CEST - Confidential Evaluation of Software Trustworthiness

Purpose and goal

As software-defined architectures and networks are increasingly used in ICT critical infrastructures, regulators and services providers are demanding evidence of software trustworthiness. The CEST project (Confidential Evaluation of Software Trustworthiness) will research and develop novel technologies, processes and methodologies that will enable security analysis of proprietary sensitive software, while preserving its confidentiality. As a result, enterprises and organizations will be able to streamline assurance processes and hence trust in 3rd party software.

Expected results and effects

The expected results comprise: - A confidential computing environment platform with the corresponding tools and documentation for confidential evaluation of software trustworthiness. - Representative test use cases applied to the Telco industry domain with methodologies for security software assurance, suggestions for standardization and a demonstrator of the proposed architecture feasibility. - A description of the value proposition for different actors in the software assurance value chain: vendors, suppliers, technology provides and accredited auditing companies.

Planned approach and implementation

The 2-year project is divided into four work packages (WP) - WP1 Management & Technical Coordination is active during the 24-month project. - WP2 Research & Studies lasts 6 months and collects market and technical requirements for the design of the confidential assurance architecture, its development and exploitation. - WP3 Development, Integration and Verification lasts 12 months and implements the assurance environment platform prototype with the necessary analysis tools. - WP4 Dissemination lasts 6 months and will handle communication of the outcome among stakeholders.