Fraunhofer Institute for Open Communication Systems
Fraunhofer Institute for Open Communication Systems

VESSEDIA

Verification Engineering of Safety and Security Critical Industrial Applications

VW, Gläserne Manufaktur in Dresden, Herstellung des E-Golfs
© Philipp Plum / Fraunhofer FOKUS

Due to the Internet of Things (IoT), the amount of connected devices is continuously growing. This presents new challenges in terms to software security. In the “Verification Engineering of Safety and Security Critical Industrial Applications” (VESSEDIA) project, which ended on December 31,2019, verification tools and and methods originally designed for safety critical applications were adapted for a more cost-effective certification of IoT devices.

In domains of high criticality such as aerospace, railway or finance, high investments are already made for software testing and static analysis methods. IoT applications, however, usually have shorter development cycles and demand very low development costs. It is therefore difficult to apply strong static analysis methods to ensure the safety and security of IoT systems.

The VESSEDIA project is aiming to enhance the possibilities of software analysis tools. Its goal is to ease the use of tools for highly-dynamic systems in domains of lower criticality, thus increasing the number of potential applications of the tools. In addition, the developed analysis methods should not incur additional costs.

Objective of VESSEDIA

The objectives of the VESSEDIA project are pursued by theoretical research as well as practical application. The main focus is on:

  • the development of a methodology to use static analysis tools efficiently,
  • the standardization of static analysis tools in order to expand the possible applications,
  • the demonstration of improved analysis methods on the operating system Contiki OS, which is widely used for the development of IoT applications,
  • the development of a “Security Certification Level” (SCL) for IoT applications with no budget for Common Criteria (CC) certification.

Safety and Security

Fraunhofer FOKUS was responsible for the projects “Safety and Security Verification Methodologies” sector, in which the quality assurance for the further developed static analysis tools was carried out. Furthermore, a cloud based solution was implemented, which allows for static analyses to be carried out faster using the Frama-C tool. Additionally, a guideline for a cost-efficient combination of static analysis and testing of IoT-applications was created.

 

Trademark Verified in Europe
VESSEDIA D4.2 approach for security evaluation

Project Conclusion

Most of the tools developed in the project, for example the Frama-C analysis platform, are available under free open source licenses, which allows for a wide usability across different domains. The results of the project were published in a number of scientific papers. Further, the project prepared the new ISO-Spec 23643 “Software and systems engineering – Capabilites of security and safety verification tools”, which is expected to be adopted in 2020. Via the trademark “Verified in Europe” introduced in the project, which is awarded after a successful certification, the results of VESSEDIA will also be usable in the future.

The VESSEDIA project was funded by the European Union within the HORIZON 2020 framework program for research. Ten European partners from industry and science were involved.