Continuous assessment in polymorphous environments
Challenges & Objectives
The CAPE program addresses assessment of cybersecurity properties for software, with a focus on two specific areas, cyberphysical systems and complex systems of systems. For cyberphysical systems, our objective is to propose a method to jointly specify security and safety properties, what we call security-safety codesign. The main challenge is the complexity of the co-design to address all the certification schemes. For complex systems of systems, our objective is to take into account the DevOps paradigm, where services are deployed at the same time as they are being developed, and where they are leveraging a lot of external libraries. The challenge here is to extend the assessment scope over time, and to assess external code.
Action & Impacts
The CAPE program has intensely discussed the various tools provided by the partners, in order to clearly define the timeline of the software development process, and to show that our activities cover all the milestones of this development process. We have also refined two verticals on which we will demonstrate our activities. The main scientific advance is the definition of this extended development lifecycle. The main impact of CAPE at this stage is that several of our tools are publicly released within the ECLIPSE project. Further impact will come from the demonstrations planned at the end of the project.