High-level Description. FI-WARE Security July 2011. Overview. The overall ambition of the Security Architecture of FI-WARE is to demonstrate that the Vision of an Internet that is "secure by design" is becoming reality
PowerPoint Slideshow about ' FI-WARE Security July 2011' - lilika
An Image/Link below is provided (as is) to download presentation
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
The overall ambition of the Security Architecture of FI-WARE is to demonstrate that the Vision of an Internet that is "secure by design" is becoming reality
FI-WARE GEs to be developed and/or integrated as part of the Security chapter will comprise:
A set of GEs for a number of shared security concerns (i.e. identity and access management as well as privacy and auditing) that are considered core and therefore present in any FI-WARE Instance.
A set of optional Security GEs to address current and future requests from concrete Usage Areas.
An advanced security monitoring system that covers the whole spectrum from acquisition of events up to display, going through analysis but also going beyond thanks to a digital forensic tool and assisted decision support in case of cyber attacks.
The Identity Management GE is a core Security GE that provides services to its relying parties via open protocols such as OpenID [OpenId] and OASIS SAML v2.0 [Saml] (Security Assertion Markup Language).
Motivated by the IoT, the enabler also covers new user attributes such as things, as well as it manages the identity of things themselves (attributes, current users, location, use history, etc). The large number of sensors and mobile devices poses new challenges; identity federation and single-sign-on support ease of use.
Access control rules (how can access the data and under which condition)
Usage control rules (how the data should/must be treated after being collected and for which purpose).
Obligations can also been expressed in order to force a data controller to perform an obligation on the data after collecting it (ex. Deletion after a certain period, user notification when the data is used or shared, etc.)
Security monitoring is the first step towards understanding the real security state of a future internet environment and, hence, towards realising the execution of services with desired security behaviour and detection of potential attacks or non-authorized usage.
Security monitoring is focused essentially on monitoring alarms from network equipment, systems and security sensors. By the collection, filtering and correlation of data from large-scale heterogeneous environments, including sensitive data from security tools and devices, SCADA events, raw sensor data, suspicions behaviours, etc., coupled with a dynamic risk analysis engine, decision making support and role-oriented visualization engine, the security stakeholders can take appropriate actions to prevent and mitigate the impact of abnormal behaviour.