If you are an energy grid operator dealing with third-party hardware vulnerabilities — this project developed a Trusted BOM mechanism that ensures every hardware layer is analyzed and secure. This prevents malicious components from compromising the power grid.
Automated Security Auditing for Hardware and Software Supply Chains
Imagine buying a complex machine where you don't know if every single screw and wire is genuine or if someone hid a secret trapdoor inside. This project builds a digital 'X-ray' and a detailed ingredient list for computers and software. It automatically checks every part for hidden flaws so you can trust the tech you buy from other companies.
What needed solving
Companies cannot verify if the hardware and software they buy from third parties contain hidden security flaws or backdoors. This creates a massive risk of cyberattacks that are hard to detect using standard tools.
What was built
A toolbox for auditing hardware and software security, including a Trusted BOM mechanism and automated evaluation tools like SASTer for Python and C/C++.
Who needs this
Who can put this to work
If you are a satellite manufacturer dealing with microarchitectural attacks on processors — this project developed tools to detect vulnerabilities at the IP Core level. This ensures that high-value hardware is secure-by-design before launch.
If you are a software vendor dealing with vulnerabilities in third-party code libraries — this project developed a toolbox using fuzzy hashing and symbolic execution to audit software modules. This allows for the rapid delivery of secure, trusted updates.
Quick answers
What is the cost or pricing for these tools?
Based on available project data, specific pricing is not mentioned, but the project is funded by a EUR 4,998,250 EU contribution to develop the solutions.
Can this be deployed at an industrial scale?
The project aims for a TRL4 for the entire platform, meaning it is designed for validation in laboratory or pilot environments rather than full industrial scale at this stage.
How is the IP and licensing handled?
Based on available project data, the project focuses on the business exploitation of the proposed tools to ensure rapid adoption, though specific license terms are not listed.
How does this integrate with existing supply chains?
It integrates by generating a Trusted BOM (Bill of Materials) that systematically analyzes every hardware and software layer in a computing system.
What is the timeline for availability?
The project period runs from 2023-10-01 to 2026-09-30, suggesting the final validated solutions will be ready by late 2026.
Who built it
The consortium is heavily industry-driven, with 11 industrial partners representing 73% of the group. This high ratio, combined with 7 SMEs across 11 countries, indicates a strong focus on commercial viability and practical application rather than purely academic research.
Contact ATHINA-EREVNITIKO KENTRO KAINOTOMIAS for technical specifications
Talk to the team behind this work.
Contact us to connect with the RESCALE consortium for pilot testing opportunities.