“IoT supply chain security: challenges and impacts”

IoT Day Roundtable –  8. April 2024

Online roundtable with the participation of ENISA, NIST, EUROSMART, ECSO, BEUC, TUVIT, and EY.




The Concept

The DOSS – Secure-By-Design IoT Operation With Supply Chain Control – project aims to improve the security and reliability of IoT operations by introducing an integrated monitoring and validation framework to IoT Supply Chains, including all the relevant stakeholders. DOSS elaborates on a secure-by-design methodology and implements related technology based on formalized data exchange, component testing, and architecture modeling.

Read more

USPs outline

What is this solution offering that’s different?
End-to-end communication

The DOSS “Supply Trust Chain” connects all relevant stakeholders with a formalized communication flow to facilitate monitoring of the movement of IoT devices from manufacturers all the way to decommissioning.

Multi-level security testing

DOSS establishes a comprehensive testing model covering all IoT components, including the binary testing of IoT devices, black-box analysis of 3rd party applications, vulnerability assessment on open-source applications, and internal developments the result of which will provide solid evidence of the existence or absence of vulnerabilities.

Security modeling in digital twin

DOSS will use an AI-assisted, flexibly configurable cybersecurity digital twin to simulate already in the design phase the architecture of selected IoT operations to identify potential attack scenarios, to analyze their impact, and to elaborate the necessary countermeasures. 

Security feedback from operation

The DOSS IoT “Supply Trust Chain” also comprises the highly protected IoT operation itself, which is integrated into the communication loop to provide relevant security-related information to other actors of the IoT supply chain. 

Use Cases

Proof of domain independence 


use case

Smart home

Industrial /


use case

Prosumer cell



use case

Automated car

Latest news

A mix of research updates, insights, and scientific publications

Xanthopoulou G, Siavvas M, Kalouptsoglou I, Kehagias D, Tzovaras D. 2024. Software Requirements Classification: From Bag-of-Words to Transformer. WISP 2024.

Conference: Special Session on Intelligent Internet of Things Security and Privacy (WISP 2024) at the 21st International Conference on Distributed Computing and Artificial Intelligence (DCAI 2024), 26-28. June 2024, Salamanca, Spain Authors: Xanthopoulou G, Siavvas M, Kalouptsoglou I, Kehagias D, Tzovaras D. Abstract: Automated classification of software requirements is valuable…

Kalouptsoglou I, Siavvas M, Ampatzoglou A, Kehagias D, Chatzigeorgiou A. 2024. Vulnerability Classification on Source Code using Text Mining and Deep Learning Techniques. QRS 2024.

Conference: The 24th IEEE International Conference on Software Quality, Reliability and Security (QRS 2024), 1-5 July 2024, Cambridge, UK Authors: Kalouptsoglou I, Siavvas M, Ampatzoglou A, Kehagias D, Chatzigeorgiou A. Abstract: Nowadays, security testing is an integral part of the testing activities during the software development life-cycle. Over the years,…

The CRA and the New EU Cybersecurity Architecture

By Gaelle Le Gars, asvin GmbH   As we approach the end of the Von der Leyen commission mandate, now feels like the appropriate time to review just how much the EU regulatory landscape has changed in the last four years and how these new rules will materialise as they…


Stay in the know and receive all the latest updates straight to your inbox.