Horizon 2020 - Work Programme 2018-2020
Information and Communication Technologies
Part 5.i - Page 159 of 197
a) Cybersecurity/privacy audit, certification and standardisation
Innovative approaches to (i) design and develop automated security validation and testing,
exploiting the knowledge of architecture, code, and development environments (e.g. white
box) (ii) design and develop automated security verification at code level, focusing on
scalable taint analysis, information-flow analysis, control-flow integrity, security policy, and
considering the relation to secure development lifecycles, (iii) develop mechanisms, key
performance indicators and measures that ease the process of certification at the level of
services and (iv) develop mechanisms to better audit and analyse open source and/or open
license software, and ICT systems with respect to cybersecurity and digital privacy. These
approaches may be accompanied by creating information bases to measure and assess the
security of digital assets. Proposals should make use of existing standards to the extent
possible, and should strive to contribute to relevant standardisation efforts.
b) Trusted supply chains of ICT systems
Innovative approaches to (i) develop advanced, evidence based, dynamic methods and tools
for better forecasting, detecting and preventing propagated vulnerabilities, (ii) estimate both
dynamically and accurately supply chain cyber security and privacy risks, (iii) design and
develop security, privacy and accountability measures and mitigation strategies for all entities
involved in the supply chain, (iv) design and develop techniques, methods and tools to better
audit complex algorithms (e.g. search engines), interconnected ICT components/systems (v)
devise methods to develop resilient systems out of potentially insecure components and (vi)
devise security assurance methodologies and metrics to define security claims for composed
systems and certification methods, allowing harmonisation and mutual recognition based
primarily on evidence and not only on trust.
The trusted supply chain for ICT systems/components should be considered by proposals in
its entirety, in particular by addressing the IoT ecosystems/devices that are part of the supply
chain.
c) Designing and developing privacy-friendly and secure software and hardware
Innovative approaches to establish methods and tools for (i) security and privacy requirements
engineering (including dynamic threat modelling, dynamic attack trees, attack ontologies,
dynamic taxonomies and dynamic, evidence based risk analysis), (ii) embedded algorithmic
accountability (in order to monitor the security, privacy and transparency of the
algorithms/software/systems/services), (iii) system-wide consistency including connection
between models, security/privacy/accountability objectives, policies, and functional
implementations, (iv) metrics to assess a secure, reliable and privacy-friendly development,
(v) secure, privacy-friendly and accountability-enabled programming languages (including
machine languages), hardware design languages, development frameworks, as well as secure
compilation and execution, (vi) novel, secure and privacy-friendly IoT architectures enabling
consistent trustworthy and accountable authentication, authorization and accounting services
across IoT devices/ecosystems with enhancement of Public Key Infrastructures (PKIs) aiming
to support PKI services (e.g. registration, revocation) for IoT devices.