ASCA4IE

ASCA4IE

Accountable Security Claims for Industrial Edge Applications

ASCA4IE

We analyze and develop models, tools, and methods for the definition of verifiable claims about application security in an open platform ecosystem for the industrial edge. The aim is to make involved stakeholders accountable for the whole application lifecycle.

Project description

With Industrial Edge (IE) computing, manufacturers can process data at the edge of production sites in order to optimize workflows, achieve low latencies, save computing resources, and at the same time enable connectivity to remote systems such as the cloud. Data processing often involves specific purpose applications provided over an IE platform. At the same time, IE platform architectures are increasingly transforming towards open ecosystems, in order to enable third-party developers to offer their applications and easily participate in a platform-based marketplace.

Third-party developers of IE applications must be trusted in terms of performance, robustness and security. Especially security guarantees can be challenging, given the fact that an attack to an application could impact highly dependable production processes. However, the security of these third-party applications can often be verified only to a limited extent, since their source code is not available, and their security design as well as software development processes are not transparent. Consequently, there is a trade-off to consider between guaranteed security and openness of the platform.

The ASCA4IE project (Accountable Security Claims for Industrial Edge Applications) is targeting platform engineering approaches towards striking a balance between platform openness and security guarantees of applications in the field of IE.

Research contribution

We focus the main research question: How to engineer a platform for industrial edge applications with accountable security claims of applications provided by third parties in an open ecosystem? In order to address this research question, we explore similar approaches in other domains and study the definition of security claims at different architectural layers and phases of the application development process.

Funding

Siemens Technology

Project duration

01.04.2022 – 31.03.2025

 Yannick Landeck

Your contact

Yannick Landeck

+49 89 3603522 208
landeck@fortiss.org

More information