Partners from four European countries are participating in the project: Softeam (Technical coordinator) and Montimage EURL from France, Åbo Akademi University from Finland, Ikerlan S. Coop and Fagor Arrasate S. Coop. from Spain, and ABB AB and University of Mälardalen (Administrative Coordinator) from Sweden.
MDU through the formal modelling and software testing groups is strongly linked with formal verification co-production research for more than 10 years. MDU is currently active in joint research projects with industrial partners in functional and non-functional verification and validation for embedded systems. MDU will contribute to define concrete methods for specification and analysis of requirements with security and safety relevance, to provide automated techniques for exhaustive and non-exhaustive verification of the system realizations, at different abstraction levels. In addition, MDU will focus on the integration of these techniques and tools with current practices in industry.
ABB is a company producing solutions for ports and cargo terminals that delivers automation and electrical systems for container and bulk cargo handling. ABB will bring its know-how and challenges related to developing control systems from functional to safety and security requirement engineering. ABB coordinate tasks related to the collection of use case requirements and evaluation of the developed VeriDevOps technologies. ABB will provide requirement data and its development environment consisting of the system object itself, whether it is software only or software and hardware and the automation framework.
SOFTEAM is a leading expert in model-driven engineering. SOFTEAM has successfully been involved in a number of standardisation activities. SOFTEAM will bring its suite of UML-based tools, Modelio as a baseline technology for implementation of the modelling part of the VeriDevOps front-end. In exploitation, SOFTEAM will bring its knowledge in successful commercialisation of tools issued from the research projects. Furthermore, it brings leading expertise in participating and managing EU projects.
FAGOR Arrasate, as a leader in manufacturing and supplying sheet metal forming machine tools, will be a use case provider in the project with the aim of expanding and improving the offer of new secure digital services to its customers. In the project, will improve the cybersecurity of the processes of the company, making an special effort on the CI/CD pipelines in order to make them secure and avoid malware being inserted in the software. FAGOR will bring its industrial know-how in developing, installing and maintaining software for their machines.
IKERLAN will contribute to VeriDevOps with its expertise in security. It will participate in all security-related activities related to software development and operation phases. IKERLAN will work on the design and development of a Threat Oracle Engine, a tool for gathering vulnerabilities, exploits and threat detection for industrial components. IKERLAN will play an important role in the security evaluation of proposed VeriDevOps tools using the evaluation Cybersecurity Testbed that is part of the Basque CyberSecurity Center (BCSC) and the Basque Digital Innovation Hub (BDIH).
Åbo Akademi University
ABO is a university with a strong research background in formal methods, formal verification and model-driven development of dependable systems. ABO will bring to the project its expertise on formal modeling, verification and test/monitor generation from formal security specifications, including model-based mutation techniques for security penetration testing. ABO will also contribute to technologies for fault localization and requirements traceability. In addition, ABO will disseminate the results of the project via publications and presentations in top-level conferences and journals.
MONTIMAGE has a deep expertise in continuous risk analysis and relies on a set of software tools to detect Software/ Hardware related vulnerabilities at runtime (rule based detection as well as anomaly detection) and apply corrective actions to improve security levels of applications running in different environments. We will provide, in VeriDevOps, its Monitoring Framework (MMT) to introduce new AI/ ML techniques for the detection, mitigation and prevention of different cybersecurity threats and vulnerabilities targeting the different sectors treated by the project. It will develop the concepts of continuous risk analysis, root cause analysis to obtain a security intelligent defence management that is able to handle end-to-end security in different environments (IoT, Cloud etc.).