Vessedia (‘Verification Engineering of Safety and Security Critical Industrial Applications’) aims at enhancing information and communication technology (ICT) safety and security, and especially for IoT applications.
The project is about developing more accessible Formal Methods for application domains that need to reinforce their software applications’ via Formal Methods.
“We aim at using modern software analysis tools on a wide range of applications, including industrial and personal applications (e.g. healthcare, home automation, etc.). The project will use the internet of things as a target to demonstrate the tools’ benefit for connected applications. We also plan to extend the range of applications by addressing other issues than the traditional safety and security-critical ones (e.g. Space, Transportation, Nuclear Energy production, etc.) in order to provide the same benefits as already done for applications of high-criticality”, explains Armand Puccetti, CEA-
List Engineer and Vessedia consortium Technical Leader.
Code analysis with Frama-c. © STROPPA/CEA
Building safety and security on an extensive experience from CEA
CEA List has a long and strong experience in the field of software safety and security. It has developed tools and techniques for control-command systems’ certification and verification in nuclear power plants for instance, and a wide spectrum of other domains.
“In VESSEDIA we are working hard to make formal methods more accessible to other application domains, and to improve their software security and reliability. In a future perspective, in the automotive industry, for example, the embedded software systems should be proven safe and secure and be certified so that autonomous vehicles passengers can fully trust their vehicles while regulators and insurance companies can rely on safety certificates. The IoT is in a general way in need of certified reliability especially if you consider connected health care systems, networking or autonomous AI in transportation systems, for instance”, underlines Puccetti.
As an example, the Vessedia team develops software analysis platforms, based on the homemade CEA toolkit
Frama-C and applies them to the IoT operating system
Contiki .
Another application focuses on an automated process updating the firmware of a sensors network.
Figure - Contiki OS and 6LowPAN. © Vessedia
Towards a ’Verified In Europe’ label for IoT
The Vessedia consortium aims at drastically improving safety and security verification tools, allowing also the verification process’ progress quantification.
“We are also building collaborative and smart user interfaces with strong links to existing certification practices. An ultimate goal is to support a common criteria certification process and develop a label ‘Verified In Europe’ for IoT ”, Puccetti says.
From the technical point of view, the project team is using the Frame-C software analysis platform that will be leveraged to a higher degree of efficiency by extending it to a software assessment toolbox.
The software platform will cover most application domains and propose standardized components.
Thanks to VESSEDIA raising awareness of those safety issues among companies and the general public, the new European applications and IoT devices will be safer to usefor European citizens.
About VESSEDIA
Gathering 10 partners from 7 European countries and industrial and research fields including innovation-driven SMEs and certification experts, this collaborative project is coordinated by the Austrian SME Technikon AG, the French CEA List being its technical leader. The H2020 VESSEDIA project launched on the 1st of January 2017 and is granted with 4,2M € from the EU.