You are here
Security Threat Identification and Testing (STIATE)
STIATE is an activity in the context of the EIT ICT Labs activities 2014 (Innovation Area: Privacy, Security and Trust).
Activity leader: Alessandro Armando (FBK).
We routinely use online services that stem from the fruitful combination of mobile applications, web applications, cloud services, and/or social networks. Sensitive data handled by these services often flows across organizational boundaries and both the privacy of the users and the assets of organizations are often at risk.
Solutions to securely combine the ever-growing ecosystem of online services are available, but they are notoriously difficult to get right. Many security-critical protocols and services have been designed and developed only to be found flawed years later their deployment. These flaws are usually due to the complex and unexpected interactions of the protocols and services as well as to the possible interference of malicious agents.
The STIATE activity will lift cutting edge automated security analysis techniques developed in the carrier projects into a mature, industrial strength toolkit for automated threat analysis and security testing. The STIATE toolkit will focus on subtle security logic flaws that go undetected by using current industrial technology.
The activity will also provide a methodology that, by leveraging the STIATE toolkit, will enable the execution of in-depth security evaluation and assurance of collaborative business applications paving the way for Common Criteria certification. All these results will be transferred to the business units of SAP and Reply. A business strategy that will assure usability and marketability of the solution will be defined as well.