Software Development Lifecycle (SDL)

The main demonstrator of the Software Development Lifecycle task is reported in D3.15 – Proactive Approaches to Secure Software Development.

The demonstrator is based on a common scenario of a smart city platform featuring some of the security challenges typical from such platforms (as identified in the smart city demonstrators). The following assets will be part of the demonstrator: CORAS, BOWTIE++, Hermes, SOBEK, VEREFOO, SYSVER,  SEMCO, PLEAK, and PVS. The demonstrator will follow the global architecture described above, with each asset covering a specific building-block of the architecture as follows:

  • SEMCO will be used to model the high-level architecture and define security requirements and design patterns against common threats.
  • Modssl-hmac and HoneyGen will be used to ensure privacy of passwords in the authentication system.
  • Hermes and VTPin will be used to detect weak points to make the system resilient to attacks.
  • PLEAK will be used to analyze potential privacy leaks in the data flows.
  • SOBEK will be used to ensure security enforcement of user privacy location policies on their android phones.
  • PVS will be used to verify the protocols used in device-to-device communications such as 5GAKA.
  • CORAS, BOWTIE++ and RISQFLAN are used to model and assess security risks in traffic sensors and control.
  • SYSVER and VEREFOO will be used to guarantee correct and efficient implementation and configuration of network security policies.

For further information the corresponding GitHub entry has details of online proof-of-concept demonstrators and repositories, videos and a listing of dissemination in scientific journals and articles.

SEMCO

Modssl-hmac

HoneyGen

PLEAK

SOBEK

PVS

CORAS

BOWTIE++

RISQFLAN

SYSVER

VEREFOO