CEST (Confidential Evaluation of Software Trustworthiness) project finished
Following the news published in early 2022, atsec would like to proudly announce a successful completion of the CEST (Confidential Evaluation of Software Trustworthiness) project – a Swedish research project funded by Vinnova.
The CEST project provides a confidential software security assurance environment enabling software supply chains to be compliant with regulations, standards, and corporate assurance requirements. It would possibly allow independent 3rd party evaluators to conduct software security analysis of vendor proprietary software, while preserving the confidentiality of the analysed software.
The proposed solution is based on Confidential Computing, which allows for confidential software analysis using a Trusted Execution Environment (TEE), a security technology that protects the execution of code and the confidentiality and integrity of data. The TEE ensures that the analysis is performed in a secure environment and that the results are trustworthy. This means that analysis tools used for software assurance can run inside a TEE thus protecting the Vendors sensitive Intellectual Property (IP). The CEST prototype is implemented as a SaaS platform, with software vendors having control over their sensitive IP in the form of source code, executables and CEST generated reports.
The project consortium was formed by four strong partners with individual backgrounds, Ericsson – a multinational networking and telecommunications company as the need owner, Hyker Security – an expert in confidential computing development, RISE (Research Institutes of Sweden) – a Swedish state-owned research institute with a cybersecurity focus, atsec – an independent information security assessment, testing and evaluation facility with more than 20 years of experience.
The project partners Ericsson, Hyker and RISE were the developers of the CEST prototype, while atsec complemented the team by providing testing and usability analysis of the CEST prototype to perform security evaluations of confidential software.
For more information about the CEST, please refer to the CEST project website.