REWiring the Compositional Security Verification and Assurance of Systems of Systems Lifecycle
The REWIRE project ( REWiring the Compositional Security Verification and Assurance of Systems of Systems Lifecycle ) was created with the aim of developing a comprehensive cybersecurity framework that allows for the continuous evaluation, certification and protection of Internet of Things (IoT) devices throughout their entire lifecycle. In a context where the number of connected devices is expected to exceed 30 billion by 2025, and where the risks associated with cyberattacks, data breaches or service interruptions are multiplying, REWIRE aligns itself with the European Union Cybersecurity Act to provide verifiable and trusted solutions to an increasingly vulnerable market.
The project’s vision is to build a scalable and multifunctional platform that ensures the protection of open-source hardware and software through continuous security audits, cryptographic testing, component certification, patch management, runtime attestation, and blockchain- and artificial intelligence-based trust mechanisms. Under the principles of Zero Trust (“Never trust, always verify”) and Security by Design, REWIRE proposes that trust should never be assumed, but rather guaranteed through technical mechanisms at all stages of the device’s design, deployment, operation, and upgrade.
Key advances in the project include:
-
Formal verification of cryptographic protocols and open architectures, including the definition of RISC-V-based specific instructions (ISAs) to reduce vulnerabilities.
-
Firmware and software validation with secure patch management systems.
-
Lightweight and customizable trusted execution environments (TEEs) for real-time attestation.
-
Distributed detection of anomalous behavior, supported by blockchain and AI models, to respond autonomously to emerging threats.
-
Creating a “knowledge layer” capable of analyzing usage and behavioral metadata, defining dynamic policies that block potentially harmful instructions in open environments.
This comprehensive approach not only seeks to reduce the attack surface and strengthen device security, but also to generate new certification metrics that strengthen trust among the various actors in the value chain.
The validity and applicability of REWIRE will be tested in three strategic pilots: smart cities, automotive, and smart satellites. These scenarios have been selected for their technological and social criticality, as they represent sectors where security is not only a technical requirement, but also a guarantee for the continuity of services and the protection of citizens.
The expected impact is multiple. REWIRE will strengthen trust in digital infrastructures, open the door to new cyber insurance models adapted to the open hardware and software ecosystem, contribute to European standardization, and increase cybersecurity awareness throughout society. It will also generate new business opportunities around certification, consulting, and digital protection services.
Ultimately, REWIRE represents a commitment to a holistic, auditable, and sustainable approach to IoT cybersecurity, consolidating the foundations for a more connected, more reliable, and, above all, more secure Europe.
Project website: https://www.rewire-he.eu/
REWIRE is funded under Grant Agreement No. 101070627.