ASSURED Scientific Workshop: Towards Sustainable Security in “Systems-of-Systems”

The overarching vision of future-proofing the next-generation of Smart Connectivity “Systems-of-Systems”, comprising a multitude of heterogeneous embedded systems, is of paramount importance for cementing Europe’s vision towards secure and sustainable service graph chains. In this context, considering the diversity of involved stakeholders with varying security and privacy requirements, the endmost goal is to enable the long-term transformation of such distributed environments with security solutions that can cover all the layers of the deployed application stack. From network security to application security and data security, each element plays an important role in the system’s overall security posture.

As such, security should be implemented in a sustainable way, namely achieving limiting energy and computational resources consumption, and being at least capable of supporting crypto-agility (so as to allow updates of security primitives rather than replacement of whole devices). These two properties are challenging to offer in security, since several attacks and weaknesses are discovered every day and simple updates could not be sufficient to defeat them. In recent years, we are observing the discovery of a growing number of hardware design and implementation vulnerabilities that could be exploited by unprivileged software, leading to potential exposure of sensitive data or compromise of whole computing systems. This new attack paradigm casts a long shadow on decades of research on system security and disrupts the traditional threat models, thus, highlighting the pressing need for a new breed of flexible runtime assurance mechanisms based on system adaptation and enabling dynamic system re-configuration.

The situation is further complicated by the fact that, in this moment, families of cryptographic algorithms are being replaced by novel standards (such as the post quantum one). Security can even be of great help to support sustainability, for instance by allowing secure update of devices and enabling maintenance that would extend the devices live. Yet, support for these features should be studied in depth and fully understood to avoid the involuntary insertion of security weaknesses. Unfortunately, existing solutions are often ad-hoc, limited, inefficient, and address only specific problems.

In this context, the ASSURED project aims to develop a novel (formally verified) runtime assurance framework capable of establishing and managing trust between entities, starting from bi-lateral interactions between two single system components and continuing as such systems get connected to even larger system entities. This is achieved through novel, highly efficient attestation schemes aiming at converting edge devices into trust anchors capable of proving verifiable evidence for their configuration and operational state against cross-layer vulnerabilities and even zero-day exploits. Beyond the needs of sustainable security and functional safety, ASSURED also considers methodologies for agile certification towards verifying those system attributes that are best suited for depicting the required level of trust.

This two-day interactive workshop aims at bringing together industry, academia and standardization bodies for addressing the relation between sustainability and security from both sides; discussing what can be done to make security more sustainable and presenting new research security directions in making electronic devices more sustainable. Interesting discussions will be held on exploring new ideas for tackling the challenges related but not limited to security-by-design for embedded systems, scalable assurance and verification methodologies for system security and resilience (both software and hardware), and security-aware policy enforcement and deployment that pave the way for establishing sustainable security for computing platforms.

ASSURED is a three-year Research & Innovation project funded by the European Union’s Horizon 2020 programme under Grant agreement number 952697. ASSURED project is powered by a strong consortium with partners who were carefully selected to provide complementary skills and competencies, which cover all project objectives and activities, starting from the generation of ideas to analysis of requirements, to specification and design, low-cost implementation, system integration, up to demonstration, validation and beyond.

The partners of ASSURED consortium are Technical University of Denmark, Martel Innovate, Eindhoven University of Technology, Technical University of Darmstadt, University of Surrey, Mellanox Technologies, Intrasoft International, Unisystems Luxembourg, UBITECH, Data Intelligence Solutions, United Technologies Research Center, Space Hellas, Bremer Institut für Produktion und Logistik, Dimos Athinaion Epicheirisi Michanografisis.