1 / 17

Context-based Security & Compliance GE Features available as per 2 nd Major Release

Context-based Security & Compliance GE Features available as per 2 nd Major Release. PRRS: Context-based Security & Compliance GE. Scope of the Context-Based Security & Compliance GE.

betty
Télécharger la présentation

Context-based Security & Compliance GE Features available as per 2 nd Major Release

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Context-based Security & Compliance GE Features available as per 2nd Major Release PRRS: Context-based Security & Compliance GE

  2. Scope of the Context-Based Security & Compliance GE • To provide the security layer of FI-WARE with context-aware capabilities to support additional security requirements through the optional security enablers developed in FI-WARE (not provided by the generic FI-WARE security services (Security Monitoring, Identity Management, Privacy, Data Handling)): • DBAnonymizer • Secure Storage Service • Malware Detection Service • Content-based Security • To provide, together with optional security services search and deployment, run-time reconfiguration that will allow use cases both deal with unpredictable context changes and ensure the compliance with the security requirements

  3. Main Features of the Context-Based Security & Compliance GE • Selection of security requirements that can be provided through PRRS framework by • SecurityName • SecuritySpec • SecurityRules • Selection of optional security enablers to be deployed from FI-WARE Marketplace GE •  Detection of anomalous behavior or non-conformances in end-user context environments: • to monitor the status of the deployed security services to detect unavailability • to monitor changes in the end-user context environment • to detect validation rule violations • Deployment of the optional security enablers

  4. Context-Based Security & Compliance Architecture (1)

  5. Context-Based Security & Compliance Architecture (2) • PRRS Framework: • core of the Generic Enabler • controls the rest of the components of the GE by processing requests from end-user applications and orchestrating the deployment of the optional security enablers selected • provides run-time support to end-users and client applications for performing dynamic selection & deployment of optional security enablers to support additional security requirements

  6. Context-Based Security & Compliance Architecture (3) • Rule Repository: • to allow the generic enabler to store and manage compliance requirements • to trigger PRRS framework when some rule will be modified so that the framework could take the necessary actions in case of the modification must be taken into account on compliance measurements • Context Monitoring: • to detect anomalous behavior or non-conformances in end-user context environments

  7. Security Specifications and Security Rules • Security Specification: Any single securityrequirement that can be supported by a security service (encryption, authentication, accountability…).They are expressed with USDL-SEC vocabulary. For example: usdl-sec:hasSecurityGoal=anonymity • Security Rule: A set or security specifications that describes a complex security agreement that must be fulfilled commonly by two (or more) entities. They are expressed with USDL-SEC vocabulary and integrated in a SecurityProfile. For examples: Data Protection security rule to apply data protection laws from a country or FI Domain (such as Healthcare or Telecommunication).

  8. How to use CBS&C? • Define your additional security requirements • Define your context/constraints: • Preferences (e.g. usdl:hasSecurityProvider=ATOS) • Configuration (e.g. OperativeSytem=Linux) • CBS&C will deploy the security service that better matches your requirements and will provide you the endpoint to access and its usdl. CBS&C Security Solutions request Context Monitoring

  9. What are the advantages? • CBS&C automatically will search in the FI-WARE Marketplace available services and select one based on your security requirements, preferences and context. • CBS&C automatically will download and deploy the selected service if it is not running in the Service Provider facilities • CBS&C will monitor the selected services to check they are available and compliant with your requirements and context (which could have unpredictable changes) • In case of detecting not compliance or not availability, CBS&C automatically will reconfigure the service or substitute it by another with the same specifications in a transparent way for the user.

  10. Demo of Context –based Security & Compliance GE

  11. Request for Security Solution: • It is possible to indicate or select security requirements with one of the following options: • By service name: <securityRequest> <serviceName>DBAnonymizer</serviceName> <clientEndpoint>http://86.24.57.14:7777/bobApp</clientEndpoint> </securityRequest> • By security rule: <securityRequest> <securityRule><name>ReIdentificationRisk</name></securityRule> <clientEndpoint>http://86.24.57.14:7777/bobApp</clientEndpoint> </securityRequest>

  12. Request for Security Solution (2): • It is possible to indicate or select security requirements with one of the following options (continue): • By security specifications: <securityRequest> <securitySpec> <param>securityGoal</param> <value>anonymity</value> </securitySpec> <clientEndpoint>http://86.24.57.14:7777/bobApp</clientEndpoint> </securityRequest>

  13. Request for Security Solution (3): • It is possible to include a list of user-context constraints(which are optional) that must be considered by the PRRS in the selection of the security services: • context information related to usdl attributes (not usdl-sec) provided as preferences by the user to be considered in the selection of services • configuration parameters to be considered in the selection or deployment of the services • context data published the user in the FI-WARE Context Broker GE

  14. Context-based Security&Compliance Web Client • security request written in xml (must be included in the XML Request box): <securityRequest>          <serviceName>CBS</serviceName>        <clientEndpoint>http://86.24.57.14:7777/bobApp</clientEndpoint> </securityRequest> • Do Post must be selected to send it to the PRRS Framework • Go! is pressed • Response frame with the URL where the implementation of the optional security enabler selected by the PRRS Framework is deployed and accessible.

  15. Context-based Security&Compliance Web Client (2)

  16. References • Context-based Security & Compliance Open Specifications: https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.OpenSpecification.Security.Context-based_security_&_compliance • Context-based Security & Compliance-User’s and Programmer’s Guide: https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/Context-based_security_%26_compliance_-_User_and_Programmers_Guide • Context-based Security & Compliance-Installation and Administration Guide: https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/Context-based_security_%26_compliance_-_Installation_and_Administration_Guide

More Related