First International Workshop on lightweight and Incremental Cybersecurity Certification

CyberCert 2020 - September 7, 2020, all-digital workshop

Scope

With the entry into force of the EU Cybersecurity Act on June 27 2019, an EU wide cybersecurity certification framework will be defined for information and communication technology (ICT) products, services, and processes. One of the motivations for the adoption of this new EU regulation is that “the limited use of certification leads to individual, organizational and business users having insufficient information about the cybersecurity features of ICT products, ICT services, and ICT processes, which undermines trust in digital solutions.” The Cybersecurity Act aims to improve trust in products, services, and processes by defining an EU-wide certification framework consisting of cybersecurity certification schemes that specify common cybersecurity requirements and evaluation criteria across national markets and sectors. Cybersecurity certification will be voluntary, and only sector specific standards will specify the conditions under which cybersecurity certification will be mandatory.

The underlying assumption in the EU cybersecurity act is that products, services and processes that are certified will be viewed as more trustworthy by users. Companies going through certification would thus benefit from a competitive advantage. Cybersecurity certification suffers from an image as a costly and time consuming process. One of the keys to success for the EU cybersecurity act is to promote standards that are lightweight, flexible and incremental in order to encourage organisations to voluntarily certify their ICT products, services, and processes.

The objective of the workshop is to establish a state of the art for cybersecurity certification, and to provide a forum for exchange of ideas between researchers working on cybersecurity and certification issues, and security experts whose technologies could be applied to certification. CyberCert 2020 seeks high-quality research and experimentation contributions in the form of well-developed full papers. Topics of interest encompass research advances in all areas of security, trust and privacy in relation to certification. Topics of particular interest are the following: lightweight certification schemes, approaches that integrate security engineering and certification processes, and incremental certification. CyberCert 2020 brings together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers.

Topics of Interest

Topics of interest include but are not limited to:

  • Integration of security engineering and certification processes
  • and incremental certification
  • lightweight certification schemes, e.g. for SME
  • Assessment tools for products, services and processes
  • Analysis of security and privacy issues in Certification
  • Models for authentication and privacy management related to certification
  • Audit and accountability related to certification
  • Policy models and policy management related to certification
  • Dynamic security techniques and certification

Agenda and accepted papers

TimeTitleAuthors and affiliation
14:00-14:30 Introduction to workshop and EU cyber security act Philippe Massonet - workshop chair
Governance and certification
14:30-15:00 How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security Certification Tobias Fiebig - TU Delft
15:00-15:30 From Lightweight Cybersecurity Assessment to SME Certification Scheme in Belgium Christophe Ponsard, Philippe Massonet, Jeremy Grandclaudon - CETIC Research Centre
Nicolas Point - Multitel
15:30-15:45 Coffee break
Product and process level certification
15:45-16:15 Towards Incremental Safety and Security Requirements Co-Certification Andrea Morgagni - LEONARDO Cybersecurity Philippe Massonet, Sébastien Dupont, Jeremy Grandclaudon - CETIC Research Center
16:15-16:45 Cybersecurity Certification for Agile and Dynamic Software Systems – a Process-Based Approach Volkmar Lotz - SAP Security Research
16:45-17:15 JCMathLib:Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets Vasilios Mavroudis - University College London, Petr Svenda - Masaryk University
17:15 Conclusions and end of the workshop Philippe Massonet - workshop chair - workshop chair

Program Committee

NameOrganisation
Florent Kirchner CEA
Andrea Morgagni LEONARDO
Volkmar Lotz SAP
Tiziano Inzerilli ISCOM
Pascal Bisson THALES
Fabio Martinelli CNR
Jeremy Grandclaudon CETIC
Nicolò Maunero CINI

Practical information

Venue

All-digital workshop, co-located with IEEE EuroS&P 2020 all-digital conference.

Registration
CyberCert workshop registration is now open via the conference website: https://ieee-euro-sp-2020.consorzio-cini.it/

Proceedings Publication

Publication of CyberCert 2020 proceedings is through IEEE Xplore in a volume accompanying the main IEEE EuroS&P 2020 proceedings.

Organization

SPARTA H2020 project (https://www.sparta.eu/).