Presentation is loading. Please wait.

Presentation is loading. Please wait.

Context-based Security & Compliance GE Features available as per 2 nd Major Release PRRS: Context-based Security & Compliance GE.

Published byShirley Downs Modified over 9 years ago

Similar presentations

Presentation on theme: "Context-based Security & Compliance GE Features available as per 2 nd Major Release PRRS: Context-based Security & Compliance GE."— Presentation transcript:

1 Context-based Security & Compliance GE Features available as per 2 nd Major Release PRRS: Context-based Security & Compliance GE

2 Scope of the Context-Based Security & Compliance GE  To provide the security layer of FI-WARE with context-aware capabilities to support additional security requirements through the optional security enablers developed in FI-WARE (not provided by the generic FI-WARE security services (Security Monitoring, Identity Management, Privacy, Data Handling)): DBAnonymizer Secure Storage Service Malware Detection Service Content-based Security  To provide, together with optional security services search and deployment, run-time reconfiguration that will allow use cases both deal with unpredictable context changes and ensure the compliance with the security requirements

3

4 Main Features of the Context-Based Security & Compliance GE  Selection of security requirements that can be provided through PRRS framework by SecurityName SecuritySpec SecurityRules  Selection of optional security enablers to be deployed from FI-WARE Marketplace GE  Detection of anomalous behavior or non-conformances in end-user context environments: to monitor the status of the deployed security services to detect unavailability to monitor changes in the end-user context environment to detect validation rule violations  Deployment of the optional security enablers

5 Context-Based Security & Compliance Architecture (1)

6 Context-Based Security & Compliance Architecture (2)  PRRS Framework: core of the Generic Enabler controls the rest of the components of the GE by processing requests from end-user applications and orchestrating the deployment of the optional security enablers selected provides run-time support to end-users and client applications for performing dynamic selection & deployment of optional security enablers to support additional security requirements

7 Context-Based Security & Compliance Architecture (3)  Rule Repository: to allow the generic enabler to store and manage compliance requirements to trigger PRRS framework when some rule will be modified so that the framework could take the necessary actions in case of the modification must be taken into account on compliance measurements  Context Monitoring: to detect anomalous behavior or non-conformances in end-user context environments

8 Security Specifications and Security Rules  Security Specification: Any single security requirement that can be supported by a security service (encryption, authentication, accountability…). They are expressed with USDL-SEC vocabulary. For example: usdl-sec:hasSecurityGoal=anonymity  Security Rule: A set or security specifications that describes a complex security agreement that must be fulfilled commonly by two (or more) entities. They are expressed with USDL-SEC vocabulary and integrated in a SecurityProfile. For examples: Data Protection security rule to apply data protection laws from a country or FI Domain (such as Healthcare or Telecommunication).

9 How to use CBS&C?  Define your additional security requirements  Define your context/constraints: Preferences (e.g. usdl:hasSecurityProvider=ATOS) Configuration (e.g. OperativeSytem=Linux)  CBS&C will deploy the security service that better matches your requirements and will provide you the endpoint to access and its usdl. CBS&C request Context Monitoring Security Solutions

10 What are the advantages?  CBS&C automatically will search in the FI-WARE Marketplace available services and select one based on your security requirements, preferences and context.  CBS&C automatically will download and deploy the selected service if it is not running in the Service Provider facilities  CBS&C will monitor the selected services to check they are available and compliant with your requirements and context (which could have unpredictable changes)  In case of detecting not compliance or not availability, CBS&C automatically will reconfigure the service or substitute it by another with the same specifications in a transparent way for the user.

11 10 Demo of Context –based Security & Compliance GE

12 Request for Security Solution:  It is possible to indicate or select security requirements with one of the following options: By service name: DBAnonymizer http://86.24.57.14:7777/bobApp By security rule: ReIdentificationRisk http://86.24.57.14:7777/bobApp

13 Request for Security Solution (2):  It is possible to indicate or select security requirements with one of the following options (continue): By security specifications: securityGoal anonymity http://86.24.57.14:7777/bobApp

14 Request for Security Solution (3):  It is possible to include a list of user-context constraints (which are optional) that must be considered by the PRRS in the selection of the security services: context information related to usdl attributes (not usdl-sec) provided as preferences by the user to be considered in the selection of services configuration parameters to be considered in the selection or deployment of the services context data published the user in the FI-WARE Context Broker GE

15 Context-based Security&Compliance Web Client  security request written in xml (must be included in the XML Request box): CBS http://86.24.57.14:7777/bobApp </clientEndpoint  Do Post must be selected to send it to the PRRS Framework  Go! is pressed  Response frame with the URL where the implementation of the optional security enabler selected by the PRRS Framework is deployed and accessible.

16 Context-based Security&Compliance Web Client (2)

17 References  Context-based Security & Compliance Open Specifications: https://forge.fi- ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.OpenSpecification.Security.Context- based_security_&_compliance  Context-based Security & Compliance-User’s and Programmer’s Guide: https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/Context- based_security_%26_compliance_-_User_and_Programmers_Guide  Context-based Security & Compliance-Installation and Administration Guide: https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/Context- based_security_%26_compliance_-_Installation_and_Administration_Guide

Download ppt "Context-based Security & Compliance GE Features available as per 2 nd Major Release PRRS: Context-based Security & Compliance GE."

Similar presentations

Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc. 408-861-3003 June 7,

Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc June 7,
Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.

Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.
Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
The following 10 questions test your knowledge of desired configuration management in Configuration Manager 2007. Configuration Manager Desired Configuration.

The following 10 questions test your knowledge of desired configuration management in Configuration Manager Configuration Manager Desired Configuration.
THE CORE PROJECT Jose Jimenez (project manager). What is the Core platform?

THE CORE PROJECT Jose Jimenez (project manager). What is the Core platform?
LeadManager™- Internet Marketing Lead Management Solution May, 2009.

LeadManager™- Internet Marketing Lead Management Solution May, 2009.
The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE: Semantic Application Support Generic Enabler FI-PPP Webinars Ivan Martinez.

The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE: Semantic Application Support Generic Enabler FI-PPP Webinars Ivan Martinez.
Martin Wagner and Gudrun Klinker Augmented Reality Group Institut für Informatik Technische Universität München December 19, 2003.

Martin Wagner and Gudrun Klinker Augmented Reality Group Institut für Informatik Technische Universität München December 19, 2003.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?

Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.

Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Think. Learn. Succeed. Aura: An Architectural Framework for User Mobility in Ubiquitous Computing Environments Presented by: Ashirvad Naik April 20, 2010.

Think. Learn. Succeed. Aura: An Architectural Framework for User Mobility in Ubiquitous Computing Environments Presented by: Ashirvad Naik April 20, 2010.
Semantic Rich Internet Application (RIA) Modeling, Deployment and Integration Zoran Balkić, Marina Pešut, Franjo Jović Faculty of Electrical Engineering,

Semantic Rich Internet Application (RIA) Modeling, Deployment and Integration Zoran Balkić, Marina Pešut, Franjo Jović Faculty of Electrical Engineering,
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Similar presentations

Ads by Google