In the OPTET (OPerational Trustworthiness Enabling Technologies) project we are using a multi-disciplinary and integrated approach to identify and address the drivers of trust and confidence, and also to fight against its erosion (especially true on the Internet or Cloud). The focus of the project is on socio-technical systems connected to the Internet. The resulting technologies enabling trustworthiness will be verified on two distinct existing execution platforms to demonstrate the genericity of the OPTET outcomes. Their potential will be demonstrated and evaluated in the context of two operational use-cases, one in the domain of Ambient Assisted Living (AAL) and the other in Cyber Crisis Management.
Our work focused on developing techniques for modelling the trust in and trustworthiness of Internet based systems, and creating tools that allow system designers to use these models when developing new systems. We built on earlier work from SERSCIS, and developed ontologies that can be used to describe the high level structure of IT systems, and encode knowledge from experts on trust and security regarding potential threats and security mechanisms that can be used to counter them.
We then created a Secure System Designer (SSD, see image above) that allows designers to create graphical models of their systems and apply this knowledge to their own design. The SSD then allows a user to browse the list of identified threats and specify security controls that should be implemented in the system. A report can then be generated listing all the threats and saying which will be addressed by the selected control mechanisms. This directly addresses the most difficult step when using risk management standards like ISO 27001, that of identifying risks and showing how they are addressed by security measures.
The OPTET project significantly increases the trustworthiness of IT and Services and thus strengthen the competitiveness of the European software and service industry. In doing so, OPTET provides a powerful foundation for designing and developing systems, services and apps that stakeholders can trust.
OPTET has received EC research funding.