SECASSURED

As digital systems grow more complex and reliant on third-party components, ensuring their security becomes increasingly difficult, especially in the age of generative AI. In this context, the EU-funded SECASSURED project will develop AI-based tools for assurance-driven security engineering. Its goal is to help developers integrate software, hardware, and even AI components securely and in line with evolving EU regulations. The project offers virtual environments for automated security assessments and a holistic toolbox for continuous assurance-driven security engineering across the entire supply chain. By enabling secure integration and compliance from the ground up, SECASSURED helps build more resilient digital infrastructures ready to withstand cyber and hybrid threats.

The more complex and critical that many systems becoming nowadays, the more they are developed by integrating different (sub-)components, even third-party hardware/software components. With the pressure of time to market, and the ever-evolving security threats, getting more complicated than ever with the breakthroughs in Generative Artificial Intelligence (GenAI), how to enable more secure development and integrations of critical systems to be assured for security? These huge challenges must be addressed to make “secure services, processes and products, as well as to robust digital infrastructures capable to resist and counter cyber-attacks and hybrid threats” as called for in the EC’s Strategic Plan 2021-2024. Addressing exactly these challenges, the overall objective of SECASSURED is to deliver innovative security engineering solutions with (AI-based) security services to achieve novel holistic assurance-driven security engineering, capable of (1) increasing software, hardware and supply chain security by identifying cybersecurity and regulatory risks while integrating (both commercial and open-source) components, even third party ones, (2) providing virtual, secure environments for the automated assessment of system components including AI components and their secure integration, and (3) continuous assurance-driven security engineering with a holistic toolbox of (AI-based) security services. It paves the way of secure continuous system integration of (third-party) components, including AI components, across the computing continuum, and implements EC's evolving security and privacy regulations, as well as the strategy of human-centric AI.