SECURE-BY-DESIGN IOT OPERATION WITH SUPPLY CHAIN CONTROL

Civil SecurityHORIZON-RIAID: 101120270
EC Contribution
€49,969
Consortium Size
11 orgs
Start Year
2023
Summary

DOSS elaborates a secure-by-design methodology and implements related technology for complex IoT architectures, based on supply chain monitoring, component testing and architecture modelling. The project establishes a “Supply Trust Chain” with integrating key stages of the IoT supply chain into a digital communication loop to facilitate security related information exchange. The technology includes security verification of all hardware and software components of the modelled architecture. A new “Device Security Passport” will be defined for 3rd party hardware and its components. 3rd party software, open-source applications, as well as in-house developments will be tested and assessed. The centrepiece of the proposed solution is a flexibly configurable Digital Cybersecurity Twin, able to simulate diverse IoT architectures. It will employ AI for modelling complex attack scenarios, discovering attack surfaces, and elaborating the necessary protective measures. The digital twin will provide input for a configurable, automated Architecture Security Validator module which will assess and provide pre-certification for the modelled IoT architecture in respect of relevant, selectable security standards and KPIs. To also ensure adequate coverage for the back end of the supply chain the operation of the architecture will also be protected by secure device onboarding, diverse security and monitoring technologies and a feedback loop to the digital twin and actors of the supply chain, sharing security relevant information. The procedures and technology will be validated in three IoT domains: automotive, energy and smart home.This new secure-by-design approach for complex IoT operations will be an early implementation of the concept and requirements of the proposed European Cyber Resilience Act and will provide an operational reference model. Based on our learnings and experiences we will make policy recommendations and will contribute to standardisation.

Consortium (11)

Project Results (33)

Source: CORDIS, the EU research results database.

Publications (26)
A Flexible Risk-Based Security Evaluation Methodology for Information Communication Technology System Certification
Applied Sciences· 2025DOI
Sara N. Matheu, Juan F. Martínez-Gil, Irene Bicchierai, Jan Marchel, Radosław Piliszek, Antonio Skarmeta
Adaptive Attack Mitigation for IoV Flood Attacks
IEEE Internet of Things Journal· 2025DOI
Erol Gelenbe, Mohammed Nasereddin
A pipeline for processing large datasets of potentially malicious binaries with rate-limited access to a cloud-based malware analysis platform
EuroCyberSec 2024 Workshop at the 32nd International Conference on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS)· 2024DOI
Nagy, Roland; Buttyán, Levente; Maliga, Dávid; Maliga, Dávid; Nagy, Roland; Buttyán, Levente
Buffer Access Monitoring for Enhanced Buffer Overflow Detection in Fuzzing
EuroCyberSec2024 at the 32nd International Conference on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS)· 2024DOI
Barakat, Ramon; Schneider, Martin; Josten, Silvan; Barakat, Ramon; Josten, Silvan; Schneider, Martin
DISFIDA: Distributed Self-Supervised Federated Intrusion Detection Algorithm with online learning for health Internet of Things and Internet of Vehicles
IEEE Internet of Things· 2024DOI
Gelenbe, Erol; Mert, Nakip; Gül, Baran Can; Gelenbe, Erol; Gül, Baran Can; Mert, Nakip
Impact of IoT System Imperfections and Passenger Errors on Cruise Ship Evacuation Delay
Sensors· 2024DOI
Gelenbe, Erol; Liu, Kezhong; Ma, Yuting; Yuting, Ma; Gelenbe, Erol; Liu, Kezhong
IoT Performance for Maritime Passenger Evacuation
2024 IEEE 10th World Forum on Internet of Things (WF-IoT)· 2024DOI
Gelenbe, Erol; Liu, Kezhong; Ma, Yuting; Ma, Yuting; Gelenbe, Erol; Liu, Kezhong
On an Adaptive-Quasi-Deterministic Transmission Policy Queueing Model
2024 32nd International Conference on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS)· 2024DOI
Gelenbe, Erol; Bergquist, Jacob; Sigman, Karl; Bergquist, Jacob; Gelenbe, Erol; Sigman, Karl
Software Requirements Classification: From Bag-of-Words to Transformer
Special Session on Intelligent Internet of Things Security and Privacy in conjunction with the 21st International Conference on Distributed Computing and Artificial Intelligence (WISP2024 in conjunction with DCAI2024)· 2024DOI
Xanthopoulou, Georgia; Siavvas, Miltiadis; Kalouptsoglou, Ilias; Kehagias, Dionysios; Tzovaras, Dimitrios
System Wide Vulnerability and Trust in Multi-Component Communication System Software
IEEE Network· 2024DOI
Erol Gelenbe; Mert Nakıp; Miltiadis Siavvas
Vulnerability Classification on Source Code Using Text Mining and Deep Learning Techniques
2024 IEEE 24th International Conference on Software Quality, Reliability, and Security Companion (QRS-C)· 2024DOI
Kalouptsoglou, Ilias; Siavvas, Miltiadis; Ampatzoglou, Apostolos; Kehagias, Dionysios; Chatzigeorgiou, Alexander
Decentralized Online Federated G-Network Learning for Lightweight Intrusion Detection
2023 31st International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS)· 2023DOI
Gelenbe, Erol; Nakıp, Mert; Gül, Baran Can; Nakip, Mert; Gül, Baran Can; Gelenbe, Erol
Measurement Based Evaluation and Mitigation of Flood Attacks on a LAN Test-Bed
2023 IEEE 48th Conference on Local Computer Networks (LCN)· 2023DOI
Mohammed Nasereddin; Mert Nakip; Gelenbe, Erol
Online Self-Supervised Deep Learning for Intrusion Detection Systems
IEEE Transactions on Information Forensics and Security· 2023DOI
Gelenbe, Erol; Nakıp, Mert; Mert Nakıp; Erol Gelenbe
Protecting IoT Servers Against Flood Attacks with the Quasi Deterministic Transmission Policy
2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)· 2023DOI
Gelenbe, Erol; Nasereddin, Mohammed; Gelenbe, Erol; Nasereddin, Mohammed
A Deep Learning based Intrusion Detection and Prevention System for Mitigating DoS Attacks
EuroCyberSec 2024 WorkshopDOI
Nasereddin, Mohammed; Nakip, Mert; Gelenbe, Erol
An Associated Random Neural Network Detects Intrusions and Estimates Attack Graphs
EuroCyberSec2024 at the 32nd International Conference on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS)DOI
Nakip, Mert; Gelenbe, Erol
Digital Transformation of Security Standards: Requirements Extraction using Large Language Models
11th International Conference on Dependable Systems and Their Applications (DSA2024)DOI
Siavvas, Miltiadis; Xanthopoulou, Georgia; Kalouptsoglou, Ilias; Kehagias, Dionysios; Tzovaras, Dimitrios
Enhancing Software Security Analysis: Targeted Test Case Generation through Constraint Solving in Interactive Application Security Testing
24th IEEE International Conference on Software Quality, Reliability and Security (QRS 2024)DOI
Barakat, Ramon; Weiß, Paul; von Blanckenburg, Jasper; Kraus, Roman; Schneider, Martin A.
Evaluation of Embedded AI Through Model Difference Analysis
Deé-Lukács, András Gergely; Földvári, András; Pataricza, Andras
Graph Neural Networks for Trust Evaluation: Criteria, State-of-the-Art, and Future Directions
IEEE Network MagazineDOI
Luo, Tingxi; Wang, Jie; Yan, Zheng; Gelenbe, Erol
Is ChatGPT Trustworthy Enough? A Review
IEEE Consumer Electronics MagazineDOI
Zhou, Guoliang; Liu, Yijia; Yan, Zheng; Gelenbe, Erol
Minimizing Delay and Power Consumption at the Edge
SensorsDOI
Gelenbe, Erol
System-Wide Vulnerability of Multi-Component Software
Computers & Industrial EngineeringDOI
Gelenbe, Erol; Nakip, Mert; Siavvas, Miltiadis
Transforming the field of Vulnerability Prediction: Are Large Language Models the key?
EuroCyberSec2024 at the 32nd International Conference on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS)DOI
Siavvas, Miltiadis; Kalouptsoglou, Ilias; Gelenbe, Erol; Kehagias, Dionysios; Tzovaras, Dimitrios
Vulnerability prediction using pre-trained models: An empirical evaluation
EuroCyberSec2024 at the 32nd International Conference on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS)DOI
Kalouptsoglou, Ilias; Siavvas, Miltiadis; Ampatzoglou, Apostolos; Kehagias, Dionysios; Chatzigeorgiou, Alexander
Deliverables (6)
Data Management Plan
Documents, reports
Websites, patent fillings, videos etc.
Other Results (1)
Periodic Reporting for period 1 - DOSS (SECURE-BY-DESIGN IOT OPERATION WITH SUPPLY CHAIN CONTROL)