The main demonstrator of the Software Development Lifecycle task is reported in D3.15 – Proactive Approaches to Secure Software Development.
The demonstrator is based on a common scenario of a smart city platform featuring some of the security challenges typical from such platforms (as identified in the smart city demonstrators). The following assets will be part of the demonstrator: CORAS, BOWTIE++, Hermes, SOBEK, VEREFOO, SYSVER, SEMCO, PLEAK, and PVS. The demonstrator will follow the global architecture described above, with each asset covering a specific building-block of the architecture as follows:
- SEMCO will be used to model the high-level architecture and define security requirements and design patterns against common threats.
- Modssl-hmac and HoneyGen will be used to ensure privacy of passwords in the authentication system.
- Hermes and VTPin will be used to detect weak points to make the system resilient to attacks.
- PLEAK will be used to analyze potential privacy leaks in the data flows.
- SOBEK will be used to ensure security enforcement of user privacy location policies on their android phones.
- PVS will be used to verify the protocols used in device-to-device communications such as 5GAKA.
- CORAS, BOWTIE++ and RISQFLAN are used to model and assess security risks in traffic sensors and control.
- SYSVER and VEREFOO will be used to guarantee correct and efficient implementation and configuration of network security policies.
For further information the corresponding GitHub entry has details of online proof-of-concept demonstrators and repositories, videos and a listing of dissemination in scientific journals and articles.
SEMCO
Modssl-hmac
HoneyGen
PLEAK
SOBEK
PVS
CORAS
BOWTIE++
RISQFLAN
SYSVER
VEREFOO