deliverable d3.4 test bed - cordis · 2017-04-22 · attps achieving the trust paradigm shift 4!!...
TRANSCRIPT
![Page 1: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/1.jpg)
Deliverable D3.4 Test bed
Version 1.02 Daan Velthausz (editor) October 2015
![Page 2: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/2.jpg)
ATTPS Achieving The Trust Paradigm Shift
2
Table of content 1. Introduction ..................................................................................................................... 3
2. Generic Trust Architecture Centre (GTAC) ....................................................................... 6
![Page 3: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/3.jpg)
ATTPS Achieving The Trust Paradigm Shift
3
1. Introduction
This deliverable provides the description of the realisation of the Test bed for ATTPS. The Test bed has been evolved from the Generic Trust Architecture of Deliverable D3.1, and the design of Deliverable D3.3. The Test bed will consist of the current and future available hard and software components contributed from TDL partners and integration based upon the developed trust architecture principles of the TDL community. The Test bed should support components of the different generic trust architectures and allows other TDL members to integrate and test their state of the art solutions regarding trustworthy ICT. The Test bed will be based on technology components and platforms, provided and composed by:
• TDL members for enabling infrastructure, i.e. at communication level (Internet; Telecom) and at trustworthy platform level such as the e-‐authentication framework architecture
• TDL members providing trustworthy ICT solutions for integration and deployment on the enabling infrastructure.
An inventory of available components is made as well as the practical operational aspects and practicalities (provisioning, usage, support, maintenance, liabilities, compensation, support etc.). The ATTPS project coordinates the establishment as well as the usability of the Test bed and provides access if needed by the validation experiments, use cases and demonstrators:
• to providers of trustworthy components access to the TDL test-‐bed infrastructure by organizing user groups and ethical hackers in order to validate and test modules, systems, concepts and services,
• to support new development of TDL members for innovative ICT concepts,
• to a harmonised-‐European e-‐authentication architecture,
• to support extended testing of the generic trust architectures of Work Package 3, i.e. mobile service and platform integrity, trusted stack and data life cycle management.
![Page 4: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/4.jpg)
ATTPS Achieving The Trust Paradigm Shift
4
For the piloting and validation of innovative technology and test-‐bed parts, close collaboration with the TDL community is foreseen, i.e. to support the execution of sprint cycles. The test-‐bed architecture, as described in Deliverable D3.3, illustrated in Figure 1, consists of the following elements:
1. Components 2. Applications 3. Experiments 4. Management, monitoring and data collection 5. Service level agreement
Figure 1: Test bed architecture
At the end of the ATTPS project, the Test bed will be “handed over” to the TDL community with the intention to further continue, use and extend it. Also, the Test bed will be adopted
!!!!!!!!!!!!!!
!!
!!
!!
!
!!
!Interface!layer!Test!bed!building!blocks!
Component!X!
Test!bed!Service!Level!Agreement!!!!!!!!!!!!!!
Experiments!!
!
Management,!monitoring!and!data!collecAon!!
!!
!!!!!!!!!!!!!
ApplicaAons!!
!!Service!element!A! Service!Element!B!
Management!
elements!1,!2,!..!
Monitoring/data!
collecAon!elements!
1,2,..!
Service!Element!C!
TestGbed!components!!
!!
TesAng!elements!!
1,2,!…!
Component!E!
!
!
!
!
Component!F! Component!G!
![Page 5: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/5.jpg)
ATTPS Achieving The Trust Paradigm Shift
5
by the TDL community i.e. to speed up the sprints and validation experiments. It is up to the TDL community to keep the Test bed up and running, extend it where needed and replace or update building blocks if their lifetime has expired. It is also up to the TDL community to determine if for the usage of Test bed building blocks fees should be charged to cover the cost of keeping and extending the Test bed. The TDL community can decide to manage and extend the Test bed as a TDL asset or to integrate and connect it to other (future) available Test beds, such as FI-‐Lab Test bed.
![Page 6: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/6.jpg)
ATTPS Achieving The Trust Paradigm Shift
6
2. Generic Trust Architecture Centre (GTAC)
To facilitate the testbed, a Generic Trust Architecture Centre capability is created on the web that will be linked on ATTPS and TDL websites, where TDL members can offer, use and validate trustworthy elements (e.g. technology components). TDL members have the possibility to “play around” with technology that is offered and can provide feedback to the element provider (i.e., the publisher). The requirements for element publishers to deploy trust elements for download are the provision of a stand-‐alone service element, first level support, and optional online questionnaires to be filled in by the users to gain insights. Each element is evaluated by a TDL committee for final deployment approval. This download capability is called the ATTPS-‐GTAC (Generic Trust Architecture Centre). Such a capability could also be made accessible to the European research and innovation community via the NIS platform, to use the available elements as well as to add new elements. This facilitates the uptake of research results by providing an easy means for experimentation and validation beyond the project scope in which they have been developed. The ATTPS-‐GTAC is used to orchestrate the TDL trust innovation funnel from three complementary perspectives: technology; legal and business, with:
• Technology parties being invited to deploy their applications or concepts in a regulated and trusted environment to receive (B2B) feedback on different aspects of functionality. The ATTPS-‐GTAC is an instrument to have a concrete and practical implementation and validation of the trust innovation funnel.
• Developers identifying bottle necks (technical, legal, business models) hampering adoption. It is better to identify these in this generic fashion in order to improve their usability in trustworthy ICT solutions.
• Developers receiving more insights to support their investment decisions and receiving valuable feedback on user requirements.
• Validation of the overall technology, concepts and generic architecture to provide input for standardisation bodies on a European level such as ITU-‐T SG 17, ISO/IEC/JTC1/SC27, ETSI, ENISA, 3GPP SA3 etc.
![Page 7: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/7.jpg)
ATTPS Achieving The Trust Paradigm Shift
7
How can the ATTPS-‐GTAC be used? Software developers, providers can test and experiment modules, services and concepts on four different dimensions that interact with each other. Technology in the ATTPS-‐GTAC is available with software applications from TDL members. This is a result of WP2 Validation & Awareness of the ATTPS project. Applications can be accessed via download or via accessing SaaS or cloud services. In the ATTPS-‐GTAC one can find an overview of the applications that are available. Applications can be middleware solutions, such as repudiation application or end user applications, such as e-‐Signature with guaranteed legal rating. TDL, non-‐TDL members and individual users can sign-‐up for the ATTPS-‐GTAC and accept the terms and conditions from TDL and those of the particular application provider. In the ATTPS project, the ATTPS-‐GTAC is constructed as well as the process for provision of applications. The terms and conditions highlight the service levels and even applications that are in a concept stage or commercially not available can be found in the ATTPS-‐GTAC. Usability and user experience is measured by online feedbacks. An online questionnaire will be made available to collect feedback for analysis. The application owners will have access to the feedback data. Feedback can be provided on technical compatibility, usability and service concept. As a result of WP1 – Trust Innovation Funnel & Impact Assessment, a professional portfolio management environment is made available in order that projects, products and services with their business case can be added to the TDL portfolio. The TDL portfolio management provides a framework with EU related projects from early TRL1 to TRL9 (Technology Readiness Levels) and includes global trend analysis. This makes it possible for application developers to benchmark their individual projects with the overall application portfolio. The economic impact of trustworthy ICT is monitored with the portfolio management. The provider of an ATTPS-‐GTAC application is obliged to add the business case and business model to the TDL portfolio management. By doing that and with a sufficient number of applications, TDL is able to measure the economic impact and execute scenario analysis. It provides insights to improve the business model or business case of new innovative ICT services. Compliance to new regulations such as eIDAS, Data Protection and NIS directives are prerequisites for many internet application providers. In ATTPS, there are no dedicated instruments available to measure law compliance. Providers of applications in the ATTPS-‐
![Page 8: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/8.jpg)
ATTPS Achieving The Trust Paradigm Shift
8
GTAC, however, can decide to ask for explicit feedback on legal aspects from the application users. Components made available in the GTAC Title Purpose Owner Access Control Enables to manage specific permissions and
policies to resources allowing different access levels to users.
Thales (France) miiCard (UK) NEC (GER)
Claim based authentication Middleware: Orchestration; Easy to deploy azure directory platform for claim based authentication and federated log-‐on.
Microsoft (USA)
Consent Explicit permission by the user to a specific request formulated in a clear and easy to understand language, e.g. to share personal attributes.
Verizon (NL) miiCard (UK)
Data Privacy Terms and conditions should be detailed to the end user in simple terms that they understand how their privacy is safeguarded and how / where personal information is used for.
Cryptas (AUS) miiCard (UK)
e-‐Signature End user: guaranteed legal rating of the electronic signature, compliant with the new EC law and regulations
TrustSeed (FR)
Identity Management Covers a number of aspects involving users' access to networks, services and applications.
Verizon (NL)
Off boarding De-‐provisioning of credentials and revoking of access privileges when the user is no longer part of the system, e.g. due to change of roles, or subscription status.
Verizon (NL) miiCard (UK)
On boarding Obtain correct user credentials to enroll into the service in an easy and secure manner, leveraging the availability of existing user’s information.
Verizon (NL) miiCard (UK)
Security monitoring Active observation of the security state of an ICT system, detecting potential attacks or non-‐authorized usage and react appropriately to protect “assets” at stake.
Thales (FR)
Strong Authentication Mechanism to confirm the truth of an attribute of a single piece of data using multiple factors from different categories to enhance the security and trust.
Gemalto (FR) Cryptas (AUS) NEC (GER) miiCard (UK)
Trustworthy Cloud and Infra-‐structure
Additional set of components on top of the basic infrastructure/cloud, working together to enable key features including users trusting that their virtual machines are deployed on computing nodes that satisfy their integrity requirements.
Philips (NL) NEC (GER)
Trustworthy data processing Guarantees that the used hardware and software is in fact processing the data in a way
NEC (UK) Gemalto (FR)
![Page 9: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/9.jpg)
ATTPS Achieving The Trust Paradigm Shift
9
it was supposed to do. Trustworthy data storage Guarantees that the original data is not
altered, it relies on automatic data encryption with secure key management.
Gemalto (FR)
Trustworthy factory Focuses on processes offered to stakeholders (designers, developers, customers) to ensure that the hardware/software delivered only includes what is requested.
Thales (FR)
The picture below shows the homepage of the GTAC. The GTAC is available at http://www.gtac-‐attps.eu/ login information for testing (username = ‘attps’ , password = ‘geheim!’).
Accessibility to the GTAC components After selecting a category, different components can be viewed within that category. As currently the access to the detailed description components is restricted to members, users have to log in to be able to see the terms and conditions for usage, additional technical requirements etc. Current TDL members can login using their “TDL office 365” credentials, non-‐TDL members can apply and register for membership. This request awaits approval by TDL. The GTAC has single sign on policy and once logged in, users are able to download components. However, before downloading any component the user needs to accept the specific terms and conditions for using that component listed in a pdf document. The acceptance is implemented using Trustseed’s Penseal authentication and signature APIs. Via this e-‐signing process the component provider gets proof of users accepting their terms and conditions. After agreeing with the terms and conditions by e-‐signing, the user will be able to either directly download the component or be referred to a different URL where to find the service/component. Below, several screen shots illustrate the different aspects of the GTAC website.
![Page 10: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/10.jpg)
ATTPS Achieving The Trust Paradigm Shift
10
![Page 11: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/11.jpg)
ATTPS Achieving The Trust Paradigm Shift
11
![Page 12: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/12.jpg)
ATTPS Achieving The Trust Paradigm Shift
12
![Page 13: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/13.jpg)
ATTPS Achieving The Trust Paradigm Shift
13
![Page 14: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/14.jpg)
ATTPS Achieving The Trust Paradigm Shift
14
![Page 15: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/15.jpg)
ATTPS Achieving The Trust Paradigm Shift
15
Sustainability of the Test bed and GTAC The ATTPS-‐Generic Trust Architecture Centre (GTAC) will be embedded in the Trust in Digital Life Association (TDL) as the TDL-‐GTAC. TDL will be responsible for the continuation, maintenance and expansion and to reach a stable infrastructure with sufficient and attractive content (i.e., technology components). TDL actively initiates the execution of validation sprints. The outcome of these sprints can be added to the TDL-‐GTAC with the approval of the publishers of the software or service components. Under the governance
SMS#verifica+on#
![Page 16: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/16.jpg)
ATTPS Achieving The Trust Paradigm Shift
16
principles developed in ATTPS, TDL members and in the future non-‐TDL members can get access to the TDL-‐GTAC and its content. All TDL members have been invited to provide components to the GTAC. Microsoft, Trustseed and MiiCard have already indicated to provide components to the GTAC. In addition all current security related EU security projects, that had indicated to be interested in contributing to the GTAC, have been approached to provide their components to the GTAC. The table below shows the projects that have been invited. It is expected that several projects will provide components to the GTAC. Project Email
ABC4TRUST [email protected] ACDC [email protected] ANIKETOS [email protected] ASPIRE coordinator@aspire-‐fp7.eu AU2EU [email protected] Coco Cloud [email protected] CONSEQUENCE consequence-‐[email protected] CYSPA nina.olesen@eos-‐eu.com D-‐MILS [email protected] EURO-‐MILS [email protected] FRACTALS administrative@fractals-‐fp7.com eSENS [email protected] FutureID [email protected] GINI-‐SA [email protected] IPaCSO [email protected] MUSES [email protected] NEMESYS [email protected] NESSoS [email protected] PCAS joao.n.silva@inesc-‐id.pt PRACTICE coordination@practice-‐project.eu PRISMACLOUD [email protected] SECURED [email protected] SMASH [email protected] SPECS [email protected] TREDISEC beatriz.gallego-‐[email protected] TREsPASS contact@trespass-‐project.eu VIKING [email protected]
![Page 17: Deliverable D3.4 Test bed - CORDIS · 2017-04-22 · ATTPS Achieving The Trust Paradigm Shift 4!! For! the! piloting! and! validation! of! innovative! technology! and! testJbed! parts,!](https://reader033.vdocuments.site/reader033/viewer/2022042310/5ed761392d26a13e8d6e997b/html5/thumbnails/17.jpg)
ATTPS Achieving The Trust Paradigm Shift
17
The GTAC website allows any organisation to provide their components to be made available. For this a specific web form is available. However, providers of components willing to offer their technology component via the GTAC to be evaluated and used by others have to fulfil the following requirements. The provided component should be:
• Tested on functionality • Free of any malicious software (virus, malware, spyware, Trojan Horse) • Not contain any (hidden) backdoors
Additional functionality of the GTAC Besides the provisioning of more components additional functionality is foreseen to be implemented in the GTAC:
• a BLOG to provide user feedback and comments on the components • linkage to online Questionnaires (e.g. Open Data Kit, Survey Gizmo, Survey Monkey) • tools to support experiments.
The Technical University of Berlin (TUB) is currently developing a Usability and User Experience Dashboard to support developers of trustworthy ICT solutions in keeping track on their usability and user experience studies. The figure below shows a sneak preview. When ready the application will be downloadable from the GTAC website.