You are here : Home > News > Vessedia verifies IoT safety and security

Newsletter | CEA Research News | European & international partnerships | News | New technologies | Communications | Embedded systems | Internet of things

Vessedia verifies IoT safety and security

​Our Internet era is witnessing a deep transformation concerning social and human behavior towards new technologies. The benefits are numerous, for the individuals, organizations and industries, but threats and dangers are too. The Internet of things (IoT) meaning connecting objects with each-others via the web comes with complex software-driven systems connected to the Internet too. That is where the benefits but also the threats come from, opening the way to infinite possibilities for hackers and other malicious actors. That is the reason why the European project Vessedia is developing a whole new engineering toolbox for connected applications’ safety and security verification supporting the Common Criteria certification process in Europe.

Published on 2 February 2018
Vessedia (‘Verification Engineering of Safety and Security Critical Industrial Applications’) aims at enhancing information and communication technology (ICT) safety and security, and especially for IoT applications. 
The project is about developing more accessible Formal Methods for application domains that need to reinforce their software applications’ via Formal Methods.
“We aim at using modern software analysis tools on a wide range of applications, including industrial and personal applications (e.g. healthcare, home automation, etc.). The project will use the internet of things as a target to demonstrate the tools’ benefit for connected applications. We also plan to extend the range of applications by addressing other issues than the traditional safety and security-critical ones (e.g. Space, Transportation, Nuclear Energy production, etc.) in order to provide the same benefits as already done for applications of high-criticality”, explains Armand Puccetti, CEA-List Engineer and  Vessedia consortium Technical Leader.
Code analysis with Frama-c. © STROPPA/CEA

Building safety and security on an extensive experience from CEA

CEA List has a long and strong experience in the field of software safety and security. It has developed tools and techniques for control-command systems’ certification and verification in nuclear power plants for instance, and a wide spectrum of other domains.
 “In VESSEDIA we are working hard to make formal methods more accessible to other application domains, and to improve their software security and reliability. In a future perspective, in the automotive industry, for example, the embedded software systems should be proven safe and secure and be certified so that autonomous vehicles passengers can fully trust their vehicles while regulators and insurance companies can rely on safety certificates. The IoT is in a general way in need of certified reliability especially if you consider connected health care systems, networking or autonomous AI in transportation systems, for instance”, underlines Puccetti.
As an example, the Vessedia team develops software analysis platforms, based on the homemade CEA toolkit Frama-C  and applies them to the IoT operating system Contiki .
Another application focuses on an automated process updating the firmware of a sensors network.
Fig 1.png
Figure - Contiki OS and 6LowPAN. © Vessedia

Towards a ’Verified In Europe’ label for IoT

The Vessedia consortium aims at drastically improving safety and security verification tools, allowing also the verification process’ progress quantification. 
“We are also building collaborative and smart user interfaces with strong links to existing certification practices. An ultimate goal is to support a common criteria certification process and develop a label ‘Verified In Europe’ for IoT ”, Puccetti says.
From the technical point of view, the project team is using the Frame-C software analysis platform that will be leveraged to a higher degree of efficiency by extending it to a software assessment toolbox. 
The software platform will cover most application domains and propose standardized components.
Thanks to VESSEDIA raising awareness of those safety issues among companies and the general public, the new European applications and IoT devices will be safer to usefor European citizens.


logo VESSEDIA.pngGathering 10 partners from 7 European countries and industrial and research fields including innovation-driven SMEs and certification experts, this collaborative project is coordinated by the Austrian SME Technikon AG, the French CEA List being its technical leader. The H2020 VESSEDIA project launched on the 1st of January 2017 and is granted with 4,2M € from the EU.

Top page

Top page