Sovereignty-Decision-Support-System
Powered by
| Project Links |
|---|
| Software GitHub Repository --> Spyderisk software https://github.com/Spyderisk |
| Progress GitHub Project https://github.com/orgs/ds2-eu/projects/47 |
General Description
This module supports the identification of risks in data management through a comprehensive analysis of the user system. It has a front-end for the user to interact with and a back end with a rich knowledge base where the risks are calculated. It is based on ISO 27005 methodology , and it includes concepts associated with data sovereignty. In an ideal scenario the analysis should be performed including the data provider and data consumer together, but this is possible only in limited context because it requires the sharing of sensitive information. The tool will therefore have an additional module where reports about risks created locally to a user can be analysed by the counterpart in order to take an informed decision about the data sharing
Architecture
The figure below represents the module fit into the DS-DS environment.
The figure below represents the sequence diagram of the risk assessment.
Component Definition
This module has the following subcomponent and other functions (most of them appear two times in a symmetric fashion in the figure but are discussed only once): DSS Core: * GUI (System Model Creation): This is the graphical interface (front-end) where a user can describe its system in a canvas, provide all the necessary information (a.k.a. system modelling) and perform a risk assessment. For the tier 1 standard connections (Portal etc) it can be perceived as the entry point. This is currently UOS background and will involve minimum development except for a DS2 compliant UI splash page and Dash button integration. * Security Layer: This module oversees managing user authentication and authorization. It is based on Keycloak and will interface with the Identity provider to enable Single Sign On functionalities. The roles of the user will be managed locally. This is currently UOS background and will see little development in DS2, mainly devoted to integrating the security layer with the other identity services in DS2. * Risk Assessment Engine: This back-end module performs the risk assessment based on the provided system model and exploiting the DS2 risk Knowledge Base. This engine is currently UOS background and will see little development, mainly related to support new concepts defined in the Knowledge Base. This module is also available via a REST API. * DS2 Risk Knowledge Base: This is the knowledge base (KB) underpinning the risk assessment. In the knowledge initialization phase, it will be improved with risks associated to the data sharing and sovereignty aspects. It will also be used by the DARC module for providing the support to configuration feature. * System Model Repository: This is the repository hosting the saved system models and the local users. This is currently UOS background and no foreseen development in DS2. * Reporting Module: One of the outcomes of DS2 will be the definition of the set of information to be shared with the counterpart to establish mutual trust. The reporting module extracts such info from the risk assessment and provide them to the end-users, so he can share them. Development will include automatic content extraction, formatting, and adherence to established formats (e.g. cyber-essentials). A reporting module already exists in Spyderisk, but it will be improved and enhanced during DS2.
SDS Analysis * Report Analysis: The end-user will access a User Interface where he will upload the report received by the counterpart and the information extracted by their own system. The component will provide an analysis and a comparison of the 2 reports. This component will be developed from scratch in DS2.
SDS API * The module provides three sets of externally available APIs: * The “Remote Interface for risk assessment” allows the execution of risk assessment calculation via remote interaction, without the use of the GUI. It is provided by the system, but currently not foreseen to be used at the by other components. * The “Remote User Interface to analyse risk report” allows the execution of the remote execution of the risk report analysis. It is provided by the system, but not foreseen to be used by other components. * The “Interface to the KB” provides remote access to the KB and will be used by the DARC module to query the KB.
External Components * DARC. This is the automatic discovery and confirmation module. * Identity Provider. This is the Identity provider used by the DSS internal security layer to get user identities. * Tier1. Service Stack for Marketplace and deployment and API: The full stack will be implemented as generically described elsewhere in this document. Exceptions: The Platform will only be needed for inter-participant service orchestrations if used * System User. This represents a system user that might want to perform risk assessment via a remote interface, rather than via GUI.
Screenshots
Commercial Information
Table with the organisation, license nature (Open Source, Commercial ... ) and the license. Replace with the values of your module.
| Organisation (s) | License Nature | License |
|---|---|---|
| UoS | Open Source | Apache 2.0 |
Top Features
- Risk Assessment
- currently available at https://github.com/Spyderisk
- Risk report Comparison.
- currently under development and not yet available.
How To Install
DS2 version of Spyderisk is maintend as an instance of the SPyderisk project that is available with all the instruction in https://github.com/Spyderisk
Requirements
To be defined.
Software
n/a
Summary of installation steps
Currently offered as a service at https://ds2.it-innovation.soton.ac.uk/system-modeller/.
To obtain a login write an email to sdm2d11@soton.ac.uk.
Detailed steps
The custom version for DS2 is still uneder development. The software is accessible at https://github.com/Spyderisk
How To Use
- Spyderisk online documentation: https://docs.spyderisk.org/system-modeller/latest/
Other Information
n/a
OpenAPI Specification
n/a
Additional Links
n/a