We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Materializing Security in FI-WARE - FIWARE Forge Wiki

Materializing Security in FI-WARE

From FIWARE Forge Wiki

Jump to: navigation, search

Introduction

Contents

Following is a description of the assets that have been adopted as baseline for building a reference implementations of the GEs in the Security chapter of FI-WARE. The reference implementation of a Generic Enabler is typically based on the evolution and integration of a number of assets, some being open source, therefore publicly available, while others being provided by partners of the FI-WARE project. A Backlog of Themes, Epics, Features and User-Stories followed for the evolution and integration of assets linked to the reference implementation of a Generic Enabler is also included.

Finally, a list of topics still being addressed at a high level follows the description of assets in this chapter. They are mapped into Themes and Epics in the Chapter Backlog. Features and User-Stories, derived from refined of these Theme and Epics will be allocated to Backlogs linked to GEs in the future.

For a comprehensive vision on the Security chapter architecture, you can go here. We highly recommend you to read it before analyzing how reference implementations of GEs are being materialized.

The Roadmap of the Security chapter presents a description of the Technical Roadmap planned for the chapter, which will be developed through subsequent Releases of the FI-WARE Platform. Please also check the Releases and Sprints numbering, with mapping to calendar dates.

Security monitoring

Baseline Assets

  • Scapy: A packet manipulation tool used by the IoT Fuzzer.
  • XOvaldi: An OVAL interpreter written in Java, that allows to scan a system and check for known vulnerabilities.
  • Ontology handler: Provides the ability to generate a modeled representation of IS and vulnerabilities and to work on it.
  • Vulnerabilities OVAL scanner: Provides the ability to perform a deep inventory audit on installed softwares and applications, to scan and map vulnerabilities using non-intrusive techniques based on schemas Detect and to identify missed patches and hotfixes.
  • NVD: a vulnerability database developed by the National Institute of Standards and Technology, provides the information about a vulnerability’s effect.
  • MulVAL Attack Paths Engine: Provides the ability conducting multihost, multistage vulnerability analysis on a network, capturing the operating system behavior and the interaction of various components in the network and identifying attack traces.
  • Service-Level-SIEM: Provides an High performance and scalable SIEM.
  • Scored Attack Paths: Provides scoring capabilities for attack paths obtained from an attack graph.
  • Remediation: Provides remediation capabilities during the process of remediation of attack paths and graphs.
  • CVSS: Provides a universal open and standardized method for scoring IT vulnerabilities, vulnerability scores being representative of the actual risk to a FI-WARE framework.
  • Visualization Framework: Enables large quantities of data to be presented to users in ways that aid their understanding of it.
  • Botnet Tracking (Detection):Uses regular functions of the DNS to produce an analysis by correlating the information available

Themes

  • Security monitoring

Epics

Features

User-Stories

Unit Testing Plan

Product guides

Identity Management - One-IDM

Baseline Assets

Themes

  • Identity Management

Epics

Features

Unit Testing Plan

Product guides


Identity Management - DigitalSelf

Baseline Assets

Themes

  • Identity Management

Epics

Features

User-Stories

Unit Testing Plan

Product guides

Identity Management - GCP

Baseline Assets

Themes

  • Identity Management

Epics

Features

Unit Testing Plan

Product guides


Identity Management - KeyRock

Baseline Assets

Themes

  • Identity Management

Epics

Features

Unit Testing Plan

Product guides

Identity Management - Common demo for IDM privacy data handling

Baseline Assets

Themes

  • Identity Management

Epics

Features

Privacy Generic Enabler

Baseline Assets

Themes

  • Privacy Management

Epics

Features

Data Handling Generic Enabler

Baseline Assets

Themes

  • Data Handling
  • Access Control
  • Usage control


Epics

Features

Unit Testing Plan

Product guides


Authorization PDP Generic Enabler

Baseline Assets

Themes

  • API Access Control
  • Delegated Authorization
  • Authentication
  • Accounting
  • OAuth
  • REST
  • XACML

Epics

R3

R4

Features

R3

R4

GE renamed to: Authorization PDP.

R5

Product guides

PEP Proxy - Wilma

Baseline Assets

Themes

  • Indentity Management
  • Access Control
  • PAP
  • PDP
  • PEP

Epics

Features

Product guides

Context-based security and compliance

Baseline Assets


Themes

  • Context-based security and compliance

Epics

Features

Unit Testing Plan

Product guides

DB Anonymizer (Optional Security Enabler)

Baseline Assets

Themes

  • Database anonymization

Epics

Features

User-Stories

Unit Testing Plan

Product guides

Secure Storage Service (Optional Security Enabler)

Baseline Assets

Themes

  • Secure storage

Epics

Features

User-Stories

Unit testing Plan

Product guides


Malware Detection Service (Optional Security Enabler)

Baseline Assets

Themes

  • Malware Detection

Epics

Features

Unit Testing Plan

Product guides


Android Flow Monitoring (Optional Security Enabler)

Baseline Assets

Themes

  • Flow Monitoring

Epics

Features

Unit Testing Plan

Product guides

Content Based Security (Optional Security Enabler)

Baseline Assets

Themes

  • Content Based Security

Epics

Features

User-Stories

Unit Testing Plan

Product guides

Trustworthy Factory Generic Enabler

Baseline Assets

The Trustworthy Factory integrates the following assets:

  • Trustworthiness management
  • Development environment
  • Static analysis tools
  • Runtime tools
  • Trustworthiness Certification tool
  • Packaging and DTwC delivery

Themes

  • Java development
  • Source code static analysis
  • java applcation runtime analysis
  • Trusworthy evaluation
  • Digital Trustworthiness Certificate (DTwC)

Epics

Features

Unit Testing Plan

Product guides

Personal tools
Create a book