You are here

Security Threat Identification and Testing (STIATE)

People involved

STIATE is an activity in the context of the EIT ICT Labs activities 2014 (Innovation Area: Privacy, Security and Trust).

Official web site

Activity leader: Alessandro Armando (FBK).

We routinely use online services that stem from the fruitful combination of mobile applications, web applications, cloud services, and/or social networks. Sensitive data handled by these services often flows across organizational boundaries and both the privacy of the users and the assets of organizations are often at risk.

Solutions to securely combine the ever-growing ecosystem of online services are available, but they are notoriously difficult to get right. Many security-critical protocols and services have been designed and developed only to be found flawed years later their deployment. These flaws are usually due to the complex and unexpected interactions of the protocols and services as well as to the possible interference of malicious agents.

The STIATE activity will lift cutting edge automated security analysis techniques developed in the carrier projects into a mature, industrial strength toolkit for automated threat analysis and security testing. The STIATE toolkit will focus on subtle security logic flaws that go undetected by using current industrial technology.
The activity will also provide a methodology that, by leveraging the STIATE toolkit, will enable the execution of in-depth security evaluation and assurance of collaborative business applications paving the way for Common Criteria certification. All these results will be transferred to the business units of SAP and Reply. A business strategy that will assure usability and marketability of the solution will be defined as well.

Goals: 
Today there is little availability of methods and tools for designing and assessing interaction patterns for high security and critical systems. Any large enterprise with strong security need or services to provide to a vast number of people will be keen to utilize STIATE toolkit and methodology as the risk mitigation effects will largely outweigh the cost of the solution. The go to market strategy relies on the presence in the consortium of a system integrator and consultancy with presence across Europe. The solution will be delivered within Reply as part of the consultancy commercial offering, with a dedicated team that will initially deliver across EU. This approach leverages a consolidated practice and will allow exploitation of target markets. The outputs of the activity will strengthen the ICT security industry in Europe - by automating threat analysis and security testing - and will significantly add to the competitive advantage of the products and services of the industrial partners (SAP and Reply). The activity will also allow the involved research institutions (FBK and DFKI) to identify new scientific challenges and opportunities and will thus ultimately strengthen their knowledge and technical skills in this key area.
Date: 
01/01/2014 to 31/12/2014
Partners: