Objective #1

obj 1

Support the IoT stakeholders with the design and implementation of an innovative IoT opensource security stack, that enables essential security mechanisms and trusted services. The stack solves the problem of dealing with trust across heterogeneous devices, different hardware architectures, and multiple proprietary security mechanism implementations in IoT. The stack is used to implement Chain of Trust in connected devices and in this way build secure IoT applications and infrastructures.

Assessment criteria

  • KPI 1.1: Availability of the open specifications of CROSSCON stack (D2.1, M12; D2.3, M26; D4.1, M18; D4.3, M31).
  • KPI 1.2: Availability of the open-source reference implementation and related documentation available on public repositories (D3.2, M18; D3.4, M31; D4.4, M31).

Relation to the Work Programme topic

The achievement of this objective simplifies the development of trusted services and applications for IoT systems, thus reducing the time to market. It also the implementation of security in devices that lack protection, thus reducing the security threats in open source hardware.

Relevant Work Packages

WP1 (requirements elicitation), WP2 (design), WP3 (development), WP4 (extension to domain specific hardware architectures)

Objective #2

obj 2

Strengthening memory protection and isolation in new and existing TEEs. Mitigate the impact of side-channels attacks

Assessment criteria

  • KPI 2.1: Availability of a set of isolation technologies and memory protection methods that are not vulnerable to some existing side-channel attacks and mitigate the impact of the others (D3.2, M18; D3.4 M31).
  • KPI 2.2: Availability of design specifications of a software-based TEE for bare-metal devices. Covering at least two hardware architectures, two different classes of constrained devices, and of different vendors. (D2.1, M12; D2.3, M26). 
  • KPI 2.3: Availability of the open-source reference implementation and related documentation. (D3.2, M18; D3.4, M31)

Relation to the Work Programme topic

The achievement of this objective mitigates hardware-related security vulnerabilities. Also, it extends the availability of security primitives to implement Chains of Trust.

Relevant Work Packages

WP1 (requirements elicitation), WP2 (design), WP3 (development)

Objective #3

objective 3

Provide to IoT stakeholders methodology, techniques and related tools to formally verify "correct by design" secure open-source software and firmware for connected devices

Assessment criteria

  • KPI 3.1: Specification of requirements and validation criteria for secure open-source software and hardware for connected devices (D1.2, M6; D1.3, M9; D1.5, M16; D1.6, M26)
  • KPI 3.2: A set of innovative formal techniques and methods supporting “Correct by design” development also in the context of HW/SW co-design. (D2.2, M16; D2.4, M26)
  • KPI 3.3: Integration of a tool implementing the novel formal techniques into a Continuous Integration pipeline. (D5.2, M21; D5.5, M33). KPI 3.4: Results of the validation performed by applying the techniques to the development of CROSSCON’s stack and related trusted services. (D5.3, M24; D5.6, M36).

Relation to the Work Programme topic

The achievement of this objective generates novel formal verification techniques and a methodology for open specification hardware and software.

Relevant Work Packages

WP1 (requirements elicitation), WP2 (assurance), WP5 (integration and validation)

Objective #4

objectives_4

Support the IoT stakeholders with a set of additional novel and high assurance trusted services

Assessment criteria

  • KPI 4.1: Availability of the open specifications of the innovative trusted services. (D3.1, M18; D3.3, M31; D4.3, M31). KPI 4.2: Availability of an open-source implementation of each innovative trusted service. (D3.2, M18; D3.4, M31; D4.2, M18; D4.4, M31)
  • KPI 4.3: Demonstrators highlighting the innovative aspect of each trusted service compared to the state of the art. (D5.2, M21; D5.5, M33) Associated with document Ref. Ares(2022)4525664 - 20P/0a6g/2e0722 Call: HORIZON-CL3-2021-CS-01-Increased Cybersecurity CROSSCON Associated with document Ref. Ares(2022)4525664 - 20P/0a6g/2e082

Relation to the Work Programme topic

The achievement of this objective mitigates hardware-related security vulnerabilities. Also, it extends the availability of security primitives to domain-specific hardware architectures.

Relevant Work Packages

WP1 (requirements elicitation), WP2 (assurance), WP3 (new trusted services), WP4 (extension primitives for trusted services)

Objective #5

objectives 5

Provide IoT stakeholders with a toolchain that integrates and validates lightweight techniques for security assurance

Assessment criteria

  • KPI 5.1: A set of innovative lightweight formal techniques and methods available to evaluate the security assurance at deployment and during operation by considering only the incremental changes while leveraging on existing verification for the unmodified part. (D2.2, M16; D2.4, M26)
  • KPI 5.2: A set of techniques and methods to attest security properties in a certificate associated with a hardware/software component and to verify such security properties. (D3.1, M18; D3.3, M31, D5.3, M24; D5.5, M33).

Relation to the Work Programme topic

The achievement of this objective makes IoT security management and security service deployment simpler, more automated, easier to understand, and more trusted.

Relevant Work Packages

WP2 (design), WP3 (Toolchain), WP5 (validation and integration)

Objective #6

testing

Provide IoT stakeholders with a validation and testing methodology, a replicable testbed, and testing and validation results for CROSSCON innovations

Assessment criteria

  • KPI 6.1: Availability of the integration of the CROSSCON’s stack on devices of at least ten different class types, at least three different hardware architectures, and on at least three different hardware platforms. (D5.2, M21; D5.5, M23).
  • KPI 6.2: Availability of the innovative trusted services introduced by CROSSCON on the devices supporting the stack. (D5.2, M21; D5.5, M23).
  • KPI 6.3: Availability of the specification of a replicable testbed implementing the 3 use case scenarios selected in WP1. The testbed implements also all necessary additional services required for the validation. The testbed includes all the devices in which CROSSCON ‘s stack and the trusted services have been integrated. (D5.1, M16; D5.4, M29).
  • KPI 6.4: Availability of the results of the validation performed according to the criteria specified in WP1. (D5.3, M24; D5.6, M36).
  • KPI 6.5: Availability of the security testing results performed for every implemented component of the CROSSCON stack and of the trusted services. (D5.3, M24; D5.6, M36).

Relation to the Work Programme topic

The achievement of this objective demonstrates and tests the effectiveness of the innovative security techniques and methods introduced by CROSSCON. It also validates our support to implement secure provisioning, inventory management, device authentication, remote attestation, and the secure management of security patches and updates.

Relevant Work Packages

WP1 (validation criteria), WP5 (integration, testing and validation)

Objective #7

obj 7

Enable the valorization and adoption of CROSSCON flagship results

Assessment criteria

  • KPI 7.1: Active participation in existing RISC-V working groups (such as RISC-V TEE WG) (D6.2, M3; D6.4, M18; D6.6, M36).
  • KPI 7.2: Project results disseminated to the scientific community via peer-reviewed articles, participation in events, presenting tutorials, and organizing a PhD school on the topics of the project. (D6.2, M3; D6.4, M18; D6.6, M36).
  • KPI 7.5: Industry representatives reached both bilaterally and through the dissemination of results in targeted events. (D6.2, M3; D6.4, M18; D6.5, M21; D6.6, M36; D6.7, M36).

Relation to the Work Programme topic

The achievement of this objective contributes to building European trustworthy platforms and opening the market of TEE applications development. It contributes to creating know- how on the general topic of trusted hardware platforms and trusted firmware. Engage security researchers, security engineers, IoT stakeholders, and open source and open hardware communities.

Relevant Work Packages

WP6 (Dissemination, Exploitation and Impact Creation)