The project "Intelligent design of secure, distributed applications based on decentralised security technolgies" explores a development environment that enables secure data transfer in networks.
In the FIDEST project, a framework for the intelligent design of secure distributed applications is being developed. The basic idea is that the user, who is not necessarily an expert, models their application with an intuitive editor and the develped framework is generated automatically. The framework should already meet the requirements of an optimally executable code framework ready for distribution on the basis of decentralised security technologies (blockchain, smart contracts but also 2-factor authentication).
FIDEST does not provide an isolated solution for a specific subproblem and is independent of cloud providers or software manufacturers. Rather, it comprehensively supports the application developer in all IT security issues from the conception and development of their applicaton to the simulation of attack or scaling scenarios, always taking into account performance conditions and implementation costs.
For the implementation of the joint research project FIDEST, the development work is carried out hand in hand between Reutlingen University and the company partner bbg bitbase group GmbH – in the context of of application-oriented research. With the close exchange of knowledge and the key technologies relevant to the project, a two-way transfer takes place which is of benefit to both sides. For the company, the research results mean a strengthening of its innovative power, expanded competencies, but also valuable competitive advantages and access to completely new markets. For Reutlingen University, the company cooperation reinforces its research activities and ensures practice-oriented and up-to-date teaching.
"Perfect software at the push of a button - that is still a vision of the future," says José Enrique Gómez Asbeck, Managing Director of bitbase. The fine-tuning is still done by programmers. But FIDEST is helping to find a common language between customer and developer and to develop prototypes faster. Instead of waiting several weeks, the customer can get an impression of a user interface after just a few hours, some of it even already clickable. "But it's not about cutting back on staff," Gómez emphases. Rather, the programmers at bitbase are to be relieved of mindless code work. Everyone benefits from the time saved, the software contains fewer errors and is more user-friendly.
FIDEST uses artificial intelligence methods to calculate a security score and automatically generates the code for the required security technology such as blockchain or 2-factor authentication
Together with bbg bitbase group GmbH, Reutlingen University is developing models and model transformations that enable FIDEST to automatically translate user requirements into technical architecture models. This starts with the design and implementation of the metamodel for the user requirements, which offers the FIDEST user the most intuitive modelling of their application model possible. Particularly noteworthy are novel model elements such as trust relationships, which are formally modelled for the first time and quantified using data science methods. Furthermore, in the metamodel for technical architectures, a holistic model can be developed for the first time that incorporates new security concepts such as distributed, tamper-proof databases.
The focus of the generic model to be developed is on the field of artificial intelligence (AI) and its subfield machine learning (ML). In ML, the system learns from training examples and then applies it to new problems. Within machine learning, Artificial neural networks (ANNs) are very efficient at processing information. In FIDEST, AI is applied in several opposing models to optimise the software. These AI models compete against each other. This approach is currently used in simulations of human sports. In football, for example, two opposing teams can compete with each other in this way. This procedure can be transferred to the metamodel to be developed in FIDEST. By creating several AI models using machine learning, the data flows within the generic model can be optimised by the competitive approach. At the same time, security aspects are constantly being challenged by the actions of the models against each other.
The ANNs are trained to detect and penetrate competing security gaps. The goal of the competing ANNs is to crack the hash and create their own blockchains, to view data and change it. Accordingly, the generic model of FIDEST is constantly evolving and thus becoming more and more secure. As a result, FIDEST creates a metamodel that enables the simple formulation of data flows and security requirements for a wide range of applications, independent of cloud providers and software manufacturers. The generic model to be developed is structured like a kind of semantic graph that contains components to compare and evaluate security scenarios. Accordingly, the user receives a recommendation as to which security aspects should be taken into account.
Active graph transformation and analysis procedures are also being developed for translating the models into one another and guiding the user through automatically derived suggestions.
The Reutlingen-based company bbg bitbase group GmbH is involved in the joint research project as a cooperating partner. For the bbg bitbase group, user innovations are at the forefront, i.e. innovations that directly affect a large number of software consumers are in the focus. The company sees its involvement in development work as an entry into a new field of technology. Data is seen as the raw material of the future and thus has enormous value within companies. Nevertheless, it is impossible for SMEs in particular to ensure the necessary security requirements for protecting sensitive company data, often due to the costs but also to a lack of know-how. With the development of a framework for the intelligent design of secure, distributed applications based on decentralised security technologies, the company would like to give its customers an answer to the increasing threats from hacker attacks. With the FIDEST project, the bbg bitbase group is expanding its technological expertise from that of an original ERP provider to one that provides specialised IT security modelling environments for the widest range of web applications. By means of usage-dependent business models, such as price per token, the development will be be made accessible to a broad, industry-independent mass. As a first target market, the developed FIDEST environment will be offered to other software development companies or development departments of large companies. This has the advantage that a broad coverage can be achieved both in terms of industries and size classes of software systems and the distribution of FIDEST. In addition, the sales strategy focuses on spreading the FIDEST system as widely as possible in order to create a "market standard" in the long term. By participating in the development, the bbg bitbase group strengthens its innovative power and secures valuable competitive advantages on the market for the future.
The project is funded by the Central Innovation Programme for SMEs (ZIM) of the Federal Ministry for Economic Affairs and Energy.
Das Projekt wird über das Zentrale Innovationsprogramm Mittelstand (ZIM) des Bundesministeriums für Wirtschaft und Energie gefördert.
Framework for the intelligent design of decentralised security technologies
TO THE ARTICLE
Award for bbg research partner for excellent technology transfer Neckar-Alb
TO THE ARTICLE
FIDEST supports application developers in all IT security issues from conception to development and simulation of attack scenarios
Prof. Dr.-Ing. Anja Braun