D3.1 Common Framework Handbook 1 - CyberSec4Europe€¦ · for holistic cybersecurity and privacy...

i

Proposal No. 830929 Project start: February 1, 2019 Call H2020-SU-ICT-03-2018 Project duration: 42 months

�

�

�

D3.1 Common Framework Handbook 1

Document Identification

Due date 31 October 2019 Submission date 31 October 2019 Revision 1.0

Related WP WP3 Dissemination Level

PU

Lead Participant

UMU Lead Author Antonio Skarmeta (UMU)

Contributing Beneficiaries

UMU, DTU, KUL,

UM, VTT

Related Deliverables

D4.1

Abstract: This document presents deliverable “D3.1 – Common Framework Handbook 1”, that describes the first version of CyberSec4Europe common framework, which will used as baseline and reference document for the WP3 research activities. D3.1 describes the common template devised to describe, in an interoperable way, the project’s assets. Besides, the document includes the CyberSec4Europe global functional architecture, intended to organize the main functional components needed to cope with the WP3 research goals. In addition, the document includes the list of assets identified so far in the project and the mapping between the WP5 Pilot’s requirements and the particular assets that fulfil those requirements.

Ref. Ares(2019)6962259 - 11/11/2019

CyberSec4Europe D3.1 – Common Framework Handbook 1

This document is issued within the CyberSec4Europe project. This project has received funding from the European Union's Horizon 2020 Programme under grant agreement no. 830929. This document and its content are the property of the CyberSec4Europe Consortium. All rights relevant to this document are determined by the applicable laws. Access to this document does not grant any right or license on the document or its contents. This document or its contents are not to be used or treated in any manner inconsistent with the rights or interests of the CyberSec4Europe Consortium and are not to be disclosed externally without prior written consent from the CyberSec4Europe Partners. Each CyberSec4Europe Partner may use this document in conformity with the CyberSec4Europe Consortium Grant Agreement provisions and the Consortium Agreement. The information in this document is provided as is, and no warranty is given or implied that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability.

iii

Executive Summary This deliverable is the first outcome of Task 3.1 which aims to assess the level of originality, detail, sustainability and conformity of the models and results towards the CyberSec4Europe vision, providing a common ground for their development. Thus, this tasks formulates the realistic progress of the project, impact potential, defines the feedback for the project research activities in WP3 managing the progress of the CyberSec4Europe ecosystem. In this regard, this deliverable describes the first Common Framework Handbook, including the approach followed in Cybersec4Europe in order to manage the cybersecurity research activities and organise the progress behind the building blocks of the CyberSec4Europe ecosystem. It includes the common templates and cybersecurity taxonomies adopted in the project to describe, in a common and interoperable way, the research activities and assets devised, evolved, implemented and tested in the scope of the project. The common framework also includes a general global architecture, split in different planes, aimed to organize how different WP3 research activities and cybersecurity enablers fit and interact with each other for holistic cybersecurity and privacy management. Additionally, this document recaps the set of enablers and assets, classified per WP3 task, which have been identified in the project to fulfil the WP3 goals, and includes the mapping between what is demanded in WP5 Pilots, and the assets, available in WP3, that address those Pilot’s requirements.

iv

Document information Contributors

Name Partner Jorge Bernal Bernabe UMU Antonio Skarmeta UMU Davy Preuveneers KUL Alberto Lluch Lafuente DTU Alba Hita UMU Liliana Pascuale UCD Boštjan Kežmah UM Halunen Kimmo VTT Antonio Lioy POLITO

Reviewers

Name Partner Liina Kamm CYBER Vasileios Gkioulos NTNU

History

0.1 2019-07-15 UMU Initial Outline

0.2 2019-09-5 DTU, KUL, UCD, VTT First Contributions from partners on Section 4

0.3 2019-09-15 UMU Introduction section, section 3, Section 5. C24EU Architecture

0.4 2019-10-10 DTU, KUL, UCD, VTT Contributions from partners Section 5-6

0.5 2019-10-15 DTU, KUL, UCD, VTT, UM, POLITO

Contributions from partners Section 4.3

0.6 2019-10-17 UMU Conclusions and minor edits 0.7 2019-10-28 Cyber, NTNU Internal Review 1.0 2019-10-29 UMU Address reviewer’s comments.

Final document, ready for submission.

v

List of Contents 1 Introduction ............................................................................................................................................ 1

1.1 Structure of the Document .............................................................................................................. 2

2 Framework Approach ............................................................................................................................. 4

3 Description of the Common Framework Template ................................................................................ 6

4 Common Framework View .................................................................................................................. 12

4.1 CyberSec4Europe Research Goals and Associated Tasks ........................................................... 12

4.2 CyberSec4Europe Global Architecture ........................................................................................ 13

4.3 CyberSec4Europe Global Architecture and Functional Building Blocks per WP3 Task ............ 19

4.3.1 Task T3.2 – Privacy-Preservation and IoT-Edge Building Blocks ........................................ 20

4.3.2 Task T3.3 – Software Development Lifecycle ....................................................................... 20

4.3.3 Task T3.4 – Security Intelligence ........................................................................................... 21

4.3.4 Task T3.5 - Adaptive Security ................................................................................................ 21

4.3.5 Task T3.6 - Usable Security ................................................................................................... 22

4.3.6 Task T3.7 – Regulatory Management .................................................................................... 23

5 Summary of Assets Produced ............................................................................................................... 24

5.1 Task 3.2 Assets ............................................................................................................................. 24

5.2 Task 3.3 Assets ............................................................................................................................. 27

5.3 Task 3.4 Assets ............................................................................................................................. 29

5.4 Task 3.5 Assets ............................................................................................................................. 31

5.5 Task 3.6 Assets ............................................................................................................................. 33

5.6 Task 3.7 Assets ............................................................................................................................. 35

6 WP3 assets and their mapping to WP5 Pilot’s requirements ............................................................... 38

6.1 Task 3.2 ........................................................................................................................................ 39

6.2 Task 3.3 ........................................................................................................................................ 41

6.3 Task 3.4 asset mapping ................................................................................................................. 43

6.4 Task 3.5 asset maaping ................................................................................................................. 46



7 Additional Enablers and Assets Identified in WP5 .............................................................................. 55

8 Conclusion ............................................................................................................................................ 57

9 References ............................................................................................................................................ 58


List of Figures

Figure 1 - 3D Taxonomy by JRC [JRC18] ..................................................................................................... 7 Figure 2 - CyberSec4Europe Main Research topics addressed, grouped per WP3 task .............................. 12 Figure 3 – CyberSec4Europe Global Architecture ....................................................................................... 13 Figure 4 - CyberSec4Europe global architecture and building blocks per WP3 task .................................. 19 List of Tables Table 1 - Common Asset Template ................................................................................................................ 9


List of Acronyms

ACP AI AIS

Access Control Protocol Artificial Intelligence Automatic Identification System

API Application Programming Interface CERT Computer Emergence Response Team CSIRT eID eIDAS ENISA EU GDPR GUI ICT ID IdM IdP IDS IoT IP IR IT JRC JWT MAPE MEC MISP ML NFV NIST OSINT PC PET PKI RFID SAML SDL SDN SIEM SSI TCP TEE UI WP W3C

Computer Security Incident Response Team Electronic identification electronic IDentification Authentication and trust Services European Union Agency For Cybersecurity European Union General Data Protection Regulation Graphical User Interface Information and Communications Technology Identification Identity Management Identity Provider Intrusion Detection System Internet of Things Internet Protocol Incident Reporting Information Technology Joint Research Center JSON web Token Monitoring Analysis Planning Execution Multi-access Edge Computing Malware Intelligence Sharing Platform Machine Learning Network Function Virtualization National Institute of Standards and Technology Open-Source Intelligence Personal Computer Privacy Enhancing Technologies Public Key Infrastructure Radio Frequency Identification Security Assertion Markup Language 2.0 Software Development Lifecycle Software Defined Networks Security Information and Event Management Self-sovereign Identity Transmission Control Protocol Trusted Execution Environement User Interface Work Package Wold Wide Web Consortium


1 Introduction CyberSec4Europe aims to meet the EU and Member States’ next generation cybersecurity challenges through strengthening research and innovation competence and cybersecurity capacities both at the national as well as at the European level. Thus, the project is conducting cybersecurity research and innovation through technology advancements supporting both the autonomy of the Digital Single Market as well as addressing the security of the European citizen, European industry, the European economy and society as a whole. To this aim, as part of WP3 CyberSec4Europe is devising and implementing cybersecurity enablers and their development lifecycle; identifying and implementing techniques and methodologies for the construction of IT systems that are secure by design; exploring efficient deployment and management of trusted execution environments (TEEs)-based application in the cloud that will enable secure and private processing of massive amounts of data produced by IoT devices; strengthening security of traditional authentication services by relying on multi-level authentication steps; devising privacy-aware, interoperable and decentralized authorization in IoT environments; orchestrating security and privacy mechanisms; and identifying and tackling major security and privacy challenges for edge computing. In addition, CyberSec4Europe is looking into security intelligence, adaptative security and usability solutions intended to deal with the unified management of electronic evidence end-to-end – from the devices to the core of the network, in order to handle and process digital evidence in real-time and share this information considering trust and privacy requirements. Regarding usability, the goal of CyberSec4Europe is to set up best practices used by researchers and practitioners to express and include usability requirements at an early stage of the design. The project is exploring the concept of usability by design for security mechanisms, including mechanisms for the IoT domain and cyber-physical systems. CyberSec4Europe is investigating how to automate the security processes as much as possible, with methods given to users actionable intelligence, when user decisions are needed, and in what ways is this information conveyed to the users and what tools are needed for this. Furthermore, regarding regulatory management, CyberSec4Europe is investigating best ways of compliance of software development lifecycle (SDL) methods within the GDPR [GDPR]; investigating compliance for interoperability of identity technologies with eIDAS [EIDAS], ePrivacy and the GDPR; also looking into new procedures for user experience for explicit consent (the GDPR). In this context, WP3 is responsible for definition of common research, development and innovation in next generation cybersecurity technologies (including dual-use), applications and services. WP3 is focusing cybersecurity research activities on horizontal cybersecurity technologies and cybersecurity in critical sectors (e.g. energy, transport, health, finance). WP3 provides common research support for the different WPs especially coordinated with WP4 and WP5 to connect the research and innovation with the demonstration and industrial sector to be covered. The aforementioned research aims are tackled and implemented in WP3 across different tasks. Namely, the cybersecurity and privacy research topics mentioned previously are structured across WP3 tasks:

• Privacy-preservation, TEE and IoT-Edge security (Task T3.2) • Software Development Lifecycle (SDL) (Task T3.3) • Security Intelligence (Task T3.4) • Adaptive Security (Task T3.5) • Usable Security (Task T3.6) • Regulatory Management (Task T3.7)


In this context, Task 3.1 addresses the project lifecycle and how the activities, results and community built and gathered by the project compose into an overall CyberSec4Europe ecosystem of cyber-security development. The working technical space of this task is in structuring progress and features to emerge as components of the developed systems. These activities are to be distributed throughout the project as timely efforts, diverse disciplines and results rendered and formulated by the initiatives of the community engaged via CyberSec4Europe. Thus, Task 3.1 aims to assess the level of originality, detail, sustainability and conformity of the models and results towards the CyberSec4Europe vision, providing a common ground for their development. Hence, this formulates the realistic progress of the project in terms of research and impact potential, defines the feedback for the project activities, and communicates and organises the progress behind the building blocks of the CyberSec4Europe ecosystem. As part of Task 3.1, this first report aims to describe the general approach followed in the Cybersec4Europe project to unify, organize and manage the cybersecurity research activities mentioned above, by analyzing the progress behind the building blocks of the CyberSec4Europe ecosystem. To this end, the document describes firstly the common framework approach, intended to harmonize, organize and manage the cybersecurity and privacy assets (including software, hardware, models, procedures, algorithms) that are currently available in the CyberSec4Europe ecosystem. It also includes the assets that are still on-going and will be developed as part of Cybersec4Europe, even if they are still in the design stage. To specify the assets in a common and interoperable way, a template has been designed, which relies on diverse cybersecurity taxonomies and specifications from NIST, Joint Research Center (JRC) and the European Union Agency For Cybersecurity (ENISA) to categorize and describe, in a common and interoperable way, those assets and research activities that are going to be implemented and tested in CyberSec4Europe. The common framework also includes a general global CyberSec4Europe functional architecture, intended to organize how different WP3 functional building blocks fit and interact between each other for holistic cybersecurity and privacy control and management. The global architecture is divided into different planes and domains and categorizes the functional blocks in those planes. The functional blocks in the architecture are also analyzed by the research activities across different WP3 tasks. Finally, this first handbook also performs an overview of the set of enablers and assets coming from WP5 beyond those identified in WP3, that will allow to realize the WP5 pilots.

1.1 Structure of the Document

The document is structured as follows1: • Section � describes the framework approach. • Section Error! Reference source not found. introduces the common framework template and the

taxonomies which it relies on. • Section 4 describes the CyberSec4Europe global architecture that defines the main functional

building blocks needed in WP3. • Section 5 summarizes the first set of assets identified in WP3


• Section 6 performs the mapping between the pilots requirements in WP5 and the assets available in WP3, defined in Section 5, that fulfil those requirements.

• Section 7 identifies the set of enablers/assets coming from WP5 that are needed to realize the pilots. • Section 8 concludes the document.


2 Framework Approach This section introduces the proposed framework. The framework should cover a large number of sectors and activities, in addition to being thought with a vision of adaptability and transversality between its levels. It also introduces each of the parts of the framework, tasks, assets and the proposed architecture, as well as the taxonomy devised. One of the objectives of WP3 is to research, define, implement and validate cybersecurity components and their lifecycle from an adaptive, usable and automatic perspective. Components range from armouring current communication systems, such as creating a safe and reliable cloud environment, to creating tools to provide users with intelligent actions against threats. CyberSec4Europe encompasses a large number of applications, services, mechanisms and protocols, that are transversal between layers and many sectors (e.g., energy, transport, health, finance). Promoted by the CyberSec4Europe specifications to cover all knowledge and actions against cybersecurity threats and in order to harmonize, organize and control knowledge a unified framework is defined in this document. The framework is comprised of a series of tasks related to the cybersecurity research topics mentioned in the previous section. Each task has been organized into a series of assets to address each problem in a more atomic form. An architecture is proposed to enclose all the tasks and assets and share the improvements and innovations developed and implemented in each of the tasks. The framework defines six different tasks, each of them deals with a different working area. The tasks are defined depending on their scope and nature. These six blocks correspond with tasks 3.2 to 3.7 in the following way.

• Privacy and preservation is related to authentication, authorization, access, and privacy-preserving in IoT, TEE, edge computing, and blockchain.

• Software development lifecycle corresponds to security by design, automatization, certification, and software lifecycle analysis.

• Security intelligence is focused on threat intelligence, sharing, detection, and protection. • Adaptive security is related to risk assessment and cybersecurity awareness and control. • Usable security is correlated with usability requirements accessibility services, visualization and

privacy of control and systems. • Regulatory Management is oriented to law and regulation of data information and privacy.

The framework includes a functional architecture, to unify the different tasks in a global landscape. In addition, it organizes the functionality of each building block and their interactions for a holistic cybersecurity management and control. The architecture is divided into domains, planes, and layers and each of them include diverse functional blocks. There are two domains, user and managed, they refer to the external nodes of the architecture. Within the core of the architecture three planes are defined: the administration plane is related to all the management and dashboards tools; the intelligence plane is focused on threat detection, risk analysis, and incident and legal assessments; the control and management plane targets monitoring, certifications, supply chain analysis and reaction against cybersecurity threats. The layers interact with each other and with the user domain and the managed domain. In addition, there is a privacy-preserving layer based on blockchain. The functional blocks group specific activities within the tasks.


On the other hand, the assets in CyberSec4Europe refer to either software, hardware, algorithms, methods or enablers that realize one or more functionalities described in the common framework, and therefore, implement one or more functional components identified in the architecture. Since one asset can implement one or more functionalities being addressed across CyberSec4Europe, an asset can be associated to more than one of the tasks in WP3. To have a common definition of the assets, a template was designed as part of this deliverable. This template determines attributes (e.g., name, description, scope) that describe an asset. Some of these fields have been well studied in taxonomies for cybersecurity environments.


3 Description of the Common Framework Template This section describes the template proposed to define each asset. It explains each of the fields, mandatory and optional, of the template and its taxonomies. It also gives a brief introduction to the taxonomies on which it has been based. The common framework template has been created to provide a structure to the assets related to each task. It contains the needed elements, mandatory and optional, to define the assets. It is based on taxonomies and definitions proposed by cybersecurity commissions and agencies. The aim of using the template is to have a conceptual consistency and provide a mutual taxonomy. This template uses various taxonomies previously defined by NIST “Framework for Improving Critical Infrastructure Cybersecurity” [NIS18], “European Cybersecurity Centers of Expertise Map. Definitions and taxonomy” [JRC18] by JRC technical report, and the “Threat Landscape Report” [ENISA18] by ENISA. The National Institute of Standards and Technology (NIST) published the “Framework for Improving Critical Infrastructure Cybersecurity” first in 2014 and a revised version in 2017 and 2018. This publication aimed to create a common framework for improving risk management in critical infrastructures by considering security risk as part of organizations risk management. This framework provides an organized infrastructure. It is composed of 3 parts: Framework Core defines five high-level activities that altogether conform to the cybersecurity management view. Then each activity is divided into categories and subcategories; Framework Implementation Tiers describe the level of response of the cybersecurity risk management practices; Framework Profile defines a profile of standards, guidelines, and practices used. This template uses the Framework Core taxonomy defined in [2.1, NIS18] for the fields Capability, Solution category, Category, and Type. These fields correspond with the different levels described in the section of the framework. Joint Research Center (JRC) published “European Cybersecurity Centres of Expertise Map - Definitions and Taxonomy“ in 2018. The purpose of this document is to become a reference in cybersecurity activities and initiatives taxonomy and definitions. The taxonomy proposed by JRC is structured in three dimensions representing the traditional research domain, impacted sectors, and application (see Figure 1). The dimensions are aligned with the EU regulatory landscape and avoid redundancy in the definitions. The template proposed in this document takes the dimension defined in the taxonomy from JRC [JRC18] for the fields of Cybersecurity domain, Sector dimension, and Application technology.


Figure 1 - 3D Taxonomy by JRC [JRC18]

Each year, the European Union Agency for Cybersecurity (ENISA) publishes a report analyzing the state-of-the-art of cyberattacks that are based on open source. “Threat Landscape Report” [ENISA18] from 2018 is the seventh version of this report. This document shows the trends in cyber threats and an extended wide list of cyberattacks as well as threat agents and actors and analyze the emerging cyberthreats intelligence. The template proposed in this document bases the fields of Addressed threats and Encountered threats in this analytical report.


TEMPLATE FIELDS EXAMPLE COMMENTS NAME EDHOC Specify name of the asset

DESCRIPTION

Compact, and lightweight authenticated Diffie-Hellman key exchange protocol with ephemeral keys Short description of the asset

ACTORS

EDHOC is intended for usage in constrained scenarios and a main use case is to establish an OSCORE security context between a client and a server.

Describe the possible actors on the usage of the asset and the possible scenarios

INVOLVED ENTITIES EDHOC client and server Describe kind of entities that will be involved

CAPABILITY Protect

Specify using the CS4E version of NIST Framework: Level 1. In case it is not directly applicable indicate taxonomy used to describe the asset

SOLUTION CATEGORY Data Security Specify using the CS4E version of NIST Framework: Level 2

CATEGORY Encryption Specify using the CS4E version of NIST Framework: Level 3

TYPE Software: Protocol Software/Hardware: Protocol/Algorithm/Component

INPUT PSK ID, CURVES, AEADs, etc. Parameters/data/sources used as inputs

OUTPUT Shared secret Parameters/data/sources used as output CYBERSECURITY DOMAIN Data security and privacy 3.1 Cybersecurity Domains SECTOR DIMENSION All 3.2 Sectorial Dimensions APPLICATION AND TECHNOLOGY Internet of Things 3.3 Applications and Technologies Dimension

ADDRESSED THREATS

Eavesdropping/ Interception/ Hijacking: Interception of information

Describe using ENISA taxonomy of even with CVSS risk assessment vector from NVD, ARMOUR or others

Nefarious Activity/ Abuse: Manipulation of information

Also, we can use security properties (e.g. CIA, authN, authZ and privacy)

ENCOUNTERED THREATS Nefarious Activity/ Abuse: Denial of service

Describe using ENISA taxonomy of even with CVSS risk assessment vector from NVD, ARMOUR or others

DEVELOPMENT PHASE STATUS testing:v1

planning/analysis/design/implementation/testing/maintenance: version


TIME PLAN OF THE ASSET

Y1: Initial implementation in a real device, Y2: Security testing and mitigation of errors Y3: Implementation at high scale Results expected Y1, Y2, Y3

INCREMENTAL UPGRADES

initial implementation/code testing/mitigation/integration in the framework/large scale execution

Describe the phases the assets will have within the project

TCP/IP Stack layer Application Network/transport/application STANDARDIZED NO no/yes/in progress

COMPLEXITY OF USAGE HIGH Indicate how complex could be the usage and how to cope with this

ASSET LINK https://github.com/repositoryedhoc Provide URL to possible repository if exists

ADDITIONAL INFORMATION

Under standardization process

Provide papers or any other information to help understand the asset

CONTACT PERSON AND E-MAIL

Peter Dinklage, [email protected]

Table 1 - Common Asset Template

The template is composed of mandatory fields, which are in a light blue, and optional, which are dark blue. Among the mandatory elements are the most basic sections such as name, description and contact person along with your e-mail. But others are not so trivial. The rest of the section will explain these fields.

• Actors: Relative to the people, organizations, working groups involved in the use of the asset in a scenario. Like security experts, companies, financial companies, etc.

• Involved entities: Identify the hardware, software, tools, algorithms, protocols components that have a function within the asset.

• Capability: defined in [2.1, NIST17] level 1 is the main action of the asset. Could be: • Identify: Recognize and develop a conceptual model to manage the elements concerning

actor’s capability, data, assets. • Protect: Design and implement tools to safeguard services and shield communication. • Detect. Develop and implement the necessary tools and protocols to identify a security

event. • Respond: Implement the necessary activities against a detected security event. • Recover: Develop and implement appropriate activities for a plan to contain and re-

establish the capabilities and services involved in a cybersecurity event. • Solution category: defined in [2.1, NIST17] level 2 and depends on the capability. It is a more

specified field than Capability. Could be within the capability assigned: • Identify (the main action is related to risk management and identification): Asset

management, Business Environment, Governance & Risk Management, Risk Assessment, Risk Management Strategy and Supply chain risk management.

• Protect (the main action is to reinforce the system, services, and data): Identity management & access control, Awareness and training, Data security, Information protection processes and procedures, maintenance, protective technology.

• Detect (the main action is to monitor, discover and evaluate the indicators of compromise): Anomalies and events, security continuous monitoring, detection processes.


• Respond (the main objective is to plan the protocols, defence actions, a response against a security compromise): Response planning, communications, analysis, mitigation, improvements.

• Recover (the main action is to restore the services affected due to a cybersecurity event): Recovery planning, Improvements, Communications.

• Category: defined in [2.1, NIST18] level 3. It is a specialization of the previous field, solution category.

• Type: defined in [2.1, NIST17] level 4, it is the nature of the solution proposed. It could be a product, a service, and an algorithm.

• Input, Output: Parameters, sources, data used as inputs and outputs. Notice that outputs will be secured and trusted data, and inputs will be incidents threats and consequences.

• Cybersecurity domain: Described with the taxonomy [3.1, JRC18], which defines 14 domains and each of them has their subdomains. The possible domains are the following.

• Assurance, Audit, and Certification refers to the methodologies, tools, and frameworks that assure that the design of the solution for the assets is working as desired.

• Cryptology refers to all the mathematical, algorithms, technical implementation, architectures, methodologies, techniques, and tools related to cryptography and cryptoanalysis.

• Data Security and Privacy refers to security and privacy intending to reduce the risks of confidentiality without harming the purpose of data processing, and avoiding the improper use of the data obtained by the authorized entities.

• Education and Training refers to the learning process to acquire knowledge, skill, and competences to protect the network, services, and systems.

• Operational Incident Handling and Digital Forensics refers to the process of identification, recollection, acquisition, and preservation of the digital evidences in a cybersecurity threat.

• Human Aspects refers to ethics, laws, regulation, policies, standards and the human being within the cybersecurity realm.

• Identity and Access Management covers authentication, authorization and access control of individual and smart objects to resources.

• Security Management and Governance refers to elements and activities which aim to preserve confidentiality, integrity, and availability of information.

• Network and Distributed Systems is concerned with all the aspects of computation, coordination, message integrity, availability, and confidentiality.

• Software and Hardware Security Engineering is related to the lifecycle of software and hardware development.

• Security Measurements refers to monitoring the status of security measured activities and use to decision making and improve.

• Legal Aspects are related to ethics and law. • Theoretical Foundations refers to the formal analysis and verification techniques that

provide theoretical proof of security properties. • Trust Management, Assurance, and Accountability is employed to provide assurance and

accountability guarantees. • Sector dimension: The taxonomy in [3.2, JRC18] defines 15 sectors and each of them has their

subdomains. The possible sectors are Audio-visual and media; Defence; Digital infrastructure; Energy; Financial; Government and public authorities; Health; Maritime; Nuclear; Public safety; Tourism; Transportation; Smart ecosystems; Space; Supply chain.

• Application and technology: refers to Technologies, tools, mechanisms used [3.2, JRC18]. Such as: Artificial Intelligence; Big Data; Blockchain and Distributed Ledger Technology (DLT); Cloud and Virtualisation; Embedded Systems; Hardware Technology (e.g. RFID, chips, sensors, routers); High-Performance Computing (HPC); Human Machine Interface (HMI); Industrial Control Systems (e.g. SCADA); Information Systems; Internet of Things; Mobile Devices; Operating


Systems; Pervasive Systems; Quantum Technologies; Robotics; Satellite Systems and Applications; Supply Chain; Vehicular Systems.

• Addressed threats: Foreseen threats within the asset. All cyberthreats are described using ENISA taxonomy.

• Encountered threats: Found threats while the development of the asset. All cyberthreats are described using ENISA taxonomy.

• Development phase status: Status of the asset and version. Could be: planning, analysis, design, implementation, testing, maintenance.

The optional fields give a broader and more complete view of the asset. These fields include project management elements: Time plan of the asset where the expected results are specified in years; Incremental upgrades that specify the evolution of the asset during the project; Standardized if the asset will be standardized or is in progress or not. Usage information its classification within the TCP/IP stack layer; Complexity of usage how complex is to use and deploy this asset; Limitations describe the limitations if any. Besides more information about the project like Additional information that does not fit in any field; Asset link provide URL to the repository if this exists; Relationships with other tools and assets developed within or outside the project


4 Common Framework View This section extends the description of the CyberSec4Europe framework. To this aim, it first details the research goals addressed in WP3, grouped by WP3’s tasks. Then, as part of the Common framework, this section describes the global CyberSec4Europe architecture and its main functional components. Finally, section 4.3 analyses how those functional components are mapped to the research topics and aims being addressed in different WP3 tasks.

4.1 CyberSec4Europe Research Goals and Associated Tasks

This subsection identifies the main objectives and research goals in WP3 and their corresponding mapping to CyberSec4Europe WP3 tasks in which those objectives are being addressed.

• Privacy-preservation, TEE and IoT-Edge security (Task T3.2) • Software Development Lifecycle (SDL) (Task T3.3) • Security Intelligence (Task T3.4) • Adaptive Security (Task T3.5) • Usable Security (Task T3.6) • Regulatory Management (Task T3.7)

Figure 2 - CyberSec4Europe Main Research topics addressed, grouped per WP3 task

- Challenges, requirements and approaches in all stages of the lifecycle of software

- Secure-by-design and proactive methodologies

- Automated tools reduce security vulnerabilities and risks

- Certification of security products to cope with the dynamicity of security

- Software supply chain analysis

- Security modelling of dynamic systems (representation of assets, security requirements and threats)

- Security situation computation, cybersecurity awareness

- Risk assessment

- Explanations (assurances) about security controls adoption

-usability requirements in security design

-assessing the effectiveness factor of usability

-behavioural-based user authentication mechanisms

-usable security controls.

-visualisation of the system/security status

-Usable privacy control, user informed consent

-Mechanisms to share digital evidence

-Threat Intelligence Information Services

-Interoperability in privacy, requirements and regulations

-Threat detection and security analytics

-Security intelligence in defensive systems

- Identity management and authentication

- Security & privacy In Edge Computing

- Reduce the system attack surface

- Security based on (TEE)

- IoT Privacy Preserving Platform

- Security & Privacy by Design

- AAA in Blockchain - IoT

- Privacy-Preserving critical data processing

- GDPR-compliant user experience

- Interoperability of identity technologies (e.g. eIDAS, GDPR, ePrivacy, PSD2)

- Processing of personal data in cross-border and cross-sector dimensions

- Compliance of personal data processing

- Compliance of proposed Privacy by Design and Privacy by Default SDL (software development lifecycle)

Security IntelligencePrivacy-preservation

Adaptive Security Regulatory ManagementUsable Security

Software Development Lifecycle (SDL)

CyberSec4Europe


4.2 CyberSec4Europe Global Architecture

By defining the main components, planes and domains, this subsection portrays the global CyberSec4Europe architecture that encompasses all of the proposed functional components needed to address the cybersecurity research goals identified in Section 41.

Figure 3 – CyberSec4Europe Global functional Architecture

Blockchain

Blockchain Privacy-Preserving SSI Layer

-AAA-TTE /TPM-PET clients

Managed Domain

User Domain

Self-Sovereign User-Centric System

User-Side Security/privacy

tools

Security/Privacy-

preservation tools

Continuous Monitoring

Risk Analysis/Assessment

Risk & Incident Management

Policy-Based Security Management

CyberSecurity Awareness - SIEMs

Security Enforcement

Threat/Incident Detection

Reaction

Threat Intelligence

Sharing

Security Modelling

Security Analytics

Regulatory Management

Administration Plane

Intelligence Plane

Control and Management PlaneAdaptive Security MAPE Loop

Legal -privacy compliance assessment

User-friendlyDashboards UI

Tools

Incident/ Impact Assessment

IdPs Verifiers TTE

Indentity-Trust Management

Services

User-friendly tools

Usable consent

Supply Chain Analysis

Certification Security Products


CyberSec4Europe will realize a global and holistic cybersecurity management framework, which is integrated on top of the managed domain. The global general architecture of the CyberSec4Europe framework, shown in Figure 3, is composed of three general planes that provide the intelligence and dynamic behavior to the cybersecurity framework and managed system. Each plane embraces different security and privacy functional components and enablers required to holistically and automatically manage, control and analyze the managed domain. The functional components are instantiated by diverse enablers, tools, APIs, models and interfaces. The CyberSec4Europe framework is intended to protect not only the managed domain, but also the CyberSec4Europe architecture itself, thereby enabling reflective protection trough dedicated security enablers, such as Trusted Execution environments (TEE). The Managed domain represents the ICT/IoT infrastructure either physical or virtual, online or off-line, that requires to be strengthened and protected through a dedicated integrated set of toolkits, and enablers that need to be orchestrated, controlled, managed and overseen by the CyberSec4Europe framework in a user-friendly and automated way. The framework is intended to deal with diverse kinds of managed domains and verticals, e.g. the IoT domain, the healthcare domain, the maritime domain, the industrial domain, the financial domain. In general, it deals with any kind of ICT and cyber-physical domain, and, in particular, those verticals addressed as part of the pilots in WP5. Thus, the managed domain can refer, for instance, to the IoT domain, where IoT devices, physical and virtual network elements (setting up the data plane) interact each other, usually through the MEC-Cloud infrastructure, to deliver data in the cloud (IoT platform). In this managed domain, the CyberSec4Europe framework is intended to provide integrated protection, delivering security and privacy-preserving tools to strengthen and protect the devices, communications and data in any segment of the network. The managed domain holds the security and privacy enablers and tools required to protect the system, with appropriate safeguards to ensure delivery of critical services. Besides, the managed domain is provided with a set of monitoring probes and sensors tailored to the kind of managed domain that allows to put information in the control and management plane. The Control and Management plane deals with the data plane of the managed domain, including the management and control of services, devices, networking resources, computing and storage. It oversees and controls the usage of resources and run-time operations of the security enablers deployed on the managed domain.

• The Security Enforcement functional box, represents the general set of controllers and orchestrators, such as SDN controllers, NFV orchestration platforms, and IoT controllers, that organize the managed resources, and allows enforcing security polices (either proactively or reactively) and reaction/mitigation plans on the managed system. Security enforcement also includes operations such as transformation of security policies to configurations rules enforceable in the managed domain, and management of the security enablers that need to be automatically orchestrated, deployed and configured in the manged domain.

• The Reaction component is in charge of dynamically generating mitigation plans in real-time according to the anomalies detected, the contextual conditions and status of the system. The reactions are designed based on the security conclusions inferred by the security analytics and assessments carried out in the Intelligence plane. This component provides self-healing, and self-protection capabilities to the managed system.


• The Monitoring component collects, through monitoring agents deployed in the managed domain,

security-related data associated to the systems, users and networks. This allows to validate the accomplishment of the security policies by comparing and validating the security models, signatures. The monitoring also responsible to detect and identify anomalous/suspicious activities in networks and computer systems, e.g. through IDS.

• The Cybersecurity Awareness functional component deals with the security events coming from diverse sources and monitoring tools, and serves as a common situational and context-based cybersecurity-awareness tool, that allows to make intelligence decisions accordingly in the Intelligence plane. It includes SIEMs (security information and event management) and interoperable system models that are kept up-to-date in real-time with the information coming from diverse sources. It also deals with event correlation solutions of the cyber-situational data.

• The Trust-Privacy Management functional box represents the set of components required to deal with privacy-preserving trust management. Including software and protocols that enable identity providers and trust services to manage authentication, authorization, PKIs, integration and management of eIDAS infrastructure with IdPs. These services support the management of users’ privacy, and access control to service providers in the Managed domain. It also includes middleware and enablers to support end-to-end privacy, anonymity, and data privacy analysis. Finally, components to verify the trust and integrity state of the networking and computational infrastructure are also included, to provide real-time reports about the state of the monitored infrastructure.

• The Supply Chain Analysis component deals with verification and analysis of correct implementation of the security policies in the actual managed system.

• The Certification of Security products component provides a tool suite for automated and dynamic security verification of protocols, enablers and processes in the managed system, against current standards.

The Intelligence plane is the cornerstone plane of the CyberSec4Europe framework, it provides cognitive and autonomic capabilities, by performing diverse kind of real-time assessments (including risk, legal, privacy and impact assessments) of the on-going managed system and the CyberSec4Europe framework itself, in order to make meaningful decision accordingly. The security intelligence is applied also in defensive systems and the CyberSec4Europe framework as a whole, making sure the underpinning intelligence systems are fortified. It allows detecting threats and vulnerabilities automatically, and performing context-based security analytics. This plane allows to automatically adapt security controls in response to security changes such as new attacks or changes in security requirements. In addition, this plane also includes cyber threat intelligence data sharing.

• The Risk Analysis and Assessment component provides analysis of cybersecurity information and quantitative dynamic cybersecurity risks assessment including assessment of associated costs. It considers the actual situation of the system, taking into account the network state and the organization business context to assess impact. Risk calculations can be based on the threats


themselves, the relationship of the assets, business assets, and the associated vulnerabilities (disclosed or 0-day), and attacker’s purposes and motivations. The risk analysis can perform probabilistic attack scenario analysis based on attack-defense trees.

• The Threat/Incident detection model interacts with the cyber-situational awareness component, to be conscious of how situations evolve. It will use new adapted techniques, such as ML-based techniques to differentiate normal and abnormal behavior of the system network and detect cyber-attacks, threats and incidents.

• The Security Analytics component analyses the data managed in real-time by the cyber-situational component, and receives inputs from other intelligence-related components such as the threat detection component to perform data analytics and study the behaviour of users, devices, systems, services and networks. It includes techniques for privacy-preserving big-data analytics. Besides, this component is able to classify and analyse network traffic, and perform automatic analysis of malware in controlled environments. This component is also responsible for deriving and selecting security controls that could satisfy security requirements and policies, according to the actual context. Besides, this component is able to correlate static and real-time information coming from the cyber-situational component, with cybersecurity related data coming from external entities and OSINT sources.

• The Legal/Privacy compliance Assessment component is in charge of assessing the compliance for identity technologies interoperability (e.g. eIDAS, GDPR, ePrivacy) when applied in the managed system, including the compliance issues of personal data processing purpose limitation. It assesses the legitimacy of technologies used, and processing of personal data in cross-border and cross-sector dimensions. In addition, it can assess the compliance of software development lifecycle (SDL) methods with EU regulation in light of privacy by design and privacy by default requirements. This component also includes the analysis of a privacy audit of the managed system.

• The Incident/Impact Assessment component assesses to what extend an incident causes impact in the managed system and in the framework itself. It includes the evaluation of the impact of the vulnerability and attacks, the attack attribution, as well as awareness of the reason and how the current situation has been caused. The impact assessment outcomes are used to infer proper mitigation strategies.

• The Threat Intelligence Sharing component is in charge of managing and protecting the interaction with external entities or data providers that could exchange cyber threat data and indicators of compromise between each other. It allows increasing cybersecurity protection and awareness among diverse stakeholders through an active exchange of high quality threat intelligence. It also allows to share digital evidence between different expert systems, allowing interoperability, through languages, formats and interfaces.

The Administration plane encompasses the set of tools and APIs given to cybersecurity and system administrators to effectively manage and control the system and the CyberSec4Europe framework itself, in a user-friendly way. It encompasses the risk and incident management tools, regulatory management tools,


policy-based management tools, security models, and in general user-friendly dashboard tools to analyse and visualize the managed system.

• The Risk and Incident Management functional component includes the GUIs, tools, interfaces and APIs needed to manage and configure the behaviour of the risk and incident assessment, as well as the associated risk and incident actions/countermeasures and possible mitigation plans. It allows defining risk models with levels, treatments, and indicators.

• The Policy Based Security Management functional component includes policy editor tools that allow administrators to specify security policies, detect conflicts in those policies and enforce them in the underlying managed system. The policies might be defined in an interoperable way in different levels of abstraction, usually in high level or medium-level. It includes the tools for automated refinement and translation of those security policies to the configuration for the actual security controls. In addition, this includes analysis of feasibility and consistency between cybersecurity policies and user tasks.

• The Security Modelling component embraces diverse tools, data models and techniques to support elicitation and representation of assets, security requirements and threats, focusing on interconnected systems in various domains. It allows to define the privacy by design and privacy by default requirements and models.

• The User-Friendly dashboard tools include a set of user-friendly graphical tools for managing and analysing both the managed domain and the CyberSec4Europe framework itself. They include a graphical representation of the system status, thus providing administrators with awareness mechanisms to support visualization of the system status and security risks, enabling effective and usable security controls. The toolset also includes notation and a tool to support design and development of HMI (high-fidelity prototyping of user interfaces and user interactions).

• The Regulatory Management component includes specifications of security policies aligned with

the GDPR. It also provides and checks best-practices and requirements or issues with existing implementations and deployments in the management system.

The User plane includes the security and privacy-management tools deployed on the user-side (e.g. smartphones, PCs). The user plane embraces the security and privacy tools need to help users with their security and privacy decisions, including automation and techniques to make effective and usable security controls. It also includes tools for automatic protection, and takes immediate action when informed or automatically responds appropriately on the users’ behalf. It learns continuously from user responses to understand their context and needs. In addition, it includes, the client-side tools to realize a truly user-centric and privacy-preserving self-sovereign identity management model, and effective user-side eID management. In addition, the user plane includes methods, tools and guidelines, for usable security, such as usable authentication, complexity assessment for new security policies, user informed consent on privacy policies and best ways to visualise security and privacy information. It also includes tools for protecting user-side smartphones and tools, and implementing appropriate safeguards.


Blockchain is given special relevance in the architecture, as in addition to providing diverse well-known capabilities (e.g. provenance, auditability and accountability), in the CyberSec4Europe framework, it is envisioned as a middleware that allows to realize the decentralized and privacy-preserving self-sovereign identity management. Diverse security enablers, are placed on blockchain to strengthen security and privacy, including trusted management environment (crypto-vaults) for blockchains.


4.3 CyberSec4Europe Global Architecture and Functional Building Blocks per WP3 Task

This subsection indicates the various tasks to complete the objectives associated with WP3. As well as the functional blocks introduced in the architecture

that correspond to them. It also specifies the relationship between each of the blocks and tasks. Associated to this subsection, sections arise to explain

each of the tasks in greater depth. These sections indicate the challenges of each of the tasks, the objectives and the first plans to solve them.

Figure 4 - CyberSec4Europe global architecture and building blocks per WP3 task

Blockchain

Blockchain Privacy-Preserving SSI Layer

-AAA-TTE /TPM-PET clients

Managed Domain

User Domain

Self-Sovereign User-Centric System

User-Side Security/privacy

tools

Security/Privacy-

preservation tools

Continuous Monitoring

Risk Analysis/Assessment

Risk & Incident Management

Policy-Based Security Management

CyberSecurity Awareness - SIEMs

Security Enforcement

Threat/Incident Detection

Reaction

Threat Intelligence

Sharing

Security Modelling

Security Analytics

Regulatory Management

Administration Plane

Intelligence Plane

Control and Management PlaneAdaptive Security MAPE Loop

Legal -privacy compliance assessment

User-friendlyDashboards UI

Tools

Incident/ Impact Assessment

IdPs Verifiers TTE

Indentity-Trust Management

Services

Task 3.2 - Privacy-preservation

Task 3.3 - Software Development Lifecycle (SDL)

Task 3.6 - Usable Security

Task 3.5 - Adaptive Security

Task 3.4 -Security Intelligence

Task 3.7 - Regulatory Management

User-friendly tools

Usable consent

Supply Chain Analysis

Certification Security Products


Every functional component or building block in the CyberSec4Europe architecture aims to provide specific functionality associated to a WP3 task: privacy-preservation, TEE and IoT-Edge security (Task T3.2), software development lifecycle (SDL) (Task T3.3), security intelligence (Task T3.4), adaptive security (Task T3.5), usable security (Task T3.6) and regulatory management (Task T3.7).

4.3.1 Task T3.2 – Privacy-Preservation and IoT-Edge Building Blocks

Task 3.2 deals with the horizontal cross sectoral security and privacy enablers, the design of the operational technological components and the identification and research on common technologies like:

• blockchain, • identity management, • PET and the advance over state of art in security.

To cope with the privacy-preserving and identity management and authentication solutions, as can be seen in Figure 3 (highlighted in yellow), the CyberSec4Europe architecture features a set of functional components that are located in the User domain, above all in the user-smartphone. It allows to realize the self-sovereign and privacy-preserving identity management model. The user domain also includes security and privacy enablers needed to protect users’ privacy in communications and data. The Privacy Trust Management functional component of the architecture belonging to the Control and Management Plane, includes identity management services, identity providers, attribute providers, claims verifiers, PKIs, biometric verifiers, privacy-enhancing technologies (PeT) managers, and enablers for trusted execution environments (TEE), creation and monitoring (such as remote attestation). In the Managed domain, the security and privacy-preservation tools will instanciate a set of middleware tools in the IoT-Edge domain, and enablers such as anti-malware, data leakage prevention, data anonymization, data broker privacy preservation, and in general tools to reduce the system attack surface. In other web-oriented domains (e.g. eCommerce use cases) the managed domain will embrace the enablers (including PET oriented technologies) required by service providers to verify proofs, and manage access control to services, based on claims and assertions obtained from IdPs. In the Blockchain Privacy-Preserving SSI Layer there will be a set of functional components, similar to those allocated in the Privacy Trust Management services, but adapted to be deployed in blockchain. It encompasses services for ID proofing, verification-authentication, claims/attestation verifications, TEEs. Thus, users will be able to share/access assets (identity, data, resources), manage attestation, manage credentials through blockchain in a privacy-preserving way. The functional components in blockchain deals with evidence-based authorization and distributed access control using blockchain, addressing applications in IoT.

4.3.2 Task T3.3 – Software Development Lifecycle

The main goal of T3.3 is to identifying research challenges, requirements and approaches in all stages of the lifecycle of software. Within the project focus will be put on some concrete areas and techniques relevant to the lifecycle of software and we comment here how some of the related research investigations could be related to the blocks of the building of the global architecture blocks (highlighted with a star in Fig. 3). At the administration plane, policy-based security management can help define the security policies based on different security requirements and various conditions. Security modelling helps build a proper model for different security levels, in order to ensure the software development in a correct direction.


At the intelligence plane, risk modelling and analysis/assessment aims at modelling and analysing the risk levels for different scenarios and assess the risk/threat levels. This is a very important step to decide the appropriate security policies from the administration plane. At the control and management plane, there is a need to enforce the security of the developed products (security enforcement). Certification is a common means used to validate whether a product has proper security levels in industry (certification security products). Supply chain analysis can examine the whole supply chain process, and can help ensure every component is available when any issue is identified. In the managed domain, security/privacy-preservation tools cannot only ensure the privacy of participating entities, but also encourages more entities to share their data during the whole software development lifecycle.

4.3.3 Task T3.4 – Security Intelligence

One of the main responsibilities of Task T3.4 is to collect threat intelligence information from and share it with different stakeholders. This way cybersecurity professionals can act more swiftly to emerging threats, even if they have not sighted these threats themselves. In order to proactively respond, cybersecurity professionals need to collaborate and share information in a standardized manner, such that not only the semantics of the threat information are clearly understood, but also to agree among participants how the information can be shared within and beyond certain communities. Not only does the architecture need protocols and interfaces to share threat information, it must also offer authorization and privacy enhancing mechanisms to grant access to this sensitive information in a fine-grained manner such that the information cannot be abused, for example, to harm the reputation of the reporting party. Threat intelligence information usually relies upon a variety of monitoring tools that, for example, observe behavior at the network level, interactions of mobile applications, authentication attempts, attacks against infrastructure or online applications and services. As the number of end-points in the network continues to grow, and as the attack surface grows, it is no longer feasible to only rely on statistical methods and manually crafted rules to detect anomalous or malicious behavior. Many tools build upon advanced security analytics techniques, such as traditional machine learning, deep neural networks, and data mining methods to classify or cluster normal versus anomalous behavior, to identify known threats and attacks, or to recognize unknown and possibly malicious activities. However, adversaries can exploit machine learning techniques to better disguise their malicious behavior so that their threats and attacks go undetected. As a result, cybersecurity software assets that leverage security analytics under the hood – possibly in a privacy preserving manner – must be fortified to ensure that the enhanced capability does not offer adversaries new threat vector opportunities.

4.3.4 Task T3.5 - Adaptive Security

One of the main responsibilities of task T3.5 is the development of a framework to design adaptive security functionalities from the representation of security concerns to the enforcement of security controls at runtime.


At design time, this task will provide the security engineer modelling and visualization techniques (Security Modelling) to elicit assets, security requirements and controls, threats, attacks and vulnerabilities. Security requirements will also be informed by upcoming regulations, such as the GDPR. This task will also support functionalities to represent situation-based policies that express complex and context-dependent security measures, are closer to business and simplify the policy life-cycle management. At runtime, this task will support some of the main functionalities of the MAPE adaptation loop necessary to enforce appropriate security controls to prevent or mitigate security threats. To achieve this aim, this task will provide efficient and scalable architectures supporting security situation computation and risk assessment, and the selection and enforcement of security controls. Complex event processing techniques will be used to represent and compute the current situation using data monitored at runtime. This data could be used to take short-term security decisions which can select and enforce situation-dependent security controls, different assignment of credentials to users (Reaction). Situation computation will also be used to analyze security risks, identify security threats and estimate the impact of such threats dynamically, depending on the current the security design decisions (Risk Analysis/Assessment). This allows prioritizing security countermeasures that should be enacted, and updating the adaptive security strategy used during the reaction activity (Incident Impact Assessment). Finally, his task will interface with users to provide information about the current security, situation, re-generate explanations and assurances incrementally when the system or its operating environment change at runtime, and also will share the mandatory incident reporting to different supervisory authorities (Risk and Incident Management).

4.3.5 Task T3.6 - Usable Security

The research in T3.6 is directed towards usable and user-centric cybersecurity. As can be seen from the asset lists (Section 5), the current assets relate strongly to user interfaces and user experience of different activities or threat mitigation strategies. These fit into the CyberSec4Europe global architecture especially in the user domain. It is necessary to have user-friendly tools and usable consent to be able to utilize these results. Also UIs and dashboards are important both to end users and to system administrators trying to monitor and manage security in their systems. One of the main goals of T3.6 is to formulate and develop recommendations and guidelines on how to incorporate usability requirements in security design. Key challenges in this domain include automation and AI to help users on their security and privacy decisions, secure and usable authentication, complexity assessment for new security policies, user informed consent on privacy policies and best ways to visualize security and privacy information. This means also that users should get actionable intelligence from security and privacy policies through these tools. One example of this is making GDPR compliance more intuitive through tools. General functionality that is expected from user-friendly tools and UIs is that they are intuitive to a large set of users. This means that in addition to the enhanced security features that a tool or method from T3.6 provides, it needs to also be highly usable and easy to apply in the chosen context. Thus research activities that provide human-understandable and even tangible feedback will be important to this part of the architecture.


4.3.6 Task T3.7 – Regulatory Management

One of the main goals of Task 3.7 is to identify issues of recently established EU regulation, related to privacy and electronic identification of EU citizens. GDPR compliant user experience is a solution that collects important interpretations of the regulation, together with good implementation examples to meet the specified requirements. The GDPR guidelines for compliant user experience can be used in the Administration plane to construct privacy-compliant governance and management practices throughout different security lifecycles. Regulatory management impacts many of the other key components in the Administration plane. Regulation is the basis for Risk and Incident Management as risk analysis needs to take into consideration regulation-based risks and risks of regulatory fines. Incident management needs to consider timeframes and triggers for mandatory notification. Policy-Based Security Management needs to consider policy implications on privacy risks and should, therefore, be linked to data privacy impact assessments. Security modelling may be found as a complementary tool to data privacy impact assessments and should employ privacy by design and privacy by default. In the Intelligence plane, the assessment of compliance with legal requirements must be established and carried out. Assessment should be linked to data privacy impact assessment and risks that were identified in the Administration plane. This is also the point where actual decisions will take place, e.g. decision whether an incident qualifies for mandatory reporting to the supervisory authority. The second asset, Analysis of interoperability and cross-border compliance issues, addresses issues related to different eIDAS implementations and legislation differences in EU member states, ultimately hampering the idea of a Single European Market. eIDAS by definition falls under Regulatory Management. Similar to GDPR and other requirements, eIDAS needs to be included in the complete governance and management lifecycle to provide governance from strategic starting points to implementation, operations and compliance monitoring processes and activities.


5 Summary of Assets Produced This section gives a list of asset summaries. It is divided into sections, each one corresponding to a task in which the assets that conforms it are briefly described. The summary of the assets consists of the name, the partner, the definition according to the taxonomy and a brief description.

5.1 Task 3.2 Assets

Name: Privacy Preserving Middleware Partner: C3P Capability: Protect: develop and implement appropriate safeguards to ensure delivery of critical services Category (L2): Data Security Category(L3): Data Leakage Prevention Type: Software Description: The IoT middleware platform should aim to (semi-)automatically combine different privacy-preserving techniques to support end-to-end privacy. The middleware platform must also help the user to manage and monetize its data, behaving as a data broker with the existing data consumers. This task aims to design and build the middleware framework. Name: Argus, Enforcing Privacy and Security in Public Cloud Storage Partner: C3P Capability: Protect: develop and implement appropriate safeguards to ensure delivery of critical services Category (L2): Data Security Category(L3) Cloud Access Security Brokers Type: Software Description: Privacy brokerage system aiming to enhance confidentiality and availability by partitioning encrypted data over multiple public Name: GDPR-based Access Control Partner: CNR Capability: Protect: develop and implement appropriate safeguards to ensure delivery of critical services Category (L2): Identity Management & Access Control Category(L3) Access Management Type: Software Description: A systematic approach for authoring ACPs aligned with the GDPR, on the basis of realistic use cases. Name: DANS (Data ANonymization Service) Partner: ATOS Capability: Protect Category(L2) Data Security Category(L3) Data Leakage Prevention Type: Software:Component Description: DANS is an anonymization service based on the data anonymization Java tool (ARX) that provides different privacy models (e.g., the k-anonymity model) to enable the application of certain privacy criteria over a specific dataset. ARX is under Apache 2.0 license. Name: Cryptovault


Partner: VTT Capability: Protect Category(L2) Protective Technology Backup / Storage Security Type: Software:Product Description: Trusted management environment for blockchain keys with secure key backup using Shamir Secret Sharing protocol. Backup shares are stored in cloud platform and paper Name: Edge-Privacy Partner: UMA Capability: Protect Category(L2) Data Security Category(L3) Data Leakage Prevention Type: Component Description: Privacy Component for Edge Computing Name: SelfSovereign-PPIdM (Self-sovereign privacy-preserving IdM in blockchain) Partner: UMU Capability: Protect Category(L2) Identity Management & Access Control Category(L3) Identity Management Type: Software Description: This asset will investigate, integrate and adapt privacy-preserving solutions like Anonymous Credentials Systems (e.g. Idemix) in blockchains (e.g. Hyperledger), following a Self-sovereign identity management approach. To this aim, it is envisaged to use, as baseline, the outcomes from the Decentralized identity Foundation (DIF). The assets will be aligned with "Verifiable Credentials" and "Decentralized Identifiers" (DIDs) standards from W3C Name: SPeIDI Partner: ATOS Capability: Protect Category(L2) Identity Management and Access Control Category(L3) Authentication Type: Software:Component Description: Integrating online services with eIDAS infrastructure to European eID use. This connectivity eIDAS-based solution is intended to provide a hub or proxy service between the private SP domain and the European country eIDAS nodes. for secure accessing to the e-services using the eID issued by any European country. Based on the building blocks provided by CEF following the eIDAS technical specifications, including signing, encryption and the SAML 2.0 standard. SP connection is based on a simple API based on JWT. SPeIDI is under EUPL license. Name: DP analysers Partner: CYBER Capability: Identify; protect Category(L2) Business Environment; Risk Assessment Category(L3) Type: Software:component Description: Tools for static analysis for differential privacy and guessing advantage in business processes, as well as tools to select the appropriate privacy parameters


Name: AntibIoTic Partner: DTU Capability: Protect Category(L2) Protective Technology Category(L3) IoT Security Type: Software:Component Description: A Fog-based anti-malware for Internet of Things (IoT) devices. Name: Security & Privacy by Design Partner: UNILU Capability: protect Category(L2) Data Security Category(L3) IoT Security Description: To provide a medical data protection and the protection of financial data Name: D3.6 - Guidelines for GDPR compliant user experience Partner: UM Capability: Identify Category(L2) Governance & Risk Management Category(L3) Governance, Risk & Compliance (GRC) Type: Component Description: Regulation and best practices review with focus on GDPR. Check a subset of local best-practices and identify requirements or issues with existing implementation. Name: D3.18 - Analysis of interoperability and cross-border compliance issues Partner: UM Capability: Identify Category (L2): Governance & Risk Management Category(L3) Governance, Risk & Compliance (GRC) / Security Certification Type: Component Description: Investigation of the compliance for identity technologies interoperability (e.g. eIDAS, GDPR, ePrivacy). We will also investigate the legitimacy of technologies used and processing of personal data in cross-border and cross-sector dimensions and contribute to the design of a common “blueprint”, making reference to other regulations relevant for the market. Name: Trust Monitor (TM) Partner: POLITO Capability: Detect Category (L2): Security Continuous Monitoring Category(L3): Trust management Type: Component Description: Centralized monitoring and reporting solution to assess the trustworthiness of an ICT infrastructure. Provides integrity verification of heterogeneous nodes in the target infrastructure, as well as notification and reporting of periodic information about the integrity status of the infrastructure to external entities. The TM exploits the Remote Attestation (RA) procedure to establish its integrity verification workflow. This procedure allows a third-party Verifier to ensure the trustworthiness of a target node, named Attester, leveraging the peculiarities of a hardware root-of-trust, such as the TPM. The TPM, collects integrity measurements – i.e. digests – about the platform status (e.g. the BIOS, OS, applications) and stores them in a set of registers, the Platform Configuration Registers (PCR). These measurements are signed with a non-migratable key owned by the TPM, which is installed by the vendor and allows the


remote Verifier to ensure the identity of the attester. Within the RA workflow, the Verifier requests these measurements to the attester and then compares them to reference values, which are previously stored in a Whitelist Database. The TM ensures the integrity verification of heterogeneous hosts by means of several “Attestation Drivers”, meaning that different Remote Attestation workflows can be initiated depending on the type of host, and developed as plugins to the application. This would allow the Trust Monitor to support attesters based on different architecture (e.g. x86 and ARM) and hardware peculiarities (e.g. different TPM versions). Name: Policy-based reaction tool Partner: POLITO Capability: Protect Category (L2): Security Management Category(L3): Automatic reaction Type: Component Description: This tool can analyse the report of a suspicious activity (e.g. a cyberattack) and produce a set of medium-level security policies to mitigate the effects of such attack. When an attack report (i.e. a textual file containing some information about a suspicious activity) is generated, the tool parses its content and starts the analysis. The tool then selects the best “recipe” (a very high-level security policy) to counteract the attack. The recipe selection is performed by looking at the report structure and its content, but also by considering the landscape configuration (e.g. the available security controls and their features). Once a recipe has been chosen, it is refined into a set of medium-level security policies that can be used to correctly setup various devices such as firewalls, NATs, and virtually any kind of network and security devices. The reasoning capabilities of the tool can be extended by integrating advanced artificial intelligence technologies such as inferential engines (e.g. Prolog) and/or ontological reasoners (e.g. Pellet). Name: eIDAS proxy Partner: POLITO Capability: Protect Category (L2): Identity Management Category(L3): Identity Federation Type: Component Description: This component acts at national level as a proxy for the eIDAS infrastructure for cross-border eID. The proxy maps the eIDAS protocol to a different (national) one (e.g. the Italian SPID one), so that the eIDAS national gateway can interact with national Service Providers and Identity Providers. This proxy leverages functionalities defined in the eIDAS technical specifications, such as the SAML 2.0 authentication mechanism and related metadata, digital signature of messages, and encryption of assertions. Moreover, it translates attribute sets and authentication parameters (e.g. minimum level of authentication assurance) among domains.

5.2 Task 3.3 Assets

Name: BadGraph Partner: DTU Capability: Identify Category (L2): Risk Assessment Category(L3): N/A Type: Software


Description: A tool for the quantitative analysis of probabilistic attack scenarios based on attack-defense trees. Name: BowTiePlus Partner: SINTEF Capability: ;Identify; Category (L2): Risk Assessment; Category(L3): N/A; Type: Software:component; Description: Web-based risk management tool for identifying preventive and reactive barriers to causes and consequences of unwanted incidents.; Name: CORAS Partner: SINTEF Capability: Identify Category (L2): Risk Management Strategy Category(L3): N/A Type: Software Description: A tool-supported risk management framework Name: HERMES Partner: C3P Capability: Protect: develop and implement appropriate safeguards to ensure delivery of critical services Category (L2): Information Protection Processes and Procedures Category(L3): Application Security Type: Software Description: Fault-Injection for distributed (secure) systems. Name: DTU Partner: OFMC/AIF Capability: Protect Category (L2): Information Protection Processes and Procedures Category(L3): Static Application Security Testing Type: Software Description: OFMC/AIF is a tool suite for automated security verification of protocols. Name: PLEAK Partner: CYBER Capability: Identify Category (L2): Business Environment, Risk Assessment Category(L3): N/A Type: Software Description: Analysis tool for the privacy audit of an existing system and the design of new privacy-aware systems. Name: SEMCO Partner: IRIT Capability: Protect Category (L2): Information Protection Processes and Procedures


Category(L3): Software & Security Lifecycle Management Type: Product Description: A methodological tool-support for engineering secure systems with patterns and models. Name: SOBEK Partner: C3P Capability: Protect: develop and implement appropriate safeguards to ensure delivery of critical services Category (L2): Protective Technology Category(L3): Mobile Security /Device management Type: Software Description: Introduction of introspection within the Android apps, via code injection using Aspect-Oriented Programming (AOP), to transparently collect metering data that can be used to notify the user or/and sink into a secure backend (for enterprise solutions). Name: SYSVER Partner: CNR Capability: Protect Category (L2): Identity Management & Access Control Category(L3): Access Management Type: Software:Service|Algorithm Description: The tool supports security administrators of large distributed systems in the verification of correct implementation of the security policies in the actual system. When conflicts are detected, the tool leverages the detailed analysis results to investigate possible changes to apply in the system to correct the anomalies (conflict resolution). Name: VEREFOO Partner: POLITO Capability: Protect Category (L2): Protective Technology Category(L3): Firewalls / NextGen Firewalls Type: Software Description: Automated refinement of network security requirements (security policies) into virtual security function configurations (e.g. firewall rules) with formal correctness guarantee.

5.3 Task 3.4 Assets

This is a short overview of the assets being developed and offered as part of Task 3.4 on Security Intelligence: Name: NetGen Partner: POLITO Capability: Detect Category (L2): Security Continuous Monitoring Category (L3): Cyber Threat Intelligence Type: Software: Component Description: This tool generates a non-DPI analyzer that can classify any kind of network traffic Name: Briareo Partner: C3P Capability: Detect and Respond


Category (L2): Security Continous Monitoring Category(L3): SIEM / Event Correlation Solutions Type: Software: Component Description: Modular Framework for Elastic Intrusion Detection and Prevention Name: EBIDS - Ensemble Based Intrustion Detection System Partner: CNR Capability: Detect Category (L2): Detection Processes Category(L3): Intrusion Detection Type: Software: Algorithm Description: The tool is an ensemble-based approach used to identify anomalous/suspicious activities in networks and computer systems Name: UASD - Unauthorized App Store Discovery Partner: CNR Capability: Detect Category (L2): Detection Processes Category (L3): Underground/Darkweb investigation Type: Software: Component Description: UASD allows to identify unauthorized mobile app stores (black market) in regular and dark web. Name: HADES - Automatic analysis of malware samples Partner: UMA Capability: Detect Category (L2): Detection Process; Security Continuous Monitoring Category (L3): Honeypots / Cybertraps; Cyber Threat Intelligence Type: Software: Component Description: Hades is a platform for the orchestration of sandboxes for malware execution. It can send samples to virtual machines, execute them, analyze the behaviour and create reports based on the proof generated. Name: JUDAS - JSON Users and Device analysis (JUDAS) tool Partner: UMA Capability: Detect Category (L2): Security Continuous Monitoring Category (L3): SIEM/Event Correlation Solutions ; Cyber Threat Intelligence Type: Software: Component Description: This tool collects the files to be processed, extracts relevant data and correlates them, additionally asking external services to complete the information about the objects generated (e.g. ipapi, VirusTotal, Pipl) Name: TATIS - Trustworthy APIs for enhanced threat intelligence sharing Partner: KUL Capability: Detect Category (L2): Security Continuous Monitoring Category (L3): SIEM/Event Correlation Solutions ; Cyber Threat Intelligence


Type: Software: Component Description: Enhanced open source threat intelligence sharing platform to share indicators of compromise in trustworthy manner on top of the MISP platform Name: Reliable-CTIs - Reliable Cyber-Threat intelligence sharing Partner: UMU Capability: Detect Category (L2): Security Continuous Monitoring Category (L3): Cyber Threat Intelligence Type: Software: Component Description: Enabler leveraging current Open Threat Intelligence platforms such as MISP, to share securely, trusted Cyber-Threat intelligence data between CERT/CSIRTS, companies and related entities. A multi-dimensional approach to quantify trust among involved entities. Name: Threat Intelligence Integrator Partner: ATOS Capability: Cyber Threat Intelligence Category (L2): Security Operations Center (SOC) Category (L3): Cyber Threat Intelligence Type: Software: Component Description: The Threat Intelligence Integrator is able to correlate static and real-time information (e.g., Indicators of Compromise), associated to the monitored infrastructure, with cybersecurity related data coming from external OSINT sources, through a heuristic Name: IntelFrame - A Framework for Intelligent Machine Learning-based Intrusion Detection Partner: DTU Capability: Detect Category (L2): Detection Processes Category (L3): Intrusion Detection Type: Software: Component Description: This framework allows each IDS node to select an appropriate machine learning algorithms from a pool in a periodic manner, with the purpose of maintaining the detection accuracy. Name: Edge Network Intrusion Detection System (ENIDS) Partner: UNITN Capability: Detect and Respond Category (L2): Anomalies and Events, Mitigation Category (L3): Intrusion Detection, DDoS protection Type: Software: Component Description: ENIDS implements an intrusion detection component based on the statistical properties of the network traffic (e.g., entropy values of header fields of packets). The output of the detection is used as input for a second component, a Linux kernel-based traffic filter that blocks all the packets classified as malicious by the detection component. ENIDS has been designed to work on resource-constrained systems such as the nodes of edge computing environments.

5.4 Task 3.5 Assets

Name: Topology Aware Adaptive Security


Partner: UCD Capability: Protect Category (L2): Protective Technology Category(L3) PC/Mobile/Endpoint Security Type: Software: Component Description: This asset allows configuring the Analysis and Planning activities of a MAPE loop to support adaptive security in cyber-physical systems. We consider smart buildings and cities, where threats can arise from their cyber-physical structure and connectivity. Name: Atos Incident Reporting Engine Partner: Atos Capability: Incident Reporting Category (L2): Security Operations Center (SOC) Category(L3) Type: Software: Component Description: The Atos Incident Reporting Engine supports the mandatory incident reporting to different Supervisory Authorities. Reporting is adapted to different procedures/methods depending on the regulatory bodies. Name: Dynamic Security Management Framework Driven by Situations (DynSMAUG) Partner: UPS-IRIT Capability: Protect (sub-assets 1,3) / Detect (sub-assets 2,3) Category (L2): Protective Technology (sub-assets 1,3); Security Continuous Monitoring (sub-assets 2,3) Category(L3) PC/Mobile/Endpoint Security (sub-assets 1,3); Mobile Security/Device Management (sub-assets 1,3); SIEM/Event Correlation Solutions (sub-assets 2,3) Type: Software : Product | Service Description: DynSMAUG allows to enforce dynamically security measures based on the current situations of assets to protect. It consists of 3 sub-assets: 1) Security policy specification approach driven by situations, which express complex dynamic security measures. 2) Situations description approach using complex event processing techniques. 3) Event-based infrastructure to take dynamic situation-based authorization and obligation decisions. Name: Guidelines for GDPR compliant user experience Partner: UM Capability: Identify Category (L2): Governance & Risk Management Category(L3) Governance, Risk & Compliance (GRC) Type: Software : Component Description: This asset provides a review of regulations and best practices with focus on GDPR. It checks a subset of local best-practices and identify requirements or issues with existing implementation. Name: Evidence-driven Maritime Supply Chain Risk Assessment (MITIGATE) Partner: UCD Capability: Protect Category (L2): Protective Technology Category(L3) PC/Mobile/Endpoint Security Type: Software : Component Description: MITIGATE is a Supply Chain Risk Assessment approach aimed to estimate and forecast the cyber risks of any Supply Chain Service (SCS) provisioned or delivered. MITIGATE provides the following functionalities: identify and measure all cyber threats within a Supply Chain (SC) service;


evaluates the individual, cumulative and propagated vulnerabilities; predicts all possible attacks/threats paths and patterns within the SC based upon specific propagation rules; estimates the existence of zero-day exploitable vulnerabilities; assesses the possible impacts; derives and prioritizes the corresponding cyber risks oft he SC cyber assets; formulates a proper mitigation strategy. Name: CENG SYSTEM VERIFIER (SYSVER) Partner: CNR Capability: Protect Category (L2): Identity Management & Access Control Category(L3): Access Management Type: Software: Service | Algorithm Description: SYSVER supports security administrators of large distributed systems in the verification of correct implementation oft he security policies in the actual system possibly affected by (software) vulnerabilities. When problems are detected, the tool leverages the detailed analysis results to investigate possible changes to apply in the system to correct the anomalies (conflict resolution). Name: Testing, verification and mitigation methodology Partner: UMU Capability: Protect Category (L2): Information Protection Processes and Procedures Category(L3): Application Security Type: Software: Methodology Description: Methodology combining testing with the generation of policies from the results, to enforce the system security through the usage of extended MUD files. Name: Verifiable credential user centric identity management (VCUCIM) Partner: UPS-IRIT Capability: Protect Category (L2): Protective Technology Category(L3) PC/Mobile/Endpoint Security Type: Software : Component Description: VCUCIM provides a user-centric digital identity system suing FIDO2 and Verifiable credentials. It allows anyone to easily benefit from an enriched digital identiy made of multi-purpose and multi-origin attributes, increases usability by the elimination of user passwords, makes this digital identity highly trustworthy both for the user (in terms of privacy and sovereignty) and the service provider who requires highly certified information about the user being enrolled to and/or authenticated on its services.

5.5 Task 3.6 Assets

Name: Guidelines for GDPR compliant user experience Partner: UM Capability: Identify Category (L2): Governance & Risk Management Category(L3) Governance, Risk & Compliance (GRC) / Security Certification Type: Component Description: Regulation and best practices review with focus on GDPR. Check a subset of local best-practices and identify requirements or issues with existing implementation. Name: HAMSTERS


Partner: UPS-IRIT Capability: Protect; respond Category (L2): Analysis; Awareness and Training Category(L3) Analysis; Awareness and Training Type: Software:Methodology and Modelling environment Description: Notation and tool to support: user task based design and development of user interfaces and user interactions, design and development of user training. Name: PetShop Partner: UPS-IRIT Capability: Protect; respond Category (L2): Analysis Category(L3) Analysis Type: Software:Methodology and Modelling environment Description: Notation and tool to support design and development of HMI (high-fidelity prototyping of user interfaces and user interactions). Name: Guidelines for GDPR compliant user experience Partner: UM Capability: Identify Category (L2): Governance & Risk Management Category(L3) Governance, Risk & Compliance (GRC) / Security Certification Type: Component Description: Regulation and best practices review with focus on GDPR. Check a subset of local best-practices and identify requirements or issues with existing implementation. Name: EEVEHAC Partner: VTT Capability: Protect Category (L2): Data security Category(L3) Encryption, (Data) Authentication Type: Software:Protocol/Algorithm Description: EEVEHAC establishes a end-to-end encrypted channel that is 1) human authenticated and 2) visualizably encrypted. Name: TATIS Partner: KUL Capability: Detect Category (L2): Security Continuous Monitoring Category(L3) Cyber Threat Intelligence Type: Software:component Description: Enhanced open source threat intelligence sharing platform to share indicators of compromise in trustworthy manner on top of the MISP platform. Name: Tangible interactions for privacy management Partner: UCD Capability: Protect Category (L2): Protective technology


Category(L3) PC/Mobile/End Point Security Type: Software/Hardware: Product Description: This represent a solution to the problem of physical privacy in users' immediate physical environment that may arise through technological devices, or directly by other humans physically present around the user. This solution provides: 1) a waist belt to sense the environment around the user to detect people, objects and movements; 2) a wrist band that can vibrate to empatetically and actively warn the users in case a privacy threat is detected. This technology allows users to take immediate action when informed or automatically responds appropriately on the users’ behalf, and learns continuously from user responses to understand their context and needs. Name: SYSVER Partner: CNR Capability: Protect Category (L2): Access Control Category(L3) Access Management Type: Software:Service|Algorithm Description: The tool supports security administrators of large distributed systems in the verification of correct implementation of the security policies in the actual system possibly affected by (software) vulnerabilities. When problems are detected, the tool leverages the detailed analysis results to investigate possible changes to apply in the system to correct the anomalies (conflict resolution).

5.6 Task 3.7 Assets

Name: D3.6 - Guidelines for GDPR compliant user experience Partner: UM Capability: Identify Category(L2) Governance & Risk Management Category(L3) Governance, Risk & Compliance (GRC) Type: Component Description: A look at best practices for innovative and GDPR compliant user experience. Check a subset of local best-practices and identify requirements or issues with existing implementations. Name: D3.18 - Analysis of interoperability and cross-border compliance issues Partner: UM Capability: Identify Category (L2): Governance & Risk Management Category(L3) Governance, Risk & Compliance (GRC) / Security Certification Type: Component Description: Investigation of the compliance for identity technologies interoperability (primarily eIDAS). We will also investigate the legitimacy of technologies used and processing of personal data in cross-border and cross-sector dimensions. Name: Privacy Preserving Middleware Partner: C3P Capability: Protect: develop and implement appropriate safeguards to ensure delivery of critical services Category (L2): Data Security


Category(L3): Data Leakage Prevention Type: Software Description: The IoT middleware platform should aim to (semi-)automatically combine different privacy-preserving techniques to support end-to-end privacy. The middleware platform must also help the user to manage and monetize its data, behaving as a data broker with the existing data consumers. This task aims to design and build the middleware framework. Name: GDPR-based Access Control Partner: CNR Capability: Protect: develop and implement appropriate safeguards to ensure delivery of critical services Category (L2): Identity Management & Access Control Category(L3) Access Management Type: Software Description: A systematic approach for authoring ACPs aligned with the GDPR, on the basis of realistic use cases. Partner: ATOS Capability: Protect Category(L2) Data Security Category(L3) Data Leakage Prevention Type: Software:Component Description: DANS is an anonymization service based on the data anonymization Java tool (ARX) that provides different privacy models (e.g., the k-anonymity model) to enable the application of certain privacy criteria over a specific dataset. ARX is under Apache 2.0 license. Name: Edge-Privacy Partner: UMA Capability: Protect Category(L2) Data Security Category(L3) Data Leakage Prevention Type: Component Description: Privacy Component for Edge Computing Name: SelfSovereign-PPIdM (Self-sovereign privacy-preserving IdM in blockchain) Partner: UMU Capability: Protect Category(L2) Identity Management & Access Control Category(L3) Identity Management Type: Software Description: This asset will investigate, integrate and adapt privacy-preserving solutions like Anonymous Credentials Systems (e.g. Idemix) in blockchains (e.g. Hyperledger), following a Self-sovereign identity management approach. To this aim, it is envisaged to use, as baseline, the outcomes from the Decentralized identity Foundation (DIF). The assets will be aligned with "Verifiable Credentials" and "Decentralized Identifiers" (DIDs) standards from W3C Name: Security & Privacy by Design Partner: UNILU Capability: protect Category(L2) Data Security


Category(L3) IoT Security Description: To provide a medical data protection and the protection of financial data Name: PLEAK Partner: CYBER Capability: Identify Category (L2): Business Environment, Risk Assessment Category(L3): N/A Type: Software Description: Analysis tool for the privacy audit of an existing system and the design of new privacy-aware systems.


6 WP3 assets and their mapping to WP5 Pilot’s requirements

This section dissects each of the assets identified in CyberSec4Europe for each WP3 task, their functionality, and scope. It also specify how those assets fulfil the WP5 Pilot’s requirements identified in the CyberSec4Europe Deliverable D5.1 [D5.1]. The purpose of D5.1 is to initially set a series of domains and their requirements related. These requirements are the key role in identifying the technological gaps and research roadmap for this project’s WP3 and WP4. The demonstration cases, derived from the domain, labeled in [D5.1] to design technological components are the following:

• Open Banking. This case seeks to address the risks and vulnerabilities of cybersecurity attacks such as malware, phishing or social engineering. To protect the management policies of banks and their weaknesses in the design or implementation of APIs. Prevent fraud and data loss in relation to monetary transactions by third parties in an open bank environment. As well as providing confidence and security to users when searching for account information.

• Supply Chain Security Assurance. This case is willing to provide a blueprint for supply chain solutions for multiple sectors. The main characteristics of this supply chain are that it should be traceable in all components, to assure quality and integrity, while being non-repudiable, detecting errors or manipulations, and a providing a quick response.

• Privacy-Preserving Identity Management. This case will enable a distributed platform to manage identity and authenticated services. It is seeking to achieve strong privacy-preserving authentication. Furthermore, it aims to provide consent for and control the data usage with privacy-preserving seamless ideals. One of the consequences is to supply trustworthy information exchange between official organizations as well as give a transversal consciousness about control the privacy and increase the trust in online services.

• Incident Reporting. This case will develop a platform for sharing and report incidents according to different procedures and methods in a secure way. The data sharing will be bidirectional, in a centralized or decentralized environment, trustworthy, and secure.

• Maritime Transport. This case identifies the cybersecurity challenges in the maritime domain covering the whole ecosystem including the those at the port side and the ship side. The aim is to detect security threats, develop models for these threats and responds to them, as well as to assist the relevant stakeholders to be updated with the related regulations and practices.

• Medical Data Exchange. This case is related to medical data, sharing and protection of sensitive or personal information. The objective is to provide a secure and trustworthy exchange of this information involving several actors with different objectives and requirements in terms of security, data protection, and trust issues, as well as in harmony with the applicable legislation and the strategic policy framework.

• Smart Cities. This case seeks to connect cybersecurity challenges in an open smart city market environment based on the needs of cities and communities. It will include an ecosystem where new ideas, needs, best practices, lessons learned, and the information concerning will be sharing.

The following subsections (one per WP3 tasks), identify the different assets per task and the WP5’s requirements that they address.


6.1 Task 3.2

T3.2 Asset Open Banking Supply Chain Security Assurance

Privacy-Preserving Identity Management

Incident Reporting

Maritime Transport

Medical Data Exchange

Smart Cities

C3P

Privacy Preserving Middleware

SCH-SP01, SCH-SP02, SCH-SP03, SCH-SP04, SCH-SP05, SCH-SP06, SCH-SP07, SCH-SP08, SCH-SP10,

SCH-SC01

IDM-SP01, IDM-SP02, IDM-SP03, IDM-SP04, IDM-SP07, IDM-SP11

MD-SP01, MD-SP02, MD-SP03, MD-SP04, MD-SP05, MD-SP06, MD-LR01, MD-SPL01

SMC-SP01, SMC-SP02, SMC-SP03, SMC-SP17, SMC- LR02

C3P

Argus, Enforcing Privacy and Security in Public Cloud Storage

MD-SPL01

CNR

GDPR-based Access Control

OB-SP05 OB-SP27 OB-LF04 OB-LR04 OB-LR05 OB-LR09

SCH-LR01 IDM-LR01 IR-LR02 MD-LR01 SCM-F02 SMC-F10 SCM-F11

SCM-SP06 SCM-SP10 SCM-SP11 SCM-LR02

ATOS

DANS (Data ANonymization Service)

OB-SP05 SCH-SP08 IDM-SP06, IDM-SP07, IDM-U02

MT-SP19 MD-SP02, MD-SPL01

SMC-SP17

VTT Cryptovault

OB-SP13 MD-SP07 SMC-SP09

UMA

Edge-Privacy

SCH- SP08 MT- SP19 SMC- SP10 SMC- SP11 SMC- SP17


UMU

SelfSovereign-PPIdM (Self-sovereign privacy-preserving IdM in blockchain)

IDM-SP03, IDM-SP05, IDM-SP06

MD-SP04, MD-OP03

ATOS

SPeIDI

OB-SP01, OB-SP02, OB-SP09, OB-SP10, OB-

SP26, OB-SP27, OB-SP28, OB-U03,

OB-LR09

SCH-SP01, SCH-SP02, SCH-LR01

IDM-SP06, IDM-SP10, IDM-MP01, IDM-LR01, IDM-LR03

IR-SP01, IR-LR03

MT-SP01 MD-SP07, MD-OP02

SMC-F01, SMC-F03,

SMC-SP01, SMC-SP03, SMC-SP10, SMC-SP16, SMC-SP21,

SMC-LR02 UM D3.6 - Guidelines for

GDPR compliant user experience

OB-SP01, OB-SP05,

OB-SP06, OB-SP12,

OB-SP27, OB-LF02,

OB-U01, OB-LR01, OB-LR03, OB-LR08, OB-LR09

SCH-SP01, SCH-SP08, SCH-U01, SCH-LR01, SCH-

LR04

IDM-SP06, IDM-SP07, IDM-SP08, IDM-U03,

IDM-LR01, IDM-LR02,

IR-F01, IR-F06, IR-SP01, IR-LR02

MT-SP01, MT-SP19

MD-SP01, MD-SP02, MD-SP05, MD-SP06, MD-OP01, MD-SPL01 MD-SPL02, MD-LR01

SMC-F08, SMC-F10, SMC-F11, SMC-F12,

SMC-SP10, SMC-SP11, SMC-SP13, SMC-SP14, SMC-SP16, SMC-SP17, SMC-SP19, SMC-SP21,


SMC-OP05, SMC-MP02, SMC-MP03,

SMC-LR02 UM D3.18 - Analysis of

interoperability and cross-border compliance issues

OB-SP01, OB-SP02, OB-SP08, OB-LR01, OB-

LR08, OB-LR09


IDM-SP03, IDM-LR01, IDM-MP01, IDM-LR02, IDM-LR03

IR-SP01, IR- LR02,

IR- LR03

MT-SP01, MT-SP05, MT-SP06, MT-SP07, MT-

SP19, MT-SP22, MT-OP05, MT-

OP06, MT-MP01, MT-MP02, MT-

MP03

MD-SP07, MD- OP02, MD- LR01

SMC-F03, SMC-SP01,

SMC-F10, SMC-SP03, SMC-SP10, SMC-LR02, SMC-MP01

CYBER

SP Analysers

OB-SP13, OB-SP16, OB-SP27, OB-LR01, OB-

LR08

SCH-SP06, SCH-SP08, SCH-SP09, SCH-LR01, SCH-

LR04

IDM-SP05, IDM-SP06, IDM-SP07, IDM-LR01, IDM-LR02

IR-LR02 MT-SP19 MD-SP01, MD-SPL01, MD-SPL02, MD-SPL03, MD-LR01

SMC-SP10, SMC-SP11, SMC-SP16,

SMC-LR02

6.2 Task 3.3

T3.3 Asset Open Banking

Supply Chain Security Assurance


Incident Reporting

Maritime Transport


Smart Cities


DTU BadGraph

MD-SP07 MD- SP02 MD- SP03

SINTEF BowTiePlus

MT-U01, MT-OP01

SINTEF CORAS

MT-U01, MT-OP01

C3P HERMES

KAU

IDMP

SCH-U01 SCH-U02

SCH-U01 SCH-U02

IDM-U01 IDM-U02 IDM-U03

MD-OP01 MD-SPL01

SMC-U01

DTU OFMC/AIF

MD-SP07 MD- SP02 MD- SP03

CYBER

PLEAK

MT-UC1, MT-UC2, MT-UC3, MT-UC4

MD-UC1 MD-UC2 MD-UC3

IRIT

SEMCO

SP01, SP02, SP03,SP04,O01,

O02, SPL01, LR01

C3P HERMES

OB-OP02

SCH-OP02

C3P

SOBEK

OB-SP11, OB-

SP14, OB-

SP23, OB-

LR01, OB-

LR04


CNR SYSVER

MT-OP03 SMC-SP05 SMC-OP01 SMC-OP04

POLITO

VEREFOO

OBSP21 OBSP22

SMCF02 SMCF16

SMCSP05 SMCU01

6.3 Task 3.4 asset mapping

Partner T3.4 Asset

Open Banking



Incident Reporting

Maritime Transport


Smart Cities

C3P

Briareos

OB-SP14, OB-SP15, OB-SP20, OB-LF03, OB-LF04, OB-LR05, OB-LR06

SCH-LR02 IDM-SP04, SMC-F02, SMC-SP06, SMC-SP07,

CNR

EBIDS - Ensemble Based Intrustion Detection System

OB-U01, OB-SP15, OB-SP20,

OB-LF04,OB-

LR05


CNR

UASD - Unauthorized App Store Discovery

OB-LR02 SMC-F17

UMA

HADES - Automatic analysis of malware samples

IR-F04, IR-F05, IR-F17, IR-F18, IR-F19, IR-

F24, IR-F25

UMA

JUDAS - JSON Users and Device analysis tool

IR-F02, IR-F03, IR-F15, IR-

F19, SMC-F07, SMC-F09, SMC-F15, SMC-

SP04, SMC-SP11

KUL

TATIS - Enhanced threat intelligence sharing

IR-SP01, IR-SP02, IR-SP03, IR-SP04, IR-LF01, IR-OP01

UMU

Reliable-CTIs - Reliable Cyber-Threat intelligence sharing

IR-F11, IR-F10, IR-SP01, IR-SP02, IR-SP04, IR-


LF01, IR-OP01

ATOS

Threat Intelligence intEgrator

IR-F05, IR-F10, IR-F25, IR-

SP01, IR-SP02, IR-SP03, IR-SP04, IR-LF01, IR-U01, IR-

OP01, IR-MP02

POLITO NetGen

OB-SP15, OB-SP23

SCH-SP07 IDM-SP06 IR-F04 MD-SP02 SMC-SP07

DTU

IntelFrame - A Framework for Intelligent Machine Learning-based Intrusion Detection

IR-F04, IR-F05, IR-F13� IR-

F17, IR-F19, IR-F24, IR-F25, IR-

U03

UNITN

ENIDS

SMC-SP04, SMC-SP08


6.4 Task 3.5 asset maaping

Partner T3.2 Asset

Open Banking



Incident Reporting

Maritime Transport


Smart Cities

UCD

Topology Aware Adaptive Security

OB-SP14, OB-SP15, OB-SP21, OB-SP22, OB-LF03, OB-LF04, OB-U01, OB-OP03

SCH-U02 IDM-SP06 MT-SP21, MT-OP03, MT-MP01

SMC-SP06, SMC-OP01

KUL

SPARTA

OB-SP18, OB-LF04, OB-LF05

SCH-SP04 MT-OP2,

(future) MT-OP03

SMC-SP02, SMC-SP05, SMC-SP21

ATOS

Incident Reporting Engine

IR-F03, IR-F08, IR-F09, IR-F11, IR-

F13, IR-SP04, IR-LF01, IR-U01, IR-U02, IR-

OP01, IR-


MP01, IR-MP02

UPRC

MITIGATE

MT-U01, MT-OP01, MT-OP02, MT-OP03, MT-LR01, MT-LR03

UM

D3.6 - Guidelines for GDPR

compliant user experience

OB-SP01, OB-SP05, OB-SP06, OB-SP12, OB-SP27, OB-LF02, OB-U01, OB-LR01, OB-LR03, OB-LR08, OB-LR09

SCH-SP01, SCH-SP08, SCH-U01, SCH-LR01, SCH-LR04

IDM-SP06, IDM-SP07, IDM-SP08,

IDM-U03, IDM-LR01, IDM-

LR02,

IR-F01, IR-F06,

IR-SP01, IR-LR02

MT-SP01, MT-SP19

MD-SP01, MD-SP03, MD-OP01, MD-

SPL01 MD-SPL02,

MD-LR01

SMC-F08, SMC-F10, SMC-F11, SMC-F12, SMC-SP10, SMC-SP11, SMC-SP13,

SMC-SP14, SMC-SP16, SMC-SP17, SMC-SP19, SMC-SP21, SMC-OP05, SMC-MP02,


SMC-MP03,

SMC-LR02

UPS-IRIT

DynSMAUG

OB-SP14, OB-SP15, OB-SP19, OB-SP21, OB-SP22, OB-LF03, OB-LF04, OB-LF05, OB-U01

SCH-SP06, SCH-SP07, SCH-U01, SCH-U02

MT-SP02, MT-SP21, MT-OP03

SMC-SP01

UPS-IRIT

VCUCIM

OB-SP02, OB-SP07, OB-SP08, OB-SP09, OB-SP10, OB-SP11, OB-SP26, OB-SP27, OB-SP28, OB-U03

SCH-SP01, IDM-SP02,

IDM-SP06,

IDM-SP10,

IDM-OP01

MT-SP01 MD-SP07 SMC-F01, SMC-U01

CNR

SYSVER

MT-OP03 SMC-SP05 SMC-OP01 SMC-OP04



Partner T3.6 Asset Open Banking



Incident Reporting

Maritime Transport


Smart Cities

UM D3.6 - Guidelines for GDPR compliant user experience



IDM-SP06, IDM-SP07, IDM-SP08, IDM-U03, IDM-LR01, IDM-LR02,


MT-SP01, MT-SP19

MD-SP01, MD-SP03, MD-OP01, MD-SPL01 MD-SPL02, MD-LR01

SMC-F08, SMC-F10, SMC-F11, SMC-F12, SMC-SP10, SMC-SP11, SMC-SP13, SMC-SP14, SMC-SP16, SMC-SP17, SMC-SP19, SMC-SP21, SMC-OP05, SMC-MP02, SMC-MP03, SMC-LR02

UM D3.18 - Analysis of interoperability and cross-border compliance issues

OB-SP01, OB-SP02,



IR-SP01, IR- LR02, IR- LR03

MT-SP01, MT-SP05, MT-SP06, MT-SP07,

MD-SP04, MD- OP02, MD- LR01

SMC-F03, SMC-SP01, SMC-F10, SMC-SP03,


OB-SP08, OB-LR01, OB-LR08, OB-LR09

MT-SP19, MT-SP22, MT-OP05, MT-OP06, MT-MP01, MT-MP02, MT-MP03

SMC-SP10, SMC-LR02, SMC-MP01

UM

D3.6 - Guidelines for GDPR compliant user experience

OB-SP05, OB-SP06, OB-SP12, OB-SP27, OB-U01, OB-LR01, OB-LR03, OB-LR08, OB-LR09

SCH-U01, SCH-LR01

IDM-SP06, IDM-LR01

IR-F01, IR-SP01, IR-LR02

MT-SP19 MD-SP01, MD-SPL02, MD-LR01

SMC-F10, SMC-F12, SMC-SP10, SMC-SP14, SMC-SP16, SMC-SP17, SMC-SP19, SMC-LR02

UPS-IRIT

HAMSTERS

OB-LF01

SCH-LF01, SCH-U02

IDM-SP06, IDM-SP11, IDM-U01, IDM-U02, IDM-U03

IR-F14, IR-U01, IR-U02

MT-U01, MT-U02

SMC-F10, SMC-F11, SMC-F12, SMC-U01, SMC-SPL02


UPS-IRIT

PetShop

OB-LF01, OB-LF03, OB-LFO4,

OB- U01? OB- LR04,

OB- LR05

SCH-LF01, SCH-U01, SCH-U02

IDM-SP06, IDM-SP11

IR-U01, IR-U02, IR-U03

SMC-LF01, SMC-U01

VTT

EEVEHAC

(OB-SP04, OB-LR06)

SCH-SP04 IDM-SP03, IDM-SP04 MT-SP09, MT-SP12, MT-U01, MT-MP03

MD-SP02, MD-SP03

SMC-SP02, SMC-SP08, SMC-U01

KUL

MISP++

IR-SP01, IR-SP02, IR-SP03, IR-SP04, IR-LF01, IR-OP01

UCD Tangible interactions for privacy management

CNR SYSVER MT-OP03 SMC-SP05,SMC-OP01, SMC-OP04



Partner T3.7 Asset

Open

Banking

Supply

Chain

Security

Assurance

Privacy-

Preserving

Identity

Management

Incident Reporting Maritime

Transport

Medical Data

Exchange

Smart

Cities

UM D3.6 - Guidelines for GDPR

compliant user experience



IDM-SP06, IDM-SP07, IDM-SP08, IDM-U03, IDM-LR01, IDM-LR02,


MT-SP01, MT-SP19

MD-SP01, MD-SP03, MD-OP01,

MD-SPL01 MD-SPL02, MD-LR01

SMC-F08, SMC-F10, SMC-F11, SMC-F12,

SMC-SP10, SMC-SP11, SMC-SP13, SMC-SP14, SMC-SP16, SMC-SP17, SMC-SP19, SMC-SP21,

SMC-OP05, SMC-

MP02, SMC-

MP03, SMC-LR02

UM D3.18 - Analysis of

interoperability and cross-

border compliance issues

OB-SP01, OB-SP02, OB-SP08, OB-LR01,



IR-SP01, IR- LR02, IR- LR03

MT-SP01, MT-SP05, MT-SP06, MT-SP07, MT-SP19, MT-SP22,

MD-SP04, MD- OP02,

MD- LR01

SMC-F03, SMC-SP01, SMC-F10,

SMC-SP03, SMC-SP10, SMC-LR02,


OB-LR08, OB-LR09

MT-OP05, MT-OP06, MT-MP01, MT-MP02, MT-MP03

SMC-MP01

C3P Privacy Preserving Middleware SCH-SP01, SCH-SP02, SCH-SP03, SCH-SP04, SCH-SP05, SCH-SP06, SCH-SP07, SCH-SP08, SCH-SP10, SCH-SC01

IDM-SP01, IDM-SP02, IDM-SP03, IDM-SP04, IDM-SP07, IDM-SP11

MD-SP01, MD-SP02, MD-SP03, MD-SP04, MD-

SP05, MD-SP06, MD-LR01, MD-

SPL01

SMC-SP01, SMC-SP02, SMC-SP03, SMC-SP17, SMC- LR02

CNR GDPR-based Access Control OB-SP05

OB-SP27

OB-LF04

OB-LR04

OB-LR05

OB-LR09

SCH-LR01 IDM-LR01 IR-LR02 MD-LR01 SCM-F02

SMC-F10

SCM-F11

SCM-SP06

SCM-SP10

SCM-SP11

SCM-LR02

ATOS DANS (Data ANonymization

Service)

OB-SP05 SCH-SP08 IDM-SP06, IDM-SP07, IDM-U02

MT-SP19 MD-SP02, MD-SPL01

SMC-SP17


UMA Edge-Privacy SCH- SP08 MT- SP19 SMC- SP10

SMC- SP11

SMC- SP17

UMU SelfSovereign-PPIdM (Self-

sovereign privacy-preserving

IdM in blockchain)

IDM-SP03, IDM-SP05, IDM-SP06

MD-SP04, MD-OP03

CYBER PLEAK MT-UC1, MT-UC2, MT-UC3, MT-UC4

MD-UC1 MD-UC2 MD-UC3


7 Additional Enablers and Assets Identified in WP5 This section summarizes the rest of the assets not associated with any task in WP3. These assets have been

identified in WP5 and follow the template specified above. As in Section 5, a synthesis is made of them

indicating the same fields as in that section.

Name: Secure AIS (Automatic Identification System) ASM (Application Specific Message) endpoint

Partner: Cyber

Capability: Protect

Category (L2): Data Security

Category(L3): Encryption

Type: Software Component

Description: A piece of software with well-defined API for injecting ASMs into AIS; integrated with

certain AIS transceivers

Name: Crypto FE

Partner: Atos

Capability: Protect


Category(L3): Data Leakage Prevention

Type: Software Component

Description: FE library containing attribute-based encryption (ABE) schemes for the privacy-preserving

in health information management

Name: Open Innovation Area (OIA)

Partner: Engineering Spa

Capability: Identify

Category (L2): Asset Management

Category(L3): IT Service Management

Type: Software

Description: The Open Innovation Area (OIA) is a tool that allows the stakeholders to track real needs

and to address them by adopting a co-creation and innovation approach.

Name: CaPe - A Consent Based Personal Data Suite


Capability: Protect

Category (L2): Identity Management & Access Control

Category(L3): Access Management

Type: Software

Description: A “consent based” and open source platform with the goal to manage and control “personal

data” during the interaction among data subjects and public and private services as Data Controller and

processors (PA, Social, IoT, B2C).

It provides tools for lawful data sharing processes, with the ability to grant and withdraw consent to third

parties for accessing own personal data.

It follows the MyData principles to exploit the potential of personal data, facilitates its control and new

business opportunities in compliance with the GDPR.

Name: PKI service

Partner: SINTEF


Capability: Protect


Category(L3): PKI / Digital Certificates

Type: Software and hardware

Description: The Public Key Infrastructure (PKI) service will be used to secure the exchange of digital

information between actors in the maritime domain.

Name: TO4SEE (assessmenT tOols for Social Engineering Exposure)



Category (L2): Risk Assessment

Category(L3): Risk assessment on Social Engineering

Type: Product/Service

Description: TO4SEE aims at measure the susceptibility of the employees or a single employee aginst

Social Engineering attacks: the two methods behind the tools measure the vulnerability of employees to

phishing attacks. First method is an individual assessment, based on voluntary participation, which

directly probe human weaknesses, while the second method is a collective assessment and it is done by

simulating a phishing campaign.

Name: RATING - Risk Assessment Tool for Integrated Governance



Category (L2): Cyber-Risks Assessment

Category(L3): Governance, Risk & Compliance (GRC)

Type: Component

Description: RATING's aim is to support organizations to assess individuals and collective evidence-

based risk profiles. Following ISO31000, RATING is able to support organizations to identify major

cybersecurity risks for their business and main assets, and to support decisions related to cyber-security

investments on hard and soft mitigation solutions.

Name: Work-Flow Compliance

Partner: Siemens

Capability: Protect

Category (L2): Data Security/Protective Technology

Category(L3): Distributed System Security Type: Software, Protocol

Description: A language and a tool to specify distributed workflows

A language and tool to describe trust rules (Type of assertions, claimed by trusted parties)

Name: MISP (Malware Information Sharing Platform)

Partners: UMU, ATOS, KUL

Capability: Respond


Category(L3): Incident Response Services (CSRIT aaS)

Type: Software

Description: Is an open source platform for the timely exchange of IoC (Indicator of compromission)


8 Conclusion This document presents deliverable “D3.1 – Common Framework Handbook 1”. It describes a first version

of the common and holistic CyberSec4Europe framework, which is used as baseline for organizing and

structuring the different functional building blocks and assets addressed in the scope of WP3.

This document proposes and explains the CyberSec4Europe global functional architecture that comprises

the different functional components, categorized in 3 main planes required to fulfil the cybersecurity

research goals defined WP3. This architecture is intended to be used as a reference for the upcoming sub-

architectures defined in different WP3 tasks that will expand and extend this global architecture.

Additionally, the document has analysed how different WP3 tasks’ goals map to different functional

components in the architecture.

In addition, the handbook defines the common template in an interoperable way. It describes the different

cyber-security and privacy assets of WP3 using common and standard taxonomies from NIST and JRC.

Several assets have been identified and categorized in the document. In addition, this document describes

the analysis done to map the WP3 assets with the WP5 pilots requirements and included the additional assets

intended as part of WP5.


9 References [NIS17] NIST, Cybersecurity Framework Manufacturing Profile, NISTIR 8183, September

2017.

[NIS18] NIST, NIST Cybersecurity Framework, NIST release Version 1.1, 2018.

[EIDAS] Dumortier, J. (2017). Regulation (EU) No 910/2014 on Electronic Identification and

Trust Services for Electronic Transactions in the Internal Market (eIDAS Regulation).

In EU Regulation of E-Commerce. Edward Elgar Publishing.

[GDPR] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April

2016 on the protection of natural persons with regard to the processing of personal

data and on the free movement of such data, and repealing Directive 95/46/EC

(General Data Protection Regulation)

[JRC18] Nai, F. I., Neisser, R., Lazari, A., Ruzzante, G.-L., Polemi, N. and Figwert, M.,

"European Cybersecurity Centres of Expertise Map - Definitions and Taxonomy",

JRC111441, 1831-9424, 2018, https://doi.org/10.2760/622400

[ENISA18] Sfakianakis, A., Douligeris, C., Marinos, L., Lourenço, M., and Omid Raghimi,

"ENISA Threat Landscape Report 2018", Version 1.0, January 2019

[D5.1] Crabu, M., Marrone, A., Rotoloni, M., Spada, T., Trinchera, M., et al. "Requirements

Analysis of Demonstration Cases Phase1", D5.1, CyberSecurity for Europe, v1.0

Final, 2019.

D3.1 Common Framework Handbook 1 - CyberSec4Europe€¦ · for holistic cybersecurity and privacy...

Documents

Transcript of D3.1 Common Framework Handbook 1 - CyberSec4Europe€¦ · for holistic cybersecurity and privacy...