VeriDevOps

Informations projet

VeriDevOps

N° de convention de subvention: 957212

Site Web du projet

DOI

10.3030/957212

Projet clôturé

Date de signature de la CE 11 Août 2020

Date de début 1 Octobre 2020

Date de fin 31 Janvier 2024

Financé au titre de

INDUSTRIAL LEADERSHIP - Leadership in enabling and industrial technologies - Information and Communication Technologies (ICT)

Coût total

€ 3 965 332,50

Contribution de l’UE

€ 3 965 332,50

3 965 332,50

Coordonné par

MALARDALENS UNIVERSITET
Sweden

CORDIS fournit des liens vers les livrables publics et les publications des projets HORIZON.

Les liens vers les livrables et les publications des projets du 7e PC, ainsi que les liens vers certains types de résultats spécifiques tels que les jeux de données et les logiciels, sont récupérés dynamiquement sur OpenAIRE .

Livrables

Reactive protection at operations

Description of the reactive protection methodology in VeriDevOps including different modules and resilience catalogue

VeriDevOps Framework - initial version

Global public release of the VeriDevOps framework.

Patterns catalogue

The project will deliver a catalogue of patterns for formal specification of security properties

Tools and language support for prevention at design level - final version

This deliverable provides the final version of the technologies for prevention at design level, after the technologies developed in the initial version (D4.1) have been evaluated against the case studies. In addition, based on the feedback collected from the case studies, the deliverable will propose a domain specific language that will make the approach easy to adopt and use by domain experts.

Specification verification tool set - initial version

The set of tools for checking errors, omissions and inconsistencies in a set of security requirements specified formally.

Requirements patterns matching tool chain

The pattern matching tool chain will map the security requirements to patterns of security formal properties.

Tools for active prevention during development - Initial version

The deliverable will report on technologies for test generation from formal specifications The main focus in this deliverable will be in technologies for verifying that the implementation satisfies the security properties specified in the design phase In addition it will report on the tools for measuring the quality of the tests at specification andcode level

Tools for prevention at design level - initial version

Initial methods and tool chain for creating secure-by-design specifications. The deliverable will provide approaches to create the system design from case study requirements, including possible model transformations from non-formal specifications to formal ones, and for verifying the design against the security properties defined in WP2.

Methodology and tools for vulnerability localization, classification and prevention recommendations - final version

Final description of the methodology and tool chain for the localization and classification of the vulnerabilities. The methodology is complemented by a catalogue of prevention measures based according to the type of vulnerability identified.

Tools for prevention during development - final version

The deliverable will provide technologies for prevention during development, by providing updates to the technologies in D4.2 based on the feedback received from the case study evaluation. The deliverable will also report on technologies for detection of unknown vulnerabilities in implementation detected via mutation and fuzz testing. In addition, it will provide technologies that combine automated test generation and regression testing and their integration in CI pipelines.

Threat oracle engine specification, design and implementation final version

Final design and last prototype of the threat oracle engine allowing the scanning and classification of vulnerabilities at runtime

Requirements automated generation tool chain

This tool chain will combine the tools for extraction labeling training and classification of security requirements

VeriDevOps Framework - final version

Final cut-off for the public release of the VeriDevOps framework.

Threat oracle engine specification, design and implementation initial version

Initial design and first prototype of the threat oracle engine allowing the scanning and classification of vulnerabilities at runtime

Specification verification tool set

Final version of D2.5

Methodology and tools for vulnerability localization, classification and prevention recommendations - initial version

Initial description of the methodology and tool chain for the localization and classification of the vulnerabilities. The methodology is complemented by a catalogue of prevention measures based according to the type of vulnerability identified.

Security monitoring - security flaws detection mechanisms and tools initial version

Initial design and first prototype of the security monitoring solutions including rulebased detection mechanisms and AIbased anomaly detection mechanisms

Security monitoring - security flaws detection mechanisms and tools final version

Final design and last prototype of the security monitoring solutions including rule-based detection mechanisms and AI-based anomaly detection mechanisms.

Specification of security formal models

The report defines the specifications of the formalism to be used for formal specification of security properties We will investigate mainly timed automata and TCTL but we will adapt and extend them to serve the needs of the project

Report on the architecture and implementation evaluation - initial version

Evaluation of the software stacks components as well as of the VeriDevOps framework as a whole The deliverable is provided in two iterations the initial and refined The latter will also explore the integration of all components included in the architecture

Mitigation for vulnerabilities

recommendations and tools to suggest as countermeasures for identified vulnerabilities

Report on evaluation of case studies - final version

Final version of D5.5

State-of the Art Report

This deliverable will update the stateofthe art wrt to new approaches and technologies that appeared since the project proposal was submitted

Report on the architecture and implementation evaluation - final version

Final version of D5.1

Specification of patterns for security requirements

Based on the body of knowledge for requirements patterns this deliverable will elaborate specifics of the patterns for security formal properties patterns

Report on evaluation of case studies - initial version

Description of the implementation progress for all use cases (FAG and ABB). The report also evaluates the implementation of base components, which are provided by WP2, WP3, and WP4, from the perspective of the use cases. Furthermore, the report contains descriptions of the feature set of all use cases and potential problems.

Attack response - Root cause analysis and countermeasures initial version

Initial design and implementation of the tool for root cause analysis and counter-measures recommendations

VeriDevOps Framework Architecture and Roadmap

This report will define the initial vision of global architecture of the VeriDevOps tool sets tool chains interfaes and engineering artifacts The document will be accompanied with a roadmap for technology development The architecture and roadmap will be revised throughout the project duration at public release milestones

Attack response - Root cause analysis and countermeasures final version

Final design and implementation of the tool for root cause analysis and counter-measures recommendations.

VeriDevOps Methodology

The methodology will guide users for applying the security requirements automated generation and protection and prevention activities driven by formal specifications.

Dissemination and Communication plan

This deliverable will include the plans for scientific dissemination, communication, collaboration and standardization. It will set up the methodology to follow, the instruments and mechanisms will be used for making the project awareness, the collaboration policy with other projects and related stakeholders and interested groups.It will identify the KPIs for assessing the progress and impact in the due formal reports. List of potential events, conferences, interest groups, open source communities, online press, journals, social networks, etc must be included. The plan will be assessed at the end of each reporting period and will be updated if needed.

Publications

EARLY: A Tool for Real-Time Security Attack Detection

Auteurs: Tanwir Ahmad, Dragos Truscan, Jüri Vain
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, Page(s) Pages 225-251, ISBN 978-3-031-42212-6
Éditeur: Springer Cham

Toward Anomaly Detection Using Explainable AI

Auteurs: Manh-Dung Nguyen, Vinh-Hoa La, Wissam Mallouli, Ana Rosa Cavalli, Edgardo Montes de Oca
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, Page(s) Pages 293-324, ISBN 978-3-031-42212-6
Éditeur: Springer Cham

Vulnerability Detection and Response: Current Status and New Approaches

Auteurs: Ángel Longueira-Romero, Rosa Iglesias, Jose Luis Flores, Iñaki Garitano
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, Page(s) Pages 95-125, ISBN 978-3-031-42214-0
Éditeur: Springer Cham

Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems

Auteurs: Gaadha Sudheerbabu, Tanwir Ahmad, Dragos Truscan, Jüri Vain
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, Page(s) 127-159, ISBN 978-3-031-42212-6
Éditeur: Springer Cham

Security Requirements Formalization with RQCODE

Auteurs: Andrey Sadovykh, Nan Messe, Ildar Nigmatullin, Sophie Ebersold, Maria Naumcheva, Jean-Michel Bruel
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, Page(s) 65-92
Éditeur: Springer Cham

A Taxonomy of Vulnerabilities, Attacks, and Security Solutions in Industrial PLCs

Auteurs: Eduard Paul Enoiu, Kejsi Biçoku, Cristina Seceleanu, Michael Felderer
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, ISBN 978-3-031-42214-0
Éditeur: Springer Cham

Ctam: A Tool for Continuous Threat Analysis and Management

Auteurs: Laurens Sion, Dimitri Van Landuyt, Koen Yskout, Stef Verreydt, Wouter Joosen
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, Page(s) Pages 195-223, ISBN 978-3-031-42212-6
Éditeur: Springer Cham

A Stream-Based Approach to Intrusion Detection

Auteurs: Sylvain Hallé
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, Page(s) Pages 253-291, ISBN 978-3-031-42212-6
Éditeur: Springer Cham

Natural Language Processing with Machine Learning for Security Requirements Analysis: Practical Approaches

Auteurs: Andrey Sadovykh, Kirill Yakovlev, Alexandr Naumchev, Vladimir Ivanov
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, Page(s) 35-63, ISBN 978-3-031-42214-0
Éditeur: Springer Cham

nteractive Application Security Testing with Hybrid Fuzzing and Statistical Estimators

Auteurs: Ramon Barakat, Jasper von Blanckenburg, Roman Kraus, Fabian Jezuita, Steffen Lüdtke, Martin A. Schneider
Publié dans: CyberSecurity in a DevOps Environment From Requirements to Monitoring, 2023, Page(s) Pages 161-191, ISBN 978-3-031-42212-6
Éditeur: Springer Cham

Early Detection of Network Attacks Using Deep Learning

Auteurs: Tanwir Ahmad, Dragos Truscan, Juri Vain, Ivan Porres
Publié dans: 2022
Éditeur: IEEE

Message from the ITEQS 2022 Workshop Chairs

Auteurs: Mehrdad Saadatmand, Dragos Truscan, Eduard Paul Enoiu
Publié dans: 2022 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 2022
Éditeur: IEEE
DOI: 10.1109/icstw55395.2022.00006

Message from ITEQS 2023 Workshop Chairs

Auteurs: Mehrdad Saadatmand,Dragos Truscan,Eduard Enoiu
Publié dans: 2023 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 2023
Éditeur: IEEE
DOI: 10.1109/icstw58534.2023.00011

Towards Human-Like Automated Test Generation: Perspectives from Cognition and Problem Solving

Auteurs: Eduard Paul Enoiu and Robert Feldt
Publié dans: International Conference on Cooperative and Human Aspects of Software Engineering 2021, Numéro International Conference on Cooperative and Human Aspects of Software Engineering 2021, 2021
Éditeur: IEEE

A Two-phase Metamorphic Approach for Testing Industrial Control Systems

Auteurs: Gaadha Sudheerbabu, Tanwir Ahmad, Filip Sebek, Dragos Truscan, Jüri Vain, and Ivan Porres
Publié dans: 2022
Éditeur: IEEE
DOI: 10.48550/arxiv.2208.09261

Human-based Test Design versus Automated Test Generation: A Literature Review and Meta-Analysis

Auteurs: Ted Kurmaku, Eduard Paul Enoiu, Musa Kumrija
Publié dans: 15th Innovations in Software Engineering Conference ISEC 2022, Numéro ISEC 2022, 2022
Éditeur: ACM
DOI: 10.1145/3511430.3511433

Preliminary Results in Using Attention for Increasing Attack Identification Efficiency

Auteurs: Tanwir Ahmad, Dragos Truscan
Publié dans: 16th IEEE International Conference on Software Testing, Verification and Validation (ICST) 2023, 2023
Éditeur: IEEE
DOI: 10.1109/icstw58534.2023.00038

Specification of Passive Test Cases using anImproved T-EARS Language

Auteurs: Daniel Flemström, Wasif Afzal, Eduard Paul Enoiu
Publié dans: Software Quality Days, Numéro SQD 2022, 2021, ISBN 978-3-031-04115-0
Éditeur: Springer
DOI: 10.1007/978-3-031-04115-0_5

Security Testing and Resilience

Auteurs: Ana Rosa Cavalli
Publié dans: 2021
Éditeur: IEEE
DOI: 10.1109/icstw52544.2021.00031

Security Requirements as Code: Example from VeriDevOps Project

Auteurs: Khaled Ismaeel, Alexandr Naumchev, Andrey Sadovykh, Dragos Truscan, Eduard Paul Enoiu, Cristina Seceleanu
Publié dans: 2021 IEEE 29th International Requirements Engineering Conference Workshops (, 2021
Éditeur: IEEE
DOI: 10.1109/rew53955.2021.9714713

Security Requirements as Code:Example from VeriDevOps Project

Auteurs: Vasily Varenov, Aydar Gabdrahmanov
Publié dans: 2021
Éditeur: IEEE
DOI: 10.1109/rew53955.2021.00063

PyLC: A Framework for Transforming and Validating PLC Software using Python and Pynguin Test Generator

Auteurs: Mikael Ebrahimi Salari, Eduard Paul Enoiu, Wasif Afzal, Cristina Seceleanu
Publié dans: The 38th ACM/SIGAPP Symposium On Applied Computing SAC23, 2023
Éditeur: Association for Computing Machinery
DOI: 10.1145/3555776.3577698

A Model-Based Test Script Generation Framework for Embedded Software

Auteurs: Muhammad Nouman Zafar, Wasif Afzal, Eduard Paul Enoiu, Athanasios Stratis , Ola Sellin
Publié dans: The 17th Workshop on Advances in Model Based Testing, Numéro A-MOST 2021, 2021
Éditeur: IEEE

VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices

Auteurs: Eduard Paul Enoiu; Dragos Truscan; Andrey Sadovykh; Wissam Mallouli
Publié dans: The 18th International Conference on Availability, Reliability and Security (ARES 2023), 2023
Éditeur: ACM
DOI: 10.1145/3600160.3605054

Message from the ITEQS 2021 Workshop Chairs

Auteurs: Saadatmand, M., Truscan, D. and Enoiu, E
Publié dans: 2021 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), Numéro ITEQS2021 workshop, 2021, Page(s) xii-xii
Éditeur: IEEE
DOI: 10.1109/icstw52544.2021.00007

VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps

Auteurs: Andrey Sadovykh; Gunnar Widforss; Dragos Truscan; Eduard Paul Enoiu; Wissam Mallouli; Rosa Iglesias; Alessandra Bagnto; Olga Hendel
Publié dans: Design, Automation and Test in Europe Conference DATE 2021, 2021, Page(s) p. 1330-1333
Éditeur: IEEE
DOI: 10.23919/date51398.2021.9474185

NLP-based Testing and Monitoring for Security Checking (Project Report)

Auteurs: Andrey Sadovykh, Zujany Salazar, Wissam Mallouli, Ana Rosa Cavalli, Dragos Truscan, Eduard Paul Enoiu, Rosa Iglesias and Olga Hendel
Publié dans: 2021
Éditeur: IFIP/Springer

A Framework for the Attack Tolerance of Cloud Applications Based on Web Services

Auteurs: Georges Ouffoue,Fatiha Zaidi,Fatiha Zaidi,Ana Rosa Cavalli,Huu Nghia Nguyen
Publié dans: 2020
Éditeur: Electronics
DOI: 10.3390/electronics10010006

Towards a Workflow for Model-Based Testing of Embedded Systems

Auteurs: Muhammad Nouman Zafar, Wasif Afzal, Eduard Paul Enoiu
Publié dans: International Workshop on Automating TEST Case Design, Selection, and Evaluation, Numéro A-TEST 2021, 2021
Éditeur: ACM
DOI: 10.1145/3472672.3473956

Message from A-MOST 2023 Workshop Chairs

Auteurs: Florian Lorber,Cristina Seceleanu,Uraz Cengiz Turker
Publié dans: 16th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2023, 2023
Éditeur: IEEE
DOI: 10.1109/icstw58534.2023.00005

Monitoring Approaches for Security and Safety Analysis: Application to a Load Position System

Auteurs: Zujany Salazar, Ana Rosa Cavalli, Wissam Mallouli, Filip Sebek, Fatiha Zaidi, Monika Ewa Rakoczy
Publié dans: 2022
Éditeur: IEEE
DOI: 10.1109/icstw55395.2022.00021

Ethical AI-Powered Regression Test Selection

Auteurs: Per Erik Strandberg, Mirgita Frasheri , Eduard Paul Enoiu
Publié dans: International Conference On Artificial Intelligence Testing, Numéro AITEST 2021, 2021
Éditeur: IEEE
DOI: 10.1109/aitest52744.2021.00025

Industrial Scale Passive Testing with T-EARS

Auteurs: Daniel Flemström, Henrik Jonsson, Eduard Paul Enoiu, Wasif Afzal
Publié dans: IEEE Conference on Software Testing, Validation and Verification 2021, Numéro ICST 2021, 2021
Éditeur: IEEE
DOI: 10.1109/icst49551.2021.00047

Choosing a Test Automation Framework for Programmable Logic Controllers in CODESYS Development Environment

Auteurs: Mikael Salari, Eduard Enoiu, Wasif Afzal, Cristina Seceleanu
Publié dans: 14th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW, 2022
Éditeur: Institute of Electrical and Electronics Engineers Inc
DOI: 10.1109/icstw55395.2022.00055

Applying Model-based Requirements Engineering in Three Large European Collaborative Projects: An Experience Report

Auteurs: Andrey Sadovykh, Dragos Truscan, Hugo Bruneliere
Publié dans: 2021
Éditeur: IEEE
DOI: 10.1109/re51729.2021.00040

Application de l'Ingénierie des Exigences basée sur les Modèles dans Trois Grands Projets Collaboratifs Européens : Un Rapport d'Expérience

Auteurs: Andrey Sadovykh, Hugo Bruneliere, Dragos Truscan
Publié dans: INFORSID 2022 - 40ème Congrès INFormatique des ORganisations et Systèmes d'Information et de Décision, 2022
Éditeur: HAL

An iterative approach for model-based requirements engineering in large collaborative projects: A detailed experience report

Auteurs: Andrey Sadovykh, Bilal Said, Dragos Truscan, Hugo Bruneliere
Publié dans: Science of Computer Programming, 2024, ISSN 0167-6423
Éditeur: Elsevier BV
DOI: 10.1016/j.scico.2023.103047

A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics

Auteurs: Ángel Longueira-Romero Rosa Iglesias Jose Luis Flores Iñaki Garitano
Publié dans: MDPI, 2022, ISSN 1424-8220
Éditeur: Multidisciplinary Digital Publishing Institute (MDPI)
DOI: 10.3390/s22062126

Machine Learning Techniques for Software Vulnerability Prediction: A comparative study

Auteurs: Gul Jabeen, Sabit Rahim, Wasif Afzal, Dawar Khan, Aftab Ahmed Khan, Zahid Hussain, Tehmina Bibi
Publié dans: Applied Intelligence, Numéro 0924669X, 2022, ISSN 0924-669X
Éditeur: Kluwer Academic Publishers
DOI: 10.1007/s10489-022-03350-5

CyberSecurity in a DevOps Environment From Requirements to Monitoring

Auteurs: Andrey Sadovykh,Dragos Truscan,Wissam Mallouli,Ana Rosa Cavalli,Cristina Seceleanu,Alessandra Bagnato
Publié dans: 2023, ISBN 978-3-031-42212-6
Éditeur: Springer Cham
DOI: 10.1007/978-3-031-42212-6

Project Management in collaborative European research projects: analysis of H2020 VeriDevOps Management structure

Auteurs: Gunnar Widforss, Olga Hendel
Publié dans: EARMA Digital Conference 2021, Numéro EARMA 2021, 2021
Éditeur: EARMA

Recherche de données OpenAIRE...

Livrables

Publications

Partager cette page Partager cette page sur les réseaux sociaux

Télécharger Télécharger le contenu de la page