Presentation on theme: "Context-based Security & Compliance GE Features available as per 2 nd Major Release PRRS: Context-based Security & Compliance GE."— Presentation transcript:
Context-based Security & Compliance GE Features available as per 2 nd Major Release PRRS: Context-based Security & Compliance GE
Scope of the Context-Based Security & Compliance GE To provide the security layer of FI-WARE with context-aware capabilities to support additional security requirements through the optional security enablers developed in FI-WARE (not provided by the generic FI-WARE security services (Security Monitoring, Identity Management, Privacy, Data Handling)): DBAnonymizer Secure Storage Service Malware Detection Service Content-based Security To provide, together with optional security services search and deployment, run-time reconfiguration that will allow use cases both deal with unpredictable context changes and ensure the compliance with the security requirements
Main Features of the Context-Based Security & Compliance GE Selection of security requirements that can be provided through PRRS framework by SecurityName SecuritySpec SecurityRules Selection of optional security enablers to be deployed from FI-WARE Marketplace GE Detection of anomalous behavior or non-conformances in end-user context environments: to monitor the status of the deployed security services to detect unavailability to monitor changes in the end-user context environment to detect validation rule violations Deployment of the optional security enablers
Context-Based Security & Compliance Architecture (2) PRRS Framework: core of the Generic Enabler controls the rest of the components of the GE by processing requests from end-user applications and orchestrating the deployment of the optional security enablers selected provides run-time support to end-users and client applications for performing dynamic selection & deployment of optional security enablers to support additional security requirements
Context-Based Security & Compliance Architecture (3) Rule Repository: to allow the generic enabler to store and manage compliance requirements to trigger PRRS framework when some rule will be modified so that the framework could take the necessary actions in case of the modification must be taken into account on compliance measurements Context Monitoring: to detect anomalous behavior or non-conformances in end-user context environments
Security Specifications and Security Rules Security Specification: Any single security requirement that can be supported by a security service (encryption, authentication, accountability…). They are expressed with USDL-SEC vocabulary. For example: usdl-sec:hasSecurityGoal=anonymity Security Rule: A set or security specifications that describes a complex security agreement that must be fulfilled commonly by two (or more) entities. They are expressed with USDL-SEC vocabulary and integrated in a SecurityProfile. For examples: Data Protection security rule to apply data protection laws from a country or FI Domain (such as Healthcare or Telecommunication).
How to use CBS&C? Define your additional security requirements Define your context/constraints: Preferences (e.g. usdl:hasSecurityProvider=ATOS) Configuration (e.g. OperativeSytem=Linux) CBS&C will deploy the security service that better matches your requirements and will provide you the endpoint to access and its usdl. CBS&C request Context Monitoring Security Solutions
What are the advantages? CBS&C automatically will search in the FI-WARE Marketplace available services and select one based on your security requirements, preferences and context. CBS&C automatically will download and deploy the selected service if it is not running in the Service Provider facilities CBS&C will monitor the selected services to check they are available and compliant with your requirements and context (which could have unpredictable changes) In case of detecting not compliance or not availability, CBS&C automatically will reconfigure the service or substitute it by another with the same specifications in a transparent way for the user.
10 Demo of Context –based Security & Compliance GE
Request for Security Solution: It is possible to indicate or select security requirements with one of the following options: By service name: DBAnonymizer By security rule: ReIdentificationRisk
Request for Security Solution (2): It is possible to indicate or select security requirements with one of the following options (continue): By security specifications: securityGoal anonymity
Request for Security Solution (3): It is possible to include a list of user-context constraints (which are optional) that must be considered by the PRRS in the selection of the security services: context information related to usdl attributes (not usdl-sec) provided as preferences by the user to be considered in the selection of services configuration parameters to be considered in the selection or deployment of the services context data published the user in the FI-WARE Context Broker GE
Context-based Security&Compliance Web Client security request written in xml (must be included in the XML Request box): CBS
Context-based Security&Compliance Web Client (2)