Security at all Levels for Networked Systems and Devices in Critical Infrastructures

Digitalization is finding its way into all relevant branches of industry. The networking of IoT devices enables productivity increases (e.g. through intelligent control, effective remote maintenance, over-the-air updates) and the development of new business models. That is why originally isolated systems are increasingly being connected to networks and the Internet. Standardized components and network protocols are often used for this purpose. In some areas, interfaces for remote control are even required by law.

Increasing networking creates new and enlarged attack surfaces that can be exploited by attackers. Reliable and secure communication as well as high system security are therefore the most important key technologies to exploit the added value of digitalization, Industry 4.0, and Industrial IoT. In order to develop new solutions that address the security requirements of overall systems, researchers from the Institutes for IT Security and of Computer Engineering have joined forces with industry partners to form a new research project "Security on All Systems through Chains of Trust and Isolation - SASVI", which is funded by the German Federal Ministry of Education and Research (BMBF) with 3.9 million euros.

The project investigates new approaches to address existing problems in the development and operation of IoT solutions. "Problems with secure digitization in an industrial context arise from a lack of development support and inadequate analysis and configuration options during production and later operation," notes Prof. Berekovic from the Institute of Computer Engineering. To meet this challenge efficiently, it is essential to consider the security problem as a whole and to adopt a cross-level security approach instead of just securing individual subcomponents.

The SASVI project is a cooperation between NXP Semiconductors, SYSGO GmbH, KSB SE & Co. KGaA, SSV Software Systems GmbH, the FZI Research Center for Information Technology, and the Institutes of Computer Engineering and IT Security at the University of Lübeck.

This project is funded by the BMBF under grant number 16KIS1578.