Assurance and certification in secure Multi-party Open Software and Services (AssureMOSS – H2020)Current
Security & privacy assurance, verification and process certification techniques designed for large, controlled updates over months or years, must now cope with small, continuous changes in weeks, happening in sub-components and decided by third party developers one did not even know they existed. AssureMOSS proposes to switch from process-based to an artefact-based security evaluation by supporting all phases of the continuous software lifecycle (Design, Develop, Deploy, Evaluate and back) their artefacts (Models, Source code, Container images, Services). The key idea is to support mechanisms for lightweigth and scalable screenings applicable automatically to the entire population of software components by: (i) machine intelligent identification of security issues across artifacts, (ii) sound analysis and verification of changes by tracing the security and privay side effects, and (iii) business insight by risk analysis and security evaluation.
Within AssureMOSS, we work model learning techniques in order to uncover networking and application-level problems such as (security) bugs by investigating behavioral differences and visualizing the results for security analysis at run-time.
Contact person: Dr. Sicco Verwer