We proposes and explain the CyberSec4Europe global functional architecture that comprises the different functional components, categorized in 3 main planes required to fulfil the cybersecurity research goals defined WP3. This architecture is intended to be used as a reference for the upcoming subarchitectures defined in different WP3 tasks that will expand and extend this global architecture. Additionally, the document has analysed how different WP3 tasks goals map to different functional components in the architecture.
In addition, the handbook defines the common template, the common framework, in an interoperable way. It describes the different cyber-security and privacy assets of WP3 using common and standard taxonomies from NIST and JRC. Several assets have been identified and categorized. In addition,we describes the analysis done to map the WP3 assets with the requirements of WP5 pilots and included the additional assets intended as part of WP5.
The template defines a set of attributes, optional and mandatory, that any proposed asset has, such as a name, description, planning, status, etcetera. In this sense, it can be used to describe each of the proposed components. Besides, the template uses three standard taxonomies related to the cybersecurity environment. Using this template to describe the assets is to have a conceptual consistency and provide a common taxonomy.
- Privacy-preservation, TEE and IoT-Edge security (Task T3.2)
- Software Development Lifecycle (SDL) (Task T3.3)
- Security Intelligence (Task T3.4)
- Adaptive Security (Task T3.5)
- Usable Security (Task T3.6)
- Regulatory Management (Task T3.7)
- Conformity, Validation and Certification (Task 3.8)
- Continuous Scouting (Task 3.9)
- Impact on Society (Task 3.10)
The common framework proposed a global architecture to encompass the functional components that address the cyber-security research goals previously identified. This architecture is composed of three planes that provide the intelligence and dynamic reaction to the framework. Two different domains, one for the user of the framework the other related to the infrastructure, both physical or virtual. A Blockchain Layer provides the capabilities of provenance, auditability and accountability to the framework. . Each of these planes, domains and layers holds the functional components required to manage, control and analyse the Managed Domain. The functional components are instantiated by diverse enablers, tools, APIs, models and interfaces.
- The Managed Domain is where the protection techniques are applied to strengthen the cyber-security and privacy-preserving of the infrastructure, services, communications and data in any interaction. The Managed Domain can refer to all those cyber-physical environments identified in the WP5 verticals addressed as part of the demonstrators, such as healthcare, supply-chain, financial or smart-cities.
- The User Domain includes tools and services for privacy-preserving management and helps security and privacy configurations and decisions. Additionally, it incorporates secure identity management models for authentication and authorization, all of these techniques with a usable security approach.
- The Control and Management Plane administers the resources and run-time operations of the security enablers deployed in the Managed Domain. D3.1[1]contained seven building blocks, eachof which applied a functional activity: Security Enforcement, Reaction, Monitoring, Cybersecurity Awareness, Trust-Privacy Management, Supply Chain Analysis, Certification of Security products.
- The Intelligence Plane provides autonomic and cognitive capabilities to perform real-time assessments related to cyber-security on the CyberSec4Europe framework, including risk, legal, privacy and impact. It permits to automatically react and adapt the security controls in response to new threats or security requirements.
- The Administration Plane incorporates tools and services to manage and control the cybersecurity framework and the system.
- Task 3.2 Privacy-preservation, TEE and IoT-Edge security Assets: 24 assets
- Task 3.3 Software Development Lifecycle (SDL): 13 assets
- Task 3.4 Security Intelligence: 13 assets
- Task 3.5 Adaptive Security: 7 assets
- Task 3.6 Usable Security: 7 assets
- Task 3.7 Regulatory Management: 2 assets
- Task 3.8 Confomity, Validation, Certification: 1 asset
- Task 3.10 Impact on Society: 1 asset
1 - A. Skarmeta, “D3.1 Common Framework Handbook 1,” CyberSec4Europe, 2019.