Project information
CCAT - Cybersecurity Certification and Assessment Tools (CCAT)

The CCAT project proposes to adapt four advanced open-source tools developed through academic research in cybersecurity to address existing challenges and support the practical implementation of new regulations.

These tools are:
1) TLS-Scanner, for evaluating the security of operational systems by analyzing TLS clients and servers.
2) SCRUTINY, which provides versatile assessment capabilities for cryptographic implementations, hardware devices, and software libraries, including black-box setups.
3) ALVIE, designed to test embedded security architectures for high-level vulnerabilities.
4) sec-certs, a tool for analyzing certification landscapes and the relationships between certification documents and certified products.

CCAT aims to redesign these tools to meet the needs of a broader user base engaged in cybersecurity assessment and certification. The methodology relies on three pillars:

1) Purpose-driven enhancements, supported by feedback from a diverse group of users, including a multinational enterprise (RedHat), medium-sized cybersecurity firms (CYBER and MONET+), an academic spin-off (10Sec), a start-up focused on security hardware (TropicSquare), and a high-performance computing center (UTARTU).
2) Usability research, employing security experiments to refine user interactions and enhance practical applicability.
3) An exploitation strategy, aligned with the emerging EU regulatory framework for security certification.

By addressing these objectives, CCAT seeks to advance the practical implementation of cybersecurity regulations, enabling improved assessment and certification processes across diverse application scenarios.