Accountable Security Claims for Industrial Edge Applications
With Industrial Edge (IE) computing, manufacturers can process data at the edge of production sites in order to optimize workflows, achieve low latencies, save computing resources, and at the same time enable connectivity to remote systems such as the cloud. Data processing often involves specific purpose applications provided over an IE platform. At the same time, IE platform architectures are increasingly transforming towards open ecosystems, in order to enable third-party developers to offer their applications and easily participate in a platform-based marketplace.
Third-party developers of IE applications must be trusted in terms of performance, robustness and security. Especially security guarantees can be challenging, given the fact that an attack to an application could impact highly dependable production processes. However, the security of these third-party applications can often be verified only to a limited extent, since their source code is not available, and their security design as well as software development processes are not transparent. Consequently, there is a trade-off to consider between guaranteed security and openness of the platform.
The ASCA4IE project (Accountable Security Claims for Industrial Edge Applications) is targeting platform engineering approaches towards striking a balance between platform openness and security guarantees of applications in the field of IE.
We focus the main research question: How to engineer a platform for industrial edge applications with accountable security claims of applications provided by third parties in an open ecosystem? In order to address this research question, we explore similar approaches in other domains and study the definition of security claims at different architectural layers and phases of the application development process.
01.04.2022 – 31.03.2025