Ruben Radwan Tognetti

01 January 2017

31 December 2019

EC funded project


VESSEDIA proposes to enhance and scale up modern software analysis tools to enable using them on a wider range of applications than embedded safety-critical applications (in the Nuclear, Transportation, Energy supply, Process control and Space areas).

Developers will benefit from the outcome of the project when developing connected applications. At the forefront of connected applications is the Internet of Things, whose growth is exponential and whose security and safety risks are real (for instance in hacked smart phones or smart home devices). VESSEDIA will take this domain as a target for demonstrating the benefits of using V&V tools on connected applications.

Who is the project designed for?

VESSEDIA addresses medium-criticality markets such as Cloud computing, IoT, Big Data, AI, and horizontal markets such as Operating Systems and middleware, using techniques that have proven their efficiency in high-criticality markets (transportation, energy production and supply, space and aeronautics). The tools and methodologies researched and developed in VESSEDIA target developers, project managers, evaluators, certifiers and customers.

Besides, the VESSEDIA use cases will cover several application domains, ranging from Operating Systems to network protocols and embedded applications, and may therefore interest other players in these domains as well as in the IoT domain in general.

How is your project benefitting the end-user?

In the fast evolving world we live in, the Internet has brought many benefits to individuals, organisations and industries. With the capabilities offered now (such as IPv6) to connect billions of devices and therefore humans together, the Internet brings new threats to software developers and VESSEDIA will allow connected applications to be safe and secure. With software powering more than 80% of the functionalities inside modern ICT systems, the safety and security of these systems can be a major differentiator.

From industrial process control and aircraft navigation system, to electricity supply grids and supervision networks, this observation has extended in the past few months to networked objects such as health tracking devices or home automation appliances.
The project will increase the safety and security of modern ICT systems as well as the trust that European citizens can have in these ICT systems.

Please briefly describe the results your project achieved so far

One of the main achievements during the past months was the completion of two main reports on:

  1. the “Security objectives for connected medium security-critical applications” which provides a set of minimum requirements for networked products, specifically IoT devices, and
  2. the “Use-cases requirements” that describes the use-cases’ security objectives and threats.

Another main achievement is the definition of the use-cases and their partial analysis. The IoT use-cases are being analysed formally using Frama-C and VeriFast and modelled using Papyrus in order to verify security properties inherent as well as low-level run-time properties. These verifications are done using deductive and abstract interpretation methods. This work is in progress.

In parallel, the V&V tools have evolved, especially Papyrus, Diversity, Frama-C and VeriFast. Frama-C version 16, code Sulfur, has been released in November 2017.

What are the next steps for your project?

"The project will continue in several main technical directions. Among these we can mention:

  • A verification server is being defined, in order to consider verification tasks within Frama-C as services that can be done remotely from standard Frama-C analysis tasks.
  • The development of a prototype for generating code-level specifications from higher-level models is continuing. The aim is to bridge the gap between modelling tools Papyrus and Diversity and Frama-C to generate and prove sequence properties of the code from models.
  • Furthermore, extensive analyses of the use-cases are continuing with the aim of verifying exhaustively security properties and extracting as much faults as possible from the code. Contiki OS V3 has been replaced by Contiki OS NG, to which analysis scripts have been ported."


Vertical Category: