Your browser doesn't support javascript. This means that the content or functionality of our website will be limited or unavailable. If you need more information about Vinnova, please contact us.

Our e-services for applications, projects and assessments close on Thursday 25 April at 4:30pm because of system upgrades. We expect to open them again on Friday 26 April at 8am the latest.

CEST - Confidential Evaluation of Software Trustworthiness

Reference number
Coordinator Ericsson AB
Funding from Vinnova SEK 9 397 103
Project duration May 2021 - May 2023
Status Completed
Venture Advanced digitalization - Enabling technologies
Call Cybersecurity for advanced industrial digitalisation

Purpose and goal

Due to increased softwarerization of critical infrastructures governments are issuing security regulations on software security assurance. Manufacturer of, e.g. telco equipment must disclose their proprietary software code to 3rd party evaluators. But proprietary software contains intellectual property and disclosing source code across jurisdictions increases the risk of piracy and zero-day attacks. The project main goal was to research a solution that would allow the evaluation of software security and collection of assurance evidence without source code disclosure.

Expected results and effects

The project has designed a service that allows software vendors to submit their encrypted proprietary software to a secure platform, where the software is confidentially evaluated, and only evaluation results are exposed to authorized 3rd party evaluators. The source code is never disclosed. Two emerging technologies make the approach feasible: confidential computing and AI-powered software analysis tools. The project has implemented a proof-of-concept that shows the feasibility of the approach for Telco security assurance, but the approach applies to other industry sectors.

Planned approach and implementation

The project lasted 2 years May 2021 May 2023 with 4 partners: atsec, Ericsson, Hyker and RISE. Ericsson took the roles of project management and technical coordination. The work was divided into 4 working packages (WPs) and each WP consisted of several tasks. For each task, one partner was assigned to drive it according to the partner skills and competence. The major bulk of work was on the development and implementation of the proof-of-concept (PoC) that took extra time and resources to complete. The PoC is deployed as a Service for interested parties.

External links

The project description has been provided by the project members themselves and the text has not been looked at by our editors.

Last updated 30 June 2023

Reference number 2021-01690

Page statistics