17.9.2020

Horizon 2020 project in IT helps companies deliver in a DevOps environment

The project VeriDevOps (Automated Protection and Prevention to Meet Security Requirements in DevOps Environments) starts on 1 October 2020. VeriDevOps is about deploying verification methods for the security of cyber-physical systems into fast, flexible system engineering practices that integrates development, delivery, and operations, thus aiming at quality deliveries with short cycle time. The Faculty of Science and Engineering at Åbo Akademi University is a partner in the three-year-long project, which is financed by the European Union’s funding programme Horizon 2020 through a grant of 3.96 million euro.

Current system development practices are increasingly based on using both off-the-shelf and legacy components which make such systems prone to security vulnerabilities. Since DevOps, a set of practices that combines software development and IT operations, is promoting frequent software deliveries, verification methods artifacts should be updated in a timely fashion to cope with the pace of the process.

“VeriDevOps aims at providing faster feedback loop for verifying the security requirements i.e. confidentiality, integrity, availability, authentication, authorization and other quality attributes of large scale cyber-physical systems,” says Dragos Truscan, University Lecturer in Computer Engineering at Åbo Akademi University, and one of the researchers within the project.

“Together with our industrial partners, we will bring together early security verification through formal modelling as well as test generation, selection, execution and analysis capabilities to enable companies to deliver high quality systems with confidence in a fast-paced DevOps environment.”

The research will develop methods and tools for:

1. creating security models from textual specifications using natural language processing,
2. automatic security test creation from security models using model-based testing and model-based mutation testing techniques and
3. generating (intelligent/adaptive, ML-based) security monitors for the operational phases.

VeriDevOps is using the results of formal verification of security requirements and design models created during the analysis and design phase for test and monitor generation to be used to enhance the feedback mechanisms during development and operation phases.

The project is led by Mälardalens högskola in Sweden. Project partners are Åbo Akademi University, ABB AB, Ikerlan S. Coop., Fagor Arrasate S. Coop., Montimage EURL, and Softeam.

To read about the project on The European Commission’s website, please follow this link: https://cordis.europa.eu/project/id/957212