[Owasp-leaders] EU grant fonds available for projects in ICT security research

johanna curiel curiel johanna.curiel at owasp.org
Sat Jan 23 18:19:05 UTC 2016


Leaders

Take a look of the following call to get grants for research in the are of
ICT security

http://ec.europa.eu/research/participants/portal/desktop/en/opportunities/h2020/topics/2425-ds-01-2016.html

Projects that aligns with "discovery of vulnerabilities in ICT components,
applications, services and systems"  interested in participating please
contact me in private

Cheers

Johanna

*Topic Description*Specific Challenge:

The constant discovery of vulnerabilities in ICT components, applications,
services and systems is placing our entire digital society at risk.
Insecure ICT is also imposing a significant cost on users (individuals and
organisations) who have to mitigate the resulting risk by implementing
additional technical and procedural measures which are resource consuming.

Smart systems, highly connected cyber-physical systems (CPS) are
introducing a high dynamism in the system to develop and validate. Hence,
CPS are evolving in a complex and dynamic environment, making
safety-critical decisions based on information from other systems not known
during development.

Another key challenge is posed by domains, such as medical devices,
critical infrastructure facilities, and cloud data centres, where security
is deeply intertwined and a prerequisite for other trustworthiness aspects
such as safety and privacy.

The challenges are further intensified by the increasing trend of using
third party components for critical infrastructures, by the ubiquity of
embedded systems and the growing uptake of IoT as well as the deployment of
decentralized and virtualized architectures.

In order to tackle these challenges, there is a need of appropriate
assurances that our ICT systems are secure and trustworthy by design as
well as a need of certified levels of assurance where security is regarded
as the primary concern. Likewise, target architectures and methods
improving the efficiency of assurance cases are needed in order to lower
their costs.
Scope:

*a. Research and Innovation Actions - Assurance*

Providing assurance is a complex task, requiring the development of a chain
of evidence and specific techniques during all the phases of the ICT
Systems Development Lifecycle (SDLC for short: e.g. design verification,
testing, and runtime verification and enforcement) including the validation
of individual devices and components. These techniques are complementary
yet all necessary, each of them independently contributing towards
improving security assurance. It includes methods for reliability and
quality development and validation of highly dynamic systems.

Proposals may address security, reliability and safety assurance at
individual phases of the SDLC and are expected to cover at least one of the
areas identified below, depending on their relevance to the proposal
overall objectives:

   - Security requirements specification and formalization;
   - Security properties formal verification and proofs at design and
   runtime
   - Secure software coding;
   - Assurance-aware modular or distributed architecting and algorithmic;
   - Software code review, static and dynamic security testing;
   - Automated tools for system validation and testing;
   - Attack and threat modelling;
   - Vulnerability analysis;
   - Vendor (third-party) application security testing;
   - Penetration testing;
   - Collection and management of evidence for assessing security and
   trustworthiness;
   - Operational assurance, verification and security policy enforcement;
   - Adaptive security by design and during operation.

Proposal should strive to quantify their progress beyond the state of the
art in terms of efficiency and effectiveness. Particular importance within
this context should be placed on determining the appropriate metrics.

Proposals should take into account the changing threat landscape, where
targeted attacks and advanced persistent threats assume an increasingly
more important role and address the challenge of security assurance in
state-of-the-art development methods and deployment models including but
not limited to solutions focussing on reducing the cost and complexity of
assurance in large-scale systems.

Proposals should include a clear standardisation plan at submission time.

The Commission considers that proposals requesting a contribution from the
EU between EUR 3 and 4 million would allow this specific challenge to be
addressed appropriately. Nonetheless, this does not preclude submission and
selection of proposals requesting other amounts.

The outcome of the proposals are expected to lead to development up to
Technology Readiness Level (TRL) 3 to 5; please see part G of the General
Annexes.

*b. Innovation Actions – Security Certification*

Proposals should address the challenge of improving the effectiveness and
efficiency of existing security certification processes for
state-of-the-art ICT components and products including the production and
delivery of the corresponding guidance materials.

In terms of effectiveness, proposals should address, amongst other factors,
emerging threats, compositional certification and reuse of components in
the context of certified systems and certification throughout the
operational deployment of a product or a service.

In terms of efficiency, proposals should strive to reduce the cost and
duration of the certification process.

Proposals may address security certification in any area of their choice.
Consortia submitting proposals are expected to approach the selected topic
as widely as possible including all necessary actors – e.g. industry,
academia, certification laboratories - and involve the relevant
certification authorities from at least three Member States in order to
achieve added value at a European level.

Proposals are encouraged to work towards moderate to high assurance level
protection profiles as a way to validate their results.

The Commission considers that proposals requesting a contribution from the
EU between EUR 3 and 4 million would allow this specific challenge to be
addressed appropriately. Nonetheless, this does not preclude submission and
selection of proposals requesting other amounts.

The outcome of the proposals are expected to lead to development up to
Technology Readiness Level (TRL) 6 to 7; please see part G of the General
Annexes.

*c. Coordination and Support Actions*

To complement the research and innovation activities in security assurance
and certification in this topic, support and coordination actions should
address the following:

Building trustworthiness: economic, legal and social aspects of security
assurance and certification

   - Study in depth the economic and legal aspects related to assurance and
   certification (including European-wide labelling), EU and International
   regulatory aspects;
   - Explore and identify the interplay of relevant social, cultural,
   behavioural, gender and ethical factors with ICT systems with regards to
   their trustworthiness and security, actual or perceived
   - Identify barriers and incentives in the market for certified products
   in the consumer and/or enterprise market;
   - Produce a comprehensive cost/benefit model for security assurance and
   certification;

Engage with multidisciplinary communities and stakeholders.

The Commission considers that proposals requesting a contribution from the
EU of up to EUR 1 million would allow this specific challenge to be
addressed appropriately. Nonetheless, this does not preclude submission and
selection of proposals requesting other amounts.
Expected Impact:

   - European ICT offering a higher level of assurance compared to
   non-European ICT products and services.
   - ICT products and services more compliant with relevant European
   security and/or privacy regulations.
   - ICT with a higher level of security assurance at marginally additional
   cost.
   - Facilitation of mutual recognition of security certificates across the
   EU.
   - Increased market uptake of secure ICT products.
   - Increased user trust in ICT products and services.
   - Reduction of negative externalities associated with deployment of
   insecure ICT.
   - More resilient critical infrastructures and services.
   - Progress beyond the state-of-the-art in the effectiveness and
   efficiency of the areas addressed by the proposals.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160123/d9962838/attachment-0001.html>


More information about the OWASP-Leaders mailing list