Aim. CASCAde investigates whether one can certify an interconnected dynamically changing system in such a way that one can prove its security properties to another without disclosing sensitive information about the system's blueprint.

We call this paradigm confidentiality-preserving security assurance.

Hypotheses. CASCAde set out to answer the following hypotheses:

  1. New cryptographic techniques for graph signatures and proof systems can be developed
  2. We can achieve soundness that holds for graph signatures as well as the represented systems
  3. Graph signatures and topology certification scale to large-scale systems
  4. The topology certification can accommodate rapidly changing and evolving systems.
  5. Confidentiality-preserving security assurance is usable by users and will increase human trust in the overall system
  6. Confidentiality-preserving security assurance can offer new approaches to architectural design of dependable and secure system.


Objectives. Our hypotheses translate into multiple objectives:

  1. Cryptography - to develop primitives to certify and proof properties of graphs.
  2. Soundness - to bind graph signatures to underlying system configurations.
  3. Scale and Change - to perform well in large-scale dynamically changing systems.
  4. Usability - to be trustworthy and usable by end users.
  5. Architecture - to establish an architecture for next-generation security assurance.
  6. Prototypes - to pilot the technique in realistic application scenarios.