature
DOI: 10.1007/s42979-021-00566-z

SolarWinds and the Challenges of Patching: Can We Ever Stop Dancing with the Devil?

Author(s): Fabio Massacci; Trent Jaeger; Sean Peisert
Published in: IEEE SECURITY & PRIVACY, vol 19, iss 2, 2021, ISSN 1540-7993
Publisher: IEEE Computer Society
DOI: 10.1109/msec.2021.3050433

Detector-based component model abstraction for microservice-based systems

Author(s): Ntentos, E., Zdun, U., Plakidas, K. et al.
Published in: Computing, Issue 103, 2021, Page(s) 2521–2551, ISSN 0010-485X
Publisher: Springer Verlag
DOI: 10.1007/s00607-021-01002-z

TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses

Author(s): Linghui Luo, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, Fabio Massacci
Published in: IEEE Empirical Software Engineering, 2021, ISSN 0098-5589
Publisher: Institute of Electrical and Electronics Engineers
DOI: 10.1007/s10664-021-10013-5

Understanding the Security Implications of Kubernetes Networking

Author(s): Francesco Minna; Agathe Blaise; Filippo Rebecchi; Balakrishnan Chandrasekaran; Fabio Massacci
Published in: IEEE Security & Privacy ( Volume: 19, Issue: 5, Sept.-Oct. 2021), 2021, ISSN 1540-7993
Publisher: IEEE Computer Society
DOI: 10.1109/msec.2021.3094726

Evaluating and Improving Microservice Architecture Conformance to Architectural Design Decisions

Author(s): Ntentos E., Zdun U., Plakidas K., Geiger S.
Published in: Service-Oriented Computing. ICSOC 2021., 2021, Page(s) 188-203, ISBN 978-3-030-91430-1
Publisher: Springer
DOI: 10.1007/978-3-030-91431-8_12

Identifying Domain-Based Cyclic Dependencies in Microservice APIs Using Source Code Detectors

Author(s): Patric Genfer, Uwe Zdun
Published in: Software Architecture. ECSA 2021., Issue vol 12857, 2021, Page(s) 207-222, ISBN 978-3-030-86043-1
Publisher: Springer
DOI: 10.1007/978-3-030-86044-8_15

Secure Software Development in the Era of Fluid Multi-party Open Software and Services

Author(s): Ivan Pashchenko, Riccardo Scandariato, Antonino Sabetta, Fabio Massacci
Published in: 2021 IEEE/ACM 43rd International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER), 2021, Page(s) 91-95, ISBN 978-1-6654-0140-1
Publisher: IEEE
DOI: 10.1109/icse-nier52604.2021.00027

Please hold on: more time = more patches? Automated program repair as anytime algorithms

Author(s): Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci
Published in: 2021 IEEE/ACM International Workshop on Automated Program Repair (APR), 2021, Page(s) 9-10, ISBN 978-1-6654-4472-9
Publisher: IEEE
DOI: 10.1109/apr52552.2021.00009

Improving Vulnerability Prediction of JavaScript Functions Using Process Metrics

Author(s): Tamás Viszkok, Péter Hegedűs, Rudolf Ferenc
Published in: Proceedings of the 16th International Conference on Software Technologies (ICSOFT 2021), 2021
Publisher: ScitePress
DOI: 10.5220/0010558501850195

A Comparison of Different Source Code Representation Methods for Vulnerability Prediction in Python

Author(s): Amirreza Bagheri, Péter Hegedűs
Published in: Proceedings of the 14th International Conference on the Quality of Information and Communications Technology (QUATIC 2021), 2021, Page(s) 267-281, ISBN 978-3-030-85347-1
Publisher: Springer
DOI: 10.1007/978-3-030-85347-1_20

LastPyMile: identifying the discrepancy between sources and packages

Author(s): Duc-Ly Vu, Fabio Massacci, Ivan Pashchenko, Henrik Plate, Antonino Sabetta
Published in: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2021, Page(s) 780-792, ISBN 9781450385626
Publisher: ACM
DOI: 10.1145/3468264.3468592

Bug Prediction Using Source Code Embedding Based on Doc2Vec

Author(s): Tamás Aladics, Judit JászRudolf Ferenc
Published in: Proceedings of the 21st International Conference on Computational Science and its Applicationsdings of (ICCSA 2021), 2021, Page(s) 382-397, ISBN 978-3-030-87007-2
Publisher: Springer
DOI: 10.1007/978-3-030-87007-2_27

Technical Leverage in a Software Ecosystem: Development Opportunities and Security Risks

Author(s): Fabio Massacci, Ivan Pashchenko
Published in: 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 2021, Page(s) 1386-1397, ISBN 978-1-6654-0296-5
Publisher: IEEE
DOI: 10.1109/icse43902.2021.00125

The Used, the Bloated, and the Vulnerable: Reducing the Attack Surface of an Industrial Application.

Author(s): Serena Elisa Ponta; Wolfram Fischer; Henrik Plate; Antonino Sabetta
Published in: 2021 IEEE International Conference on Software Maintenance and Evolution (ICSME), 2021, Page(s) 555-558
Publisher: IEEE
DOI: 10.26226/morressier.613b5418842293c031b5b612

Technical Leverage: Dependencies Are a Mixed Blessing

Author(s): Fabio Massacci, Ivan Pashchenko
Published in: IEEE Security & Privacy, Issue 19/3, 2021, Page(s) 58-62, ISSN 1540-7993
Publisher: IEEE Computer Society
DOI: 10.1109/msec.2021.3065627

Searching for OpenAIRE data...

There was an error trying to search data from OpenAIRE

No results available