The DOSS – Secure-By-Design IoT Operation With Supply Chain Control – project aims to improve the security and reliability of IoT operations by introducing to IoT Supply Chains an integrated monitoring and validation framework that includes all the relevant stakeholders. DOSS elaborates on a secure-by-design methodology and implements related technology based on formalized data exchange, component testing, and architecture modeling.


The DOSS – Secure-By-Design IoT Operation With Supply Chain Control – project aims to improve the security and reliability of IoT operations by introducing to IoT Supply Chains an integrated monitoring and validation framework that includes all the relevant stakeholders. DOSS elaborates a secure-by-design methodology and implements related technology based on formalized data exchange, component testing and architecture modelling.

The DOSS project establishes a “Supply Trust Chain” by integrating key stages of the IoT supply chain into a digital communication loop to facilitate security-related information exchange. The technology includes security verification of all hardware and software components of the modelled architecture. A new “Device Security Passport” will be defined, containing security-relevant information for hardware devices and their components. 3rd party software, open-source applications, as well as in-house developments will be tested and assessed. The centrepiece of the proposed solution is a flexibly configurable Digital Cybersecurity Twin, able to simulate diverse IoT architectures. It will employ AI for modelling complex attack scenarios, discovering attack surfaces, and elaborating the necessary protective measures. The digital twin will provide input for a configurable, automated Architecture Security Validator module which will assess and provide pre-certification for the modelled IoT architecture with respect of relevant, selectable security standards and KPIs. To also ensure adequate coverage for the back end of the supply chain the operation of the architecture will also be protected by secure device onboarding, diverse security and monitoring technologies and a feedback loop to the digital twin and actors of the supply chain, sharing security-relevant information.

The procedures and technology will be validated in three IoT domains: automotive, energy and smart home.


The DOSS IoT “Supply Trust Chain” establishes communication along the whole IoT supply chain between all relevant stakeholders. The availability and reliability of relevant and accurate security-related information inherently builds trust among the various key actors. Information is coded into a “Device Security Passport” the generation and access of which is strongly protected with a state-of-the-art Identity and Access Management system.

The protection of IoT architectures is assured on multiple levels with the DOSS technology. Besides the effective information exchange, extensive testing of the hardware and software components is performed. Only components which have successfully passed the testing programs are admitted to the modeling phase, to the digital cybersecurity twin, emulating IoT systems at various abstraction levels. The architecture design generated by the digital cybersecurity twin will pass through an architecture security validator which will automatically assess compliance, or the lack of it with legal regulations and industry standards. When all these steps are successfully concluded the IoT architecture design is considered secure and may be deployed also supported by automated onboarding technology.

The tested, modeled, and validated IoT architectures will also be monitored during their operation by various security modules including access management, attack detection, honeypot, malware detection, and control flow integrity validator, and this security platform will update the “Device Security Passport” with relevant security related information.

The DOSS IoT Supply Trust Chain


DOSS establishes the “Supply Trust Chain” which through the integrated use of the below modules assures that only validated components are included in the architecture; services are security modeled and validated against relevant standards and regulatory requirements; and operations are security monitored. The associated communication flow tracks the life cycle of IoT devices and applications as well as records all related security events and information.

Device Security Passport (DSP)

The Device Security Passport (DSP) will contain all relevant security information of an IoT component. This document will be linked to the identification of security properties during the design and testing phase of the IoT components and will also help for future certification and usage during the operational phase. The basis of the DSP will be existing standard documents like MUD from IETF, VEX, SBOM, and HBOM. This information will be extended to define different security conditions, and properties associated with the secure usage of the IoT component elaborating a combined, uniform structured machine processible data set.

DSPs will be stored encrypted on a secure, access-controlled platform, where their validity and integrity can be protected and privileged stakeholders will have finely-grained access rights to the documents. The use of DSP specifications will greatly increase the project’s potential impact.

Component Tester

The Component Tester module is screening devices based on their Device Security Passport (DSP) and assessing third-party software using binary code-validation techniques. To analyze open-source applications, a secure software verification platform is designed and developed, to predict and detect vulnerabilities. For in-house developments, a DevSecOps environment is adopted, which includes preset quality gates. These gates encompass various models like Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST). The Component Tester unifies all these features into a single cohesive unit, providing a comprehensive solution for testing and validating IoT components. The rigorous security testing and validation procedures ensure that only secure and reliable components are integrated into an IoT service architecture.

Digital Cybersecurity Twin (DCT)  

The Digital Cybersecurity Twin (DCT) will support the design of a secure, robust, and protected service environment. A digital twin of the IoT system will be created using infrastructure automation technologies that enable flexible configuration and creation of virtualized environments also using repositories of already implemented components. High-level models will be extracted from the low-level system description, and an AI-assisted model-based approach will be used to identify potential attack scenarios and to analyze their impact. Based on the impact analysis, the most impactful attacks will be identified and then mapped to specific attack steps. These attack steps will be tested on the digital twin to gain accurate information about their feasibility in the real world. Moreover, possible countermeasures will be recommended for each weakness identified during testing.

Architecture Security Validator  

The Architecture Security Validator will assess and pre-certify digital twin-modelled architecture configurations and ensure they meet relevant security criteria and Key Performance Indicators.
The module will formalize security standards and requirements, facilitating their automated evaluation. This involves the (semi)automated transformation of standards into a formal and uniform representation of criteria to which IoT systems must adhere. The goal is to address existing security assessment and compliance gaps, providing an automated, standardized, and quantifiable approach to ensure that IoT architectures adhere to the identified security standards. The module is adaptable to diverse IoT contexts and promises significant impacts in reducing IoT security flaws and reducing certification costs and time.

Onboarding Platform  

The Onboarding platform will be using information securely stored in and captured from the DSP to identify and configure devices in a secure way before providing access to the designated network of the architecture. The automated onboarding platform will use the information in the DSP to perform secure automated device onboarding, deployment of security policies associated to the IoT device profile and the same procedure will be used for firmware and software updates of devices. The process will facilitate the automated onboarding of even large number of units within a short period of time thus also reducing response time to threats. The platform will be composed and implementated using a series of technologies and protocols. The research has the goal to overcome known weaknesses of secure onboarding procedures and to provide a specification and implementation of the new onboarding technology.

IoTAC Platform  

The IoTAC platform is a range of integrated applications protecting IoT service architectures against diverse cybersecurity threats. The tools include an Identity and access management module, an AI-assisted attack detection system, multiple connected honeypots, a runtime monitoring system, a data repository, and an integrated management dashboard. The presently available modules will be extended with malware monitoring and control flow integrity technologies. Security countermeasures are implemented both at the hardware- and software level, which treat privacy and data security as topmost priorities. The platform not only protects and monitors IoT operations but also communicates with the DSP platform and other modules of the Supply Trust Chain regarding all security-relevant events of the protected environment.