Meet our Project Partner: Laboratory of Embedded and Autonomous Systems of CEA-List

Security-By-Design is a critical approach to building secure systems from the ground up, ensuring that security measures are integrated early in the design and development processes. In the context of Medical IoT systems, this approach is fundamental as it helps mitigate risks such as data breaches, unauthorized access, and system manipulation, ultimately enhancing the safety and reliability of connected healthcare technologies.

The Laboratory of Embedded and Autonomous Systems of CEA-List is making progress in developing a model-based tool for Security-By-Design in Medical IoT systems, built atop the Papyrus Web platform. This tool aims to support the integration of security measures early in the design process, helping to reduce potential risks.

How CEA List is Contributing to Security-By-Design:

1. It develops a tool that incorporates a family of domain-specific languages specifically designed for modeling both the architecture and security aspects of IoMT systems. This approach allows for the seamless integration of security considerations into the architecture, ensuring that vulnerabilities are addressed from the outset of the design.

2. By integrating with reasoning engines, the proposed technology supports the use of component contracts. This helps verify the interactions between different components of the system, ensuring that security assumptions are met and system behavior remains predictable and secure.

3. The tool is capable of detecting and analyzing security architectural anti-patterns within the system design. This feature helps identify common security weaknesses or potential vulnerabilities early in the design phase, enabling teams to address them proactively.

4. The tool supports the generation of secure IoT code by incorporating state-of-the-art code analysis tools, such as Frama-C, into its code generation pipelines. This integration ensures that the generated code follows security best practices, allowing potential vulnerabilities to be identified before deployment.