In the ASSURED project, we have investigated technical and security, privacy and operational assurance requirements for the new generation of “Systems-of-Systems”, that comprise multiple heterogeneous cyber-physical systems, running a multitude of mixed-criticality applications and services. We have also conceptualized four industry-driven use cases that will allow the validation of the project research results in real-world scenarios and how the overall ASSURED solution can serve vertical industry needs. These contributions have been published in the deliverables of WP1.
The ASSURED threat modelling, risk assessment, runtime risk assessment and policy recommendation are the first important artifacts of the project and have been designed in WP2. Research has culminated to the development of a holistic risk assessment framework capable of providing functionalities during both design-time, where an initial risk graph of all possible threats and risks are identified, and run-time, where the risk graph can be updated in order to achieve the required security, trust and privacy properties in the case of newly identified (e.g. zero-day) vulnerabilities. The current results have been published as part of WP2.
We have also designed and implemented a new set of lightweight attestation enablers targeting both the software and hardware layers and covering all phases of a device’s execution. These security enablers are also enhanced with the design of a novel Direct Anonymous Attestation scheme for providing privacy-preserving platform authentication and anonymous interaction by leveraging short-term anonymous credentials (pseudonyms). A common denominator is the support for real-time execution stream monitoring capabilities necessary for tracing the control- and information-flow execution paths needed by the runtime attestation enablers. In ASSURED, such dynamic tracing capabilities are supported in a non-intrusive manner. These achievements have been reported in the first deliverables of WP3.
We have also designed and implemented a policy-compliant Blockchain infrastructure for supporting the automated security (attestation) policy enforcement and deployment as well as the secure and auditable sharing of both operational- and attestation data. This architecture comprises of the appropriate components required for supporting lightweight crypto operations, capturing the required on-chain interactions, needed when devices trying to access a resource; i.e. Attribute-based Access Control, Searchable Encryption, Authentication, Authorization, etc. All such functionalities are enabled through the ASSURED TPM-based Wallet as the underlying trust anchor. These milestones have been reported in the first deliverables of WP4.
We have implemented all the aforementioned core ASSURED building blocks and instantiated the first version of the overall framework in the context of the four envisaged use cases. The current results have been documented in the deliverables of WP5 and WP6, respectively.
Finally, regarding dissemination, awareness, and standardization activities, it is worth noting the great effort of ASSURED consortium in clustering with other EU security- and privacy-related research project activities (e.g. C4IIOT, PUZZLE, RAINBOW, CYRENE, SANCUS, FISHY, MEDNIA, BIECO, IoTAC, and SIFIS-Home) towards improving “cyber security”. For the latter, a number of actions were taken for the promotion of the project results to the trusted computing community and close follow-up of standardization activities (i.e. Trusted Computing Group (TCG), ENISA, DIF, SSI, ISO/IEC) leading to the validation of the ASSURED results from a technical and business perspective.
