Following the news published in early 2022, atsec would like to proudly announce a successful completion of the CEST (Confidential Evaluation of Software Trustworthiness) project – a Swedish research project funded by Vinnova.
The CEST project provides a confidential software security assurance environment enabling software supply chains to be compliant with regulations, standards, and corporate assurance requirements. It would possibly allow independent third-party evaluators to conduct software security analysis of vendor proprietary software while preserving the confidentiality of the analysed software.
The proposed solution is based on Confidential Computing, which allows for confidential software analysis using a Trusted Execution Environment (TEE), a security technology that protects the execution of code and the confidentiality and integrity of data. The TEE ensures that the analysis is performed in a secure environment and that the results are trustworthy. This means that analysis tools used for software assurance can run inside a TEE, thus protecting the vendor’s sensitive Intellectual Property (IP). The CEST prototype is implemented as a SaaS platform, with software vendors having control over their sensitive IP in the form of source code, executables and CEST-generated reports.
The project consortium was formed by four strong partners with individual backgrounds: Ericsson – a multinational networking and telecommunications company as the need owner, Hyker Security – an expert in confidential computing development, RISE (Research Institutes of Sweden) – a Swedish state-owned research institute with a cybersecurity focus, and atsec – an independent information security assessment, testing, and evaluation facility with more than 20 years of experience.
The project partners Ericsson, Hyker, and RISE were the developers of the CEST prototype, while atsec complemented the team by providing testing and usability analysis of the CEST prototype to perform security evaluations of confidential software.
For more information about the CEST, please refer to the CEST project website.
CEST (Confidential Evaluation of Software Trustworthiness) project finished
·