New research call “Trustworthy IT ecosystem”
On September 11, 2023, the Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) will launch a call for proposals for the research project “Ecosystem Trustworthy IT” (ÖvIT) to strengthen the cybersecurity of IT systems. The aim is to develop methods for the formal verification of security properties in hardware and software in order to make them consistently verifiably secure. Proposals can be submitted until November 30.
“The tender,” says project manager Dr. Sebastian Jester, “focuses on two core elements: The development of technologies and tools for end-to-end formally verified IT components and the establishment of an ecosystem of IT developers among commercial providers and end users.”
Formal verification” provides mathematical and logical proof that IT systems are free of security vulnerabilities. The approach enables a previously unattainable level of protection, especially for highly complex systems. However, current verification methods are time-consuming and require specialist knowledge. To overcome these hurdles, the Cyberagentur is launching the “Ecosystem for Trustworthy IT” (ÖvIT) as a major new research project.
“ÖvIT’s innovative approach is to apply formal verification to software and hardware across the board, while making the tools for this more accessible, easier to use and more efficient,” explains Dr. Jester, Head of Secure Hardware and Supply Chains in the Cyberagentur’s Secure Systems department. A key feature of the approach is the focus on simpler usability – for example, the ability to make changes to a computer program without having to verify everything from scratch, but only the changed parts. Another focus is on active community building. This is because the mathematical and logical processes used are specialist knowledge, even among computer scientists, and are not easy or quick to apply to hardware and software of today’s complexity. The new community is intended to offer researchers a platform to exchange ideas and work together to make formal verification applicable to more complex systems and with a greater degree of automation and to (further) develop the methods and software tools required for this. The aim is also to introduce more junior staff to formal verification.
The selected project(s) will define and implement reference systems of different levels of complexity, from simple microprocessors ideally up to servers. Initial tests will focus on less complex systems in order to approach the aim in stages. The Cyberagentur had the possible approach investigated in five ÖvIT preliminary studies.
A successful project could fundamentally change the landscape of IT security with an ecosystem of researchers, commercial providers and companies and public institutions on the application side. The project has the potential to close common security gaps in a variety of IT systems, whether standard office systems or hardened IT for critical infrastructure or national security, and to spread the “cybersecurity by design” philosophy more widely.
Researchers have until November 30, 2023 to formulate concepts and submit proposals to the Cyberagentur. Companies, research institutions, universities and natural persons based in the European Union (EU), the European Economic Area (EEA), Switzerland, NATO member states, Australia and New Zealand can participate in the pre-commercial procurement process.
The invitation to tender was published in the Supplement to the Official Journal of the European Union with the award number 2023/S 173-542341: https://www.evergabe-online.de/tenderdocuments.html?0&id=536095
Further information: https://www.cyberagentur.de/oevit/