SciTransfer
RESCALE · Project

Automated Security Auditing for Hardware and Software Supply Chains

digitalTestedTRL 4

Imagine buying a complex machine where you don't know if every single screw and wire is genuine or if someone hid a secret trapdoor inside. This project builds a digital 'X-ray' and a detailed ingredient list for computers and software. It automatically checks every part for hidden flaws so you can trust the tech you buy from other companies.

By the numbers
15
Total deliverables
11
Industry partners
4
Target TRL level
The business problem

What needed solving

Companies cannot verify if the hardware and software they buy from third parties contain hidden security flaws or backdoors. This creates a massive risk of cyberattacks that are hard to detect using standard tools.

The solution

What was built

A toolbox for auditing hardware and software security, including a Trusted BOM mechanism and automated evaluation tools like SASTer for Python and C/C++.

Audience

Who needs this

Hardware security auditorsCritical infrastructure operatorsEmbedded systems manufacturersCybersecurity compliance officers
Business applications

Who can put this to work

Critical Infrastructure
enterprise
Target: Energy Grid Operator

If you are an energy grid operator dealing with third-party hardware vulnerabilities — this project developed a Trusted BOM mechanism that ensures every hardware layer is analyzed and secure. This prevents malicious components from compromising the power grid.

Defense and Aerospace
enterprise
Target: Satellite Manufacturer

If you are a satellite manufacturer dealing with microarchitectural attacks on processors — this project developed tools to detect vulnerabilities at the IP Core level. This ensures that high-value hardware is secure-by-design before launch.

Software Development
SME
Target: Cybersecurity Software Vendor

If you are a software vendor dealing with vulnerabilities in third-party code libraries — this project developed a toolbox using fuzzy hashing and symbolic execution to audit software modules. This allows for the rapid delivery of secure, trusted updates.

Frequently asked

Quick answers

What is the cost or pricing for these tools?

Based on available project data, specific pricing is not mentioned, but the project is funded by a EUR 4,998,250 EU contribution to develop the solutions.

Can this be deployed at an industrial scale?

The project aims for a TRL4 for the entire platform, meaning it is designed for validation in laboratory or pilot environments rather than full industrial scale at this stage.

How is the IP and licensing handled?

Based on available project data, the project focuses on the business exploitation of the proposed tools to ensure rapid adoption, though specific license terms are not listed.

How does this integrate with existing supply chains?

It integrates by generating a Trusted BOM (Bill of Materials) that systematically analyzes every hardware and software layer in a computing system.

What is the timeline for availability?

The project period runs from 2023-10-01 to 2026-09-30, suggesting the final validated solutions will be ready by late 2026.

Consortium

Who built it

The consortium is heavily industry-driven, with 11 industrial partners representing 73% of the group. This high ratio, combined with 7 SMEs across 11 countries, indicates a strong focus on commercial viability and practical application rather than purely academic research.

How to reach the team

Contact ATHINA-EREVNITIKO KENTRO KAINOTOMIAS for technical specifications

Next steps

Talk to the team behind this work.

Contact us to connect with the RESCALE consortium for pilot testing opportunities.