The project focuses on industrial research in cybersecurity, privacy, data governance technologies, and end-user training. It aims to solve the challenges of Spanish companies in the digital relationships of a hyper-connected world and an economy based on data.
General objectives of the project
For the economy to be “healthy” it is essential to be safe, reliable and trustworthy. It is, therefore, necessary to ensure the different actions that can be carried out on the data:
- Ensure the data origin and its treatment, clearly identifying who are the agents/entities that participate in its collection, storage, communication, etc.
- Provide mechanisms to ensure its privacy, property and intention of use, and always satisfying the applicable regulations and contractual requirements in the confidentiality terms established.
- Facilitate mechanisms to store it, communicate it safely and, above all, make it available to potential users in the manner required for possible exploitation.
- Make all those involved in the data processing aware that this is an asset that must be managed with the utmost care and respect, and always ensuring their safety
The objective of the SecureWorld project is to consider from a holistic point of view, the security aspects that must be applied in a hyper-connected world. Three fundamental aspects must be considered:
- The processes: From the point of view of security processes, four phases are established: prevention, preparation, crisis management and recovery. In this project we will focus on prevention, which includes all the actions that are carried out to prevent attacks.
- The technology: Protecting a liquid asset such as information in a technological context with exponential growth is an increasingly difficult task. We must design new techniques to be able to offer innovative models of trust in distributed data exploitation environments. Techniques that are also resistant to computational growth that is currently exceeding Moore’s Law itself, and that in linear solution problems will be compromised by quantum computing.
- People: In any security scenario, it is essential to attend to human factors, since cybercriminals are aware that, in certain circumstances, people can become the weakest link in the chain of protection and custody. The technique known as Cyber Range, consists of creating a virtual platform that simulates most of the elements that comprise the real operating environment to train cybersecurity agents, both individually and collectively.
All the above aspects should be covered with both static and dynamic protection measures. Static measures protects accesses, systems and data from the intrusion of unauthorized agents. Dynamic measures are measures that address the identification of threats, based on behavior patterns observed in attacks that have already happened in the past. Similarly, the algorithms themselves must be protected by cybersecurity techniques.
Specific technical objectives of the project
OT1 – Research and experimentation of a new management system, for identity access and custody of information using Blockchain technology.
OT2 – Design of new protection techniques that guarantees authenticity and protects the intellectual property.
OT3 – Study and experimentation of new cryptographic techniques that allow the execution and processing of sensitive information in unreliable environments.
OT4 – Experimentation of new models of virtual file systems that provide greater security and confidence in the protection of data.
OT5 – Study of the unsupervised detection of concept drifts to evaluate the spread of the consequences of the attack and its degree of impact on the system.
OT6 – Exploration and design of models based on measures of similarity between samples (neighborhood and kernel methods) for antagonistic learning.
OT7 – Training of security professionals through the virtual platform (Cyber Range) that facilitates the performance of security experiments and training.
OT8 – Validation of the technology developed through the experimentation of components in complex systems.
Work plan and methodology
Work package1 WP1: Data and service sovereignty.
- Design of an innovative technological platform that aims to solve the challenge of data custody and management, as well as the provision of services. Due to this, third parties can offer services on their data without posing a risk to its protection.
- Blockchain technology will be the custody engine and the enviroment for a secure execution of the information. Thus, the owner of the data will be able to create a Smart Contract without ever exposing the data to the outside. It will also work on the protection of services (Intellectual Property) in an environment shared with other companies and with the client himself.
T1.1: Identity and access management
T1.2: Traceability of the use and exploitation of data and services
T1.3: AI and analytics for governance
Work package 2 WP2: Enabling technologies for the security and privacy of data and services
- The main objective is the research on cybersecurity technologies that can offer a more secure exploitation of current information systems. For this, we are going to focus on research in security controls that affect the following aspects:
- Information encryption: data and digital content.
- Secure of operating environments (File systems)
- Securization of communications in systems of systems and IoT environments.
- Protection of operating systems: monitoring, detection of anomalies and attack patterns.
T2.1: Encryption Mechanism
T2.2: Secure file systems
T2.3: Securization of IoT environments
T2.4: AI and analytics for cybersecurity
Work package 3 WP3: Training and Usability
- The objective of this PT is focused on facilitating an improvement in the performance of people in the matter of cybersecurity when they face an interaction with business systems. In this sense, two essential points are raised:
- Improving people’s abilities through training.
- Improving the capacities of the systems themselves in interpreting critical situations and / or potential threats.
T3.1: Cyber Ranges
T3.2: Advanced Visualization and Interaction
Work package 4 - WP4. Use and Validation Scenarios
- The main objective of WP4 is to validate the technologies and results developed throughout the project, as well as to validate their operation and usefulness through conceptual demonstrators focused on solving real problems in different sectors:
- B2B: with special incidence in industrial and manufacturing sectors.
- B2C: specific in the management of personal data.
- Business networks: hybrid scenario with a multitude of agents of different nature (companies, people, devices, …)
T4.1: Definition and deployment plan of scenarios
T4.2: B2B Scenarios
T4.3: B2C Scenarios
T4.4: Business networks
Analysis and design of a security architecture that allows guaranteeing the sovereignty of the data, enabling the transfer and exploitation of the data by third parties without compromising its security.
Confidentiality of data, content and services
Research on cybersecurity technologies that can offer a higher level of confidentiality. The research should focus on the experimentation of advanced cryptographic techniques that allow the safe custody and safe execution of data and services in unreliable systems (of third parties), without compromising its security.
Data Analytics for Governance and Logical Security
Research and adaptation of data analytics techniques that can be used automatically to detect cyber threats according to learned patterns, favoring preventive actions against the risk of cyber attacks.
Training of People:
Development and training of the skills of professionals in business environments (responsible for security or not), including experimentation, testing and validation of new concepts, technologies and techniques in cybersecurity and cyber defense. Create experiences in environments that simulate / emulate vulnerabilities, attack scenarios and / or real-world use cases.