With around 1,400 employees, the AIT Austrian Institute of Technology is Austria's largest non-university research institution. It occupies a leading position in innovation in Austria and also plays a key role at European level as the research and technology institution that deals with the central infrastructure issues of the future. As a national and international hub at the interface between science and industry, the AIT scores with its scientific and technological competence, experience in the markets, close customer ties and an outstanding research infrastructure.
Enterprise Architect enables close connection to industry
Thanks to its close ties with industry, the Lieber.Group (SparxSystems CE, LieberLieber, Sparx Services CE, ThreatGet) has also been cooperating with the AIT for years. In this context, the AIT also uses the Enterprise Architect modelling platform for the development of new digital systems. Christoph Schmittner, MSC, is an expert for secure cyber-physical systems in the AIT research group "Dependable Systems Engineering": "Before we started modelling with Enterprise Architect, we also looked at purely scientifically oriented systems. However, due to our close cooperation with industry, it quickly became clear that we would opt for Enterprise Architect. With its many interfaces and extensions, the modelling platform offers us an ideal technical connection to the industrial world." The possibility of using self-created MDG (model driven generation) technologies is also used intensively, for example to create suitable development languages for specific areas.
ThreatGet: Cyber-Security by Design
About four years ago, the AIT Center for Digital Safety & Security began developing a tool for security analyses of systems in security-critical application areas with the help of Enterprise Architect. Driven by positive feedback, this developed into the cyber security product ThreatGet, which is now marketed by Lieber.Group via partners. The product was presented to the public in June 2019 and has since received several awards (eAward 2020, Constantinus Award 2021). Peter Lieber, founder and owner of the Lieber.Group, says: "As specialists in model-based software and system development, our close cooperation with the AIT keeps our finger on the pulse of industry-related research. We are therefore particularly pleased that the Enterprise Architect modelling platform we distribute now occupies an important place at the AIT. Over the years, we have been able to realise various developments together, and with ThreatGet, a product for the currently booming cybersecurity market has also emerged."
ThreatGet enables ongoing cyber security risk analysis throughout the development process, enabling the essential security concept of "security by design" to be carried out in the age of globally networked systems, where the security architecture of a new system is taken into account and built in from the concept blog. ThreatGet was developed as a plug-in for the Enterprise Architect modelling tool and guarantees, for example, that vehicle manufacturers comply with the new European Security Directive according to ECE level (UNECE WP29) on cyber security.
Connecting LemonTree with ThreatGet
Schmittner gives regular presentations in which he explains how the tool can be used in the cooperation between the automotive industry and suppliers. LieberLieber's "LemonTree" is a model versioning tool that is becoming more and more widespread in the automotive industry: "By using LemonTree in conjunction with ThreatGet, it is now also possible to send a supplier only the part of the entire system model that it needs for its development work. The supplier can thus carry out its development work with cyber security risk analysis running in parallel and then sends the finished model back to the vehicle manufacturer, who integrates it back into the overall model with the help of LemonTree." This example shows how close the cooperation with AIT works, which also always seeks the connection to industrial usability.
VALU3S: EU research project with 41 partners from ten countries
The EU research project VALU3S aims to reduce the development effort of automated systems with regard to security, cybersecurity and data protection requirements. To this end, 41 partners from 10 countries are working together. The VALU3S project focuses on accelerating verification and validation (V&V) in the development process throughout the development cycle. Verification is the testing of a component with regard to its compliance with the required properties. The validation carried out in the next step examines whether the specified usage goals are actually met in a practical experiment. Dipl.-Ing. Rupert Schlick, another expert in the AIT research group "Dependable Systems Engineering": "Here, too, we build on many years of experience. For example, we have developed a family of special tools for the automated creation of software tests based on Enterprise Architect. In the VALU3S project, we are now creating a specific modelling language that we will ultimately make available to all partners as MDG technology."
VALU3S will cover V&V of automated systems in six different sectors: Automotive, Agriculture, Rail, Healthcare, Aerospace and Industrial Robotics. For a V&V process, detailed test cases as well as requirement specifications have to be defined across different situations. It is a particular challenge to find suitable test cases that are also representative of real-world scenarios.
About AIT
The AIT Austrian Institute of Technology is Austria's largest non-university research institution. With its eight centres, the AIT sees itself as a highly specialised research and development partner for industry. In the Center for Digital Safety & Security, state-of-the-art information and communication technologies (ICT) and systems are developed to make critical infrastructures secure and reliable in the context of comprehensive and global networking and digitalisation. In the Dependable Systems Engineering (DSE) research area, experts have been investigating the interactions between safety, security and reliability for many years and developing new methods and tools to ensure the holistic safety of systems. The experts play a leading role in the industry standards of tomorrow, e.g. ISO TC 22 (automotive sector), ISO TC 299 (robotics), IEC TC 56 (dependability), IEC TC 62 (medicine), IEC TC 65 (control technology for industrial processes) and AIOTI WG03 (M2M). These many years of experience and expertise are also made available to customers in the form of training and consulting.
www.ait.ac.at/en