Certus researchers have been successful in attracting innovative projects from the last IKTPLUSS programme on reducing digital vulnerabilities. Two projects, led by Certus project leaders were granted in the programme, namely TSAR (led by Senior Research Scientist D. Marijan, leader of Certus P10) and SecureIT (led by Chief research scientist L. Moonen, leader of Certus P9).
10 MNOK from Forskningsrådet
“Cyber-attacks are becoming a significant concern in public transport services today, which creates a huge demand for an innovative technology that can help prevent attacks”, said Dusica Marijan, senior research scientist at Simula.
She and Simula colleague Arnaud Gotlieb are the main people behind the Tsar-project, a project that deals with AI-driven testing of false data injection attacks against transport infrastructures. The project aims to develop a technology that will improve the detection of one type of digital vulnerability in transportation infrastructures, namely false data injection attacks (FDIA).
“Our main goal is to create an AI-based technology which will improve the safety in public transportation systems. We are very pleased to be granted funding to work on this topic. This will allow us to hire researchers and buy the equipment we need to get started. We will most likely start the research in April next year,” she states.
Marijan and Gotlieb, with their collaborators Statsat AS, NCA (Kystverket), Professor Legeard from the French University of Bourgogne Franche-Comté and Smartesting, and Professor Wotawa from the Graz University of Technology, will be focusing on three different application areas: Vessel traffic services in marine transport, air traffic control, and vehicular ad-hoc networks (connected cars).
“The project is expected to enhance the capabilities of current traffic management systems with AI-driven FDIA generation and detection technology, building the ground for more secure self-driving vessels, aircrafts, and cars.”
24 MNOK from the Research Council
“I was very happy to learn that the project was accepted,” said Leon Moonen, chief research scientist at Simula. “This particular IKTPLUSS call provided exactly the right context and constraints to make a research endeavor of this size feasible and I deeply appreciate that the reviewers and RCN agreed to fund the proposed work.”
His project, Secure IT, is about reducing security vulnerabilities in software development by providing software engineers with intelligent automated software security assessment technology. The idea behind the project is to make software more robust while being developed, mostly by detecting if and how it deviates from what is normally done in similar systems.
“The easiest way of explaining it is to use a metaphor. When you write a program, you are writing a recipe for the computer, not unlike writing a recipe for, for example, making bread. Our project aims at learning common patterns of secure software development, similar to how many recipes for bread have a common pattern. Now imagine you are writing a new recipe for bread and forget a step, such as letting it rise, or taking it out of the oven, the results of your baking would be bad. Our project aims to develop intelligent support systems that would help a developer recognize when they have forgotten an important step in the development of secure software systems, by alerting them how their program is different from what is usually done.”
Moonen explains that there are some solutions on the market today that recognize manually written security patterns, but that these are relatively simplistic, and there is a lack of automated detection of more complicated patterns. The SecureIT project aims to do something about this by using machine learning and data mining to automatically learn patterns of good behavior shared by existing software systems, and then use these patterns to detect deviations.
“One of the nice things of this approach is that we can build up the knowledge about these patterns over time, gradually adding patterns as we learn more, which will then help to detect an increasing amount of security vulnerabilities during software development.”