The overarching vision of future-proofing the next-generation of Smart Connectivity “Systems-of-Systems”, comprising a multitude of heterogeneous embedded systems, is of paramount importance for cementing Europe’s vision towards secure and sustainable smart cities. In this context, considering the diversity of involved stakeholders with varying security and privacy requirements, the endmost goal is to enable the long-term transformation of such distributed environments with security solutions that can cover all the layers of the deployed application stack; from network security to application security and data security, each element plays an important role into the system’s overall security posture. In this avenue, under the guiding principle of “Never trust, Always Verify“, we have to rapidly put new trusted computing technologies and operational practices in place so as to be able to transform edge devices into security “hardened” tokens capable of withstanding all emerging types of attack vectors. But how has the cyber-security posture of such safety-critical applications has changed and what are the types of risks and vulnerabilities that attackers can exploit? A core building block towards providing such holistic security solutions is the ability to perform a detailed risk quantification towards identifying the most impactful types of threats that can affect the operational model of the target system. This, in turn, can enable the definition and enforcement of an optimized set of security policies that best protect all hardware and software assets from unauthorized access and cyber-attacks. In this context, the ASSURED project aims to develop a novel (formally verified) runtime assurance framework capable of automatically recommending the best suite of security policies capable of reducing complex attack surfaces in (near) real-time while not affecting their safety. ASSURED considers risk assessment and security policy recommendation to comprise four dimensions which together constitute the breadth of a system’s capacity in delivering cyber-security: quantification of risks and threats to protect against; sets of mitigation measures that can attest to the correct operation of all comprised devices; creating effective and universal security policy recommendation language that can be used for expressing cyber-security policies at different layers of the application stack; and, controlling risks through standards and certification technologies. This webinar will provide an overview of the security and trusted computing capabilities that ASSURED can offer. Participants will be introduced to the employed security policy definition language capable of (automatically) compiling policies that are expressive, deployable and enforceable while allowing for their update during runtime if new risks have been identified and based on the resources available on the target system. The goal is to reason behind the construction of new types of policy languages, their application in safety-critical domains such as smart cities and get valuable feedback on their usability on real use cases and applications.

AGENDA