The ability to observe the internals of an execution of a computer-based system is a fundamental requirement for ultimately ensuring correctness and safe behaviour. Within COEMS (Continuous Observation of Embedded Multicore Systems) a novel observer platform with supporting verification methods for software systems is created. COEMS tackles the issues of detection and identification of non-deterministic software failures caused by race conditions and access to inconsistent data. It gives insight to the system’s actual behaviour without affecting it allowing new verification methods. An efficient real-time access and analysis as a critical element for operating safe systems will be developed and validated by COEMS. Moreover, a cross-layer programming approach supporting failure detection will be proposed. COEMS aims at shortening the development cycle by considerably increased test efficiency and effectivity, by increased debug efficiency (especially for non-deterministically occurring failures) and by supporting performance optimization. COEMS improves the reliability of delivered systems, enabling software developers to identify, understand, and remove software defects before release, as well as improving efficiency of software for multi/many-core computing systems in terms of performance, real-time behaviour, and energy consumption. The two Global Players Thales Group and Airbus Group, both active in safety-critical domains, will validate the COEMS approach by suitable demonstrators, i.e. testing and debugging of real-world multicore applications. In addition to these two domains, we will address the domains of safety-critical medical applications, automation and automotive industry, as well as the Internet of Things. Technologically, COEMS will provide the world-wide first comprehensive online observation approach that is non-intrusive allowing improved testing and debugging. Altogether, COEMS will define a new state-of-the-art for software systems development.

According to the EU Cyber Resilience Act, “hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of EUR 5.5 trillion by 2021”. This is due to a low level of cybersecurity, reflected by widespread vulnerabilities and inadequate approaches for identifying and mitigating the rapidly and constantly evolving cyber threats and vulnerabilities, as well as ensuring continuous compliance with regulations, industry standards, and best practices. To reduce the impact of cyberattacks and increase the resilience of digital technologies, it is essential to assess the conformity to security standards of ICT products, services, and processes throughout their life cycle. However, the traditional conformity assessment process is predominantly a static and expensive one-time assurance activity that does not cater to the needs of agile product delivery, which promotes continuous product updates and upgrades, and often changes in requirements. Each such update opens doors to product vulnerabilities, and consequently poses cyber risks for product users and companies’ reputation. To avoid these issues, it is essential to enable a partial and continuous lean re-certification of ICT products, services, and processes, to empower manufacturers to prevent, detect, counter and quickly respond to cyber threats. In response to these challenges, the CERTIFAI project will develop an open software framework for cost-effective AI-driven continuous assessment and (re-)certification of ICT products and services, paving the way for a more secure and trustworthy EU’s digital world. Building on the EU Cybersecurity Act, CERTIFAI will leverage the established cybersecurity requirements, standards, and technical specifications to deliver an efficient approach for ensuring that a product, once certified, will continue to be compliant with relevant standards throughout its life cycle.

certMILS develops a security certification methodology for Cyber-physical systems (CPS). CPS are characterised by safety-critical nature, complexity, connectivity, and open technology. A common downside to CPS complexity and openness is a large attack surface and a high degree of dynamism that may lead to complex failures and irreparable physical damage. The legitimate fear of security or functional safety vulnerabilities in CPS results in arduous testing and certification processes. Once fielded, many CPS suffer from the motto: never change a running system. certMILS increases the economic efficiency and European competitiveness of CPS development, while demonstrating the effectiveness of safety & security certification of composable systems. The project employs a security-by-design concept originating from the avionics industry: Multiple Independent Levels of Security (MILS), which targets controlled information flow and resource usage amongst software applications. certMILS reduces certification complexity, promotes re-use, and enables secure updates to CPS throughout its life-cycle by providing certified separation of applications, i.e. if an application within a complex CPS fails or starts acting maliciously, other applications are unaffected. Security certification of complex systems to medium-high assurance levels is not solved today. The existing monolithic approaches cannot cope with the complexity of modern CPS. certMILS uses ISO/IEC 15408 and IEC 62443 to develop and applies a compositional security certification methodology to complex composable safety-critical systems operating in constantly evolving hostile environments. certMILS core results are standardised in a protection profile.certMILS develops three composable industrial CPS pilots (smart grid, railway, subway), certifies security of critical re-useable components, and ensures security certification for the pilots by certification labs in three EU countries with involvement of the authorities.