Secure OPen source softwarE and hardwaRe Adaptable frameworkcore
SecOPERA · Horizon Europe grant · 2023-01-01–2025-12-31
EC contribution
Total cost
Beneficiaries
About the data
Source: CORDIS (official EU open data), Horizon Europe. Framework HORIZON · call HORIZON-CL3-2021-CS-01 · scheme HORIZON-RIA · topic HORIZON-CL3-2021-CS-01-02. CORDIS record →
Objective
Security of open-source solutions in the business interconnected market (especially in IoT where a single product may include components from various Tier 1 or OEM manufacturers) is hard to assure. OEM SW/HW developers that employ open-source solutions must assume that any component provided by 3rd parties needs to be reassessed for security as there is not holistic security auditing/testing process to cover the full production line. The plethora of open-source HW/SW solutions on devices with constrained resources and no trusted environments leads to a considerably expanded threat landscape. The restricted execution environment reduces bootstrapping new devices in an IoT network and deploying/patching them securely; and the full DevSecOps of connected device open-source HW/SW must be reformulated offering security guarantees on the usage of open-source solutions. SecOPERA will provide a one stop hub for complex OSS/OSH solutions offering to designers, implementers, operators and open-source HW/SW developers the means to analyse, assess, secure/harden and share open-source solutions as these are integrated in an overall complex product within a networked connected environment. SecOPERA provides a framework supporting the open source DevSecOps lifecycle that comprises (i) a decomposition and security audit/testing engine that analyses open source solutions (OSS/OSH) (ii) an adaptation engine that debloats OSS/OSH code to remove unrelated open-source code and reduce the code attack surface; and a security enhancement process to harden the OSS/OSH solution (iii) an updating/patching mechanism so that the SecOPERA open-source flows remain secure even if their open-source code starting points are vulnerable. On top of that, SecOPERA hub provides (iv) an open-source repository for secure modules that is used in the security enhancement mechanism of open-source solutions; and (v) an open-source repository of security hardened OSS/OSH solutions and their security guarantees.
Beneficiaries (13)
| Organisation | Country | Role | EC contribution | SME |
|---|---|---|---|---|
| POLYTECHNEIO KRITIS | EL | coordinator | €448,750 | |
| THALES SIX GTS FRANCE SAS | FR | participant | €500,150 | |
| NIMBLE INNOVATION GMBH | AT | participant | €482,500 | |
| UNIVERSITY OF CYPRUS | CY | participant | €423,750 | |
| ATHINA-EREVNITIKO KENTRO KAINOTOMIAS STIS TECHNOLOGIES TIS PLIROFORIAS, TON EPIKOINONION KAI TIS GNOSIS | EL | participant | €418,750 | |
| AEGIS IT RESEARCH GMBH | DE | participant | €401,250 | Yes |
| IOTAM INTERNET OF THINGS APPLICATIONS AND MULTI LAYER DEVELOPMENT LTD | CY | participant | €400,000 | Yes |
| COMMISSARIAT A L ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES | FR | participant | €342,750 | |
| ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS - RESEARCH CENTER | EL | participant | €327,500 | |
| SECURITY LABS CONSULTING LIMITED | IE | participant | €322,375 | Yes |
| GREENCITYZEN | FR | participant | €320,860 | Yes |
| VOGL SIMON | AT | participant | €192,500 | |
| SPHYNX TECHNOLOGY SOLUTIONS AG | CH | associatedPartner | — |
Get the DFM funding briefing — free
New EU defence calls, tenders and awards in your inbox.
Defence Finance Monitor is an analytical and informational product. Grant data is official CORDIS; payment and subscription happen on DFM Analysis.