SPHINX Functional Requirements and Guidelines: PART VI

Continue from PART V

SPHINX shall deliver enhanced anonymisation and encryption capabilities.

The SPHINX Platform shall provide advanced anonymisation and encryption capabilities, namely through the use of anonymisation techniques and homomorphic encryption, to be applied to personal and sensitive data in full compliance with the General Data Protection Regulation (GDPR). Overall, this capability addresses the users’ privacy and security obligations with respect to the operation of the IT ecosystem. When generating security incident reports, sensitive data that is not relevant for detection should be scrubbed before the reports can be shared to 3rd parties. This will require attribute-based encryption and should be processed on well-known common formats such as STIX 2.0.

IT Domain: Applications. Security/Privacy.

Cyber Security Management Cycle: Protect.

SPHINX shall enable search and querying features, including in the encrypted domain.

The SPHINX Platform shall allow users to perform searches or queries and obtain an overview of the results, based on the information existing within the IT ecosystem. The available search and query features also consider the system’s encrypted domain, maintaining high-level security of the personal and sensitive data in a privacy-aware environment. This should enable sharing of encrypted data across multiple entities and allow for operations to be executed on that data and producing results without requiring the original data to be decrypted, effectively using homomorphic encryption techniques.

IT Domain: Applications. Security/Privacy.

Cyber Security Management Cycle: Protect.

SPHINX shall deliver a secure threat registry.

The SPHINX Platform shall provide a threat registry that, acting as a chain of evidence, allows connected organisations using SPHINX to synchronise their registries and be timely informed or notified of registered cyber threats and attacks, including new cyber incidents. This knowledge base should enforce authentication and authorization features including role-based access.

IT Domain: Applications. Security/Privacy.

Cyber Security Management Cycle: Protect.

SPHINX shall enable a secure sharing of SPHINX cyber threat and attack information among SPHINX users.

The SPHINX Platform shall allow the secure sharing of cyber threat and attack information among SPHINX users, delivering an unalterable and synchronised mechanism for users to be up to date on new cyber threats and attacks. Overall, this capability supports the users’ cybersecurity awareness and decision-making with respect to the prevention of cyber threats and the mitigation of cyber-attacks. Should ensure integrity has strong guarantees.

IT Domain: Applications. Security/Privacy.

Cyber Security Management Cycle: Protect.

SPHINX shall deploy services and systems emulating those existing in IT infrastructure.

The SPHINX Platform shall integrate the capability to emulate services and systems within the IT ecosystem that are considered probable targets for cyber-attacks. This capability is relevant to lure attackers to fake systems and prevent them from attacking the real ones. These honeypots or honeynets should simulate low-level interaction and collect relevant attack intelligence. Of the utmost importance, these fakes should not compromise the overall security of the existing infrastructure.

IT Domain: Applications.

Cyber Security Management Cycle: Protect.

SPHINX emulated services and systems shall detect attempted cyber-attacks and notify the users.

The SPHINX Platform shall integrate the capability to detect cyber-attack attempts on the emulated services and systems and promptly notify IT administrators (actionable alerts) so that proper courses of action may be considered at the real IT ecosystem level. Overall, this capability supports the users’ cybersecurity awareness and decision-making with respect to the prevention of cyber threats and the mitigation of cyber-attacks.

IT Domain: IT Hardware Infrastructure. Networking. Applications. Security/Privacy.

Cyber Security Management Cycle: Protect. Detect.

More information about the Functional Requirements and Guidelines of SPHINX can be found in Deliverable 2.8 that is publicly available here.