Security Chapter Demo Sprint meeting – 2015-10-14 Chapter Leader – Pascal Bisson Chapter Architect – Cyril Dangerville (presenter)

Slides:



Advertisements
Similar presentations
File Server Organization and Best Practices IT Partners June, 02, 2010.
Advertisements

<<replace with Customer Logo>>
JIRA – An Introduction -Arpit Jindal
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
System Center Configuration Manager Push Software By, Teresa Behm.
Make Secure Information Sharing (SIS) Easy and an Reality C. Edward Chow, PI Osama Khaleel Bill Kretschmer C. Edward Chow, PI Osama Khaleel Bill Kretschmer.
Red Hat Linux Network. Red Hat Network Red Hat Network is the environment for system- level support and management of Red Hat Linux networks. Red Hat.
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
Security Chapter, FIWARE Sprint status Chapter Leader: Pascal Bisson Chapter Architect: Cyril Dangerville.
Enterprise Network Security Accessing the WAN Lecture week 4.
System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.
Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.
Sharing Geographic Content
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Module 1: Installing Windows XP Professional. Overview Manually Installing Windows XP Professional Automating a Windows XP Professional Installation Using.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
PETS – Power Exchange Trading Software Power Exchange Trading Software for Online Bidding, Billing and much more.
FINAL DEMO Apollo Crew, group 3 T SW Development Project.
Information Systems Security Computer System Life Cycle Security.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Oracle Application Express 3.0 Joel R. Kallman Software Development Manager.
Open APIs for Open Minds Nuria de Lama, Atos Research & Innovation Future Internet Public Private Partnership in EU FI-WARE: Overview.
London April 2005 London April 2005 Creating Eyeblaster Ads The Rich Media Platform The Rich Media Platform Eyeblaster.
London April 2005 London April 2005 Creating Eyeblaster Ads The Rich Media Platform The Rich Media Platform Eyeblaster.
AOIT Introduction to Programming Unit 4, Lesson 11 Documenting Bugs and Fixes Copyright © 2009–2012 National Academy Foundation. All rights reserved.
Deliverable Readiness Review LexEVS 5.1 December 17, 2009.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Get off on the right foot Included with SOTI JumpStart: Creation and deployment of a single package FileSync and Single lockdown configuration, enabling.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
FI-WARE Testbed Overview Stefano De Panfilis – FI-WARE Testbed Responsible
DEV 303 Visual Studio "Whidbey" Enterprise Tools: Source Control and Work Item Tracking Brian Harry Product Unit Manager Microsoft Visual Studio.
Mellon Year 1 Review Michael J. Halm Alex Valentine.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Module 5: Configuring Internet Explorer and Supporting Applications.
FI-WARE Overview Juanjo Hierro Telefonica Digital, Coordinator and Chief Architect, FI-WARE
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
ESafe Open Modules Overview Open modules implementing the eSafe document exchange protocol.
SmartReport Backend Reporting Tool © 2003 ITC Software
T Project Review Sotanorsu I3 Iteration
How to Convert to a Managed Package Winter `07 Ralph Eddy January 4, 2007.
System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
T Project Review Magnificent Seven Final demonstration
JRA1 Meeting – 09/02/ Software Configuration Management and Integration EGEE is proposed as a project funded by the European Union under contract.
Authorization PDP GE Course (R4) FIWARE Chapter: Security FIWARE GE: Authorization PDP FIWARE GEri: AuthZForce Authorization PDP Owner: Cyril Dangerville,
Security Chapter Demo Sprint meeting – Sprint Cyril Dangerville (TS), Chapter Architect, Authorization PDP GE owner Alvaro Alonso (DIT-UPM), IdM.
T Project Review Sotanorsu I2 Iteration
Migrating from Legacy ECM Repositories to Alfresco Ray Wijangco Technology Services Group Alfresco Practice Lead.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
OpenPegasus Documentation Discussion What should we change, what should we keep? KS OpenPegasus Developers Conference 27 September 2012.
Testing and Release Procedures/Tools Cristina Aiftimiei (INFN-CNAF) Mario David (LIP)
Security Chapter – Architecture & Focus on Authorization PDP Cyril Dangerville (TS), Chapter Architect, Authorization PDP GE owner 7 July 2016.
Sprint Demo Meeting Álvaro Alonso and Federico Fernández UPM – DIT Security Chapter. FIWARE.
PARTNER UPDATE V9 MILESTONE 1 & 2.
Security Chapter - Sprint Status
ArcGIS for Server Security: Advanced
Alain Bethuyne Web Security Architect BNPParibas Fortis
FIWARE: IoT – Release Sprint review
Overview – SOE PatchTT November 2015.
Collaborative Learning
Security Chapter - Sprint Status
JD Edwards Support and Oracle Cloud Infrastructure: A Successful Path to Oracle Cloud
Making the System Operational Implementation & Deployment
SISAI STATISTICAL INFORMATION SYSTEMS ARCHITECTURE AND INTEGRATION
Designing IIS Security (IIS – Internet Information Service)
Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.
Securing web applications Externally
Presentation transcript:

Security Chapter Demo Sprint meeting – Chapter Leader – Pascal Bisson Chapter Architect – Cyril Dangerville (presenter)

Identity Management GEri: KeyRock (UPM) Achieved in Updated Academy courses Provided software: – Dockerized the component – Blueprint Updated every documentation according to the new guidelines – Open spec, user guide, programmers guide… – Read the docs – Catalogue new format Improved mailing system – To send mails to specific groups Extracted Custom Keystone extensions in packages Bug fixing – 3 bugs

Identity Management GEri: KeyRock (UPM) Planned for SSL in Keystone backend Strong authentication (2-factor) Provide software: – Scripts for image creation

Authorization PDP GEri: AuthZForce (Thales) Achieved in bugfix Implemented new XACML 3.0 higher-order bag functions: all-of, any-of, etc. REST API enhanced with simplified tenant/domain IDs Published source on Github Open Spec on wiki, API spec PDF & HTML on Github (‘gh-pages’); APIary blueprint, WADL & XSDs on Github Admin & User guides published on readthedocs.org, source on Github (‘doc’ folder) Docker image publised on FIWARE Docker account, Dockerfile on Github (‘docker’ folder) Catalogue entry update

Authorization PDP GEri: AuthZForce (Thales) Planned for Update FIWARE Academy course FILAB image deployment Update binary download (.deb) on Catalogue Improve unit tests on the new API features Migration tool to migrate from older GEi version (configuration/data file formats have changed)

PEP Proxy GEri: Wilma (UPM) Achieved in Published Academy courses Provided software: – Dockerized the component – Blueprint – Scripts for image creation Updated every documentation according to the new guidelines – Open spec, user guide, programmers guide… – Read the docs – Catalogue new format Support for HTTPS backend Bug fixing – 1 bug

PEP Proxy GEri: Wilma (UPM) Planned for Start task to support extensions for custom attribute handler for more advanced authz Maintenance and support

Trustworthy Factory (Thales) One Epic: Integrated Development Environment 2 main features – Java Factory – Certification Tool Transfer with adaptions from OPTET project outcomes

Trustworthy Factory (Thales) Achieved in Java Factory already delivered in 4.3, Certification tool in Updated every documentation according to the new guidelines – Open spec, user guide, programmers guide – Catalogue new format Updated Academy courses Provided software: – In Github – In Docker container – Blueprint

Trustworthy Factory (Thales) Planned for Following the EC recommendations, the developments of this GE are stopped.

Privacy (ZHAW) Achieved for R4 Progress still impeded by licensing issue Status as before: Software ready for release – Findbugs/checkstyle cleanups done – API documentation done (in “old” format) – User guide done (in “old” format) – Unit test documentation done Documentation needs review by Chapter lead and architect Work item for project lead to unblock

Privacy (ZHAW) Planned for Following the Chief Architect’s and EC recommendations, the developments of this GE are stopped.

CyberSecurity GEri: CyberCAPTOR (Thales) Spring – New Features: RiskManagement.DynamicRiskAnalysis : Dynamic risk analysis using IDMEF alerts. RemediationPlan.RemediationCatalogNetworkConfiguration: Proposition of network configuration remediations for Dynamic risk analysis, by changing network configuration or topology, to reduce the risk. – Deliverables Open spec with Open API blueprint Install & Admin Guide, User & Programmer Guide (readthedocs.org) Software release: Github, Docker Academy Course Catalogue entry updating/publishing (in progress)

CyberSecurity / P2DS / ZHAW & Thales Achieved for Implemented privacy-preserving data sharing (also seen in this demo) Allows shared computation of sensitive data, e.g. total number of attacks seen during a time frame, while not divulging one’s own contribution

CyberSecurity / P2DS / ZHAW & Thales Achieved for Sprint Implemented Group Manager Implemented “additive” protocol Implemented Privacy Peer Implemented Input Peer All documentation uploaded, reviewed Code uploaded

CyberSecurity GEri: CyberCAPTOR (Thales) Planned for Following the EC recommendations, the developments of this GE are stopped.

Security Chapter – THANKS! – Demo CyberSecurity

Dynamic Risk Analysis Before : – Attack graphs used only in design phase. – Vulnerability analysis to assess the paths that may be followed by attackers. Dynamic risk analysis – Take into account of the attack graph for dynamic analysis. – Receive alerts in IDMEF format (from an external standard SIEM). – Visualize the alerts taking into account the prior vulnerability knowledge. – Visualization of the paths currently followed by the attackers.

DEMO

Remediation: Network Configuration Proposition of remediations for dynamic risk analysis: – Assist the operators that are facing an attack. – Propose them network remediations to prevent occurring attacks. – For DDOS mitigation, firewall rules redirecting packets either to a DDOS mitigation server, or to a blackhole. – For other attacks, propose a generic firewall rule to block the attacker.

DEMO

Questions ?