sphinx-project.eu / News  / Blog  / Architecture of the SPHINX solution

Architecture of the SPHINX solution

SPHINX consortium recently published the final version of the system’s high-level design, concerning SPHINX main building blocks, top-level components and detailed technical specifications, including data flows and interfaces.

The SPHINX main building blocks are:

Device Verification and Certification – this block provides functionalities for the verification of the level of cyber security of software applications and devices, including assessment of vulnerabilities. It provides a safe and isolated testing environment where deployment and cyber security testing can be performed. This block also delivers a certification report concerning the compliance with SPHINX standards;

Automated Cyber Security Risk Assessment – this block deals with advanced and automated tools to assess the level of cyber security of a given environment (e.g., healthcare information technology operational environment). It includes tools dealing with protocol analysis, detection of anomalous behaviour, security events, intrusion detection, vulnerability assessment and honeypots. It also includes knowledge repositories and distributed threat registries;

Decision Support System and Interactive Dashboards – this block targets user-side functionalities related with decision support (provide recommendations on suitable courses of action following a cyber incident) and presenting information in an intuitive and actionable way, via (near) real-time interactive dashboards (e.g., multiple panels displaying high-level status, statistical data, charts and histograms);

Cyber Security Toolbox – this block enables users to select SPHINX services and functionalities that best match their needs. It preconfigures the services for deployment and performs associated management operations;

Third-party APIs – this block enables third-party healthcare solution providers to access and interact with the SPHINX Platform and its components;

Common Integration Platform – this block provides a data and processes integration framework and infrastructure for all SPHINX components and systems. It is built upon the basic concepts of virtualisation, containers and Virtual Machines (VMs), allowing each SPHINX component to be deployed independently. It also provides a distributed Message and Service Bus (MSB) and interoperable application programming interfaces (APIs), able to aggregate heterogeneous external services and make use of various data exchange protocols, such as RESTful web services.

These modules are then detailed into a set of twenty-one key components, presented in terms of functional description, technical specifications, and interface specifications, supported by dedicated component diagrams that highlight the workflow and interaction among the different SPHINX components:

  • Vulnerability Assessment as a Service (VAaaS) led by HMU;
  • Data Traffic Monitoring (DTM) led by SIMAVI;
  • Anomaly Detection (AD) led by SIMAVI;
  • Real-time Cyber Risk Assessment (RCRA) led by NTUA;
  • Security Information and Event Management (SIEM) led by PDMFC;
  • Artificial Intelligence (AI) Honeypot (HP) led by FINT;
  • Machine Learning-empowered Intrusion Detection (MLID) led by AIDEAS;
  • Forensic Data Collection Engine (FDCE) led by NTUA;
  • Homomorphic Encryption (HE) led by TEC;
  • Anonymisation and Privacy (AP) led by PDMFC;
  • Decision Support System (DSS) led by KT;
  • Analytic Engine (AE) led by KT;
  • Interactive Dashboards (ID) led by SIMAVI;
  • Attack and Behaviour Simulators (ABS) led by NTUA;
  • Sandbox (SB) led by PDMFC;
  • Knowledge Base (KB) led by FINT;
  • Blockchain Based Threats Registry (BBTR) led by TECNALIA;
  • Cyber Security Toolbox (CST) led by HMU;
  • SPHINX Application Programming Interface for Third Parties (S-API) led by EDGE;
  • Service Manager (SM) led by ICOM;
  • Common Integration Platform (CIP) led by ICOM.


More information about the SPHINX architecture can be found in Deliverable 2.6 that is publicly available here