SPHINX Techical Architecture

The SPHINX System comprises several main building blocks that provide the required capabilities to make SPHINX a universal cyber security toolkit for the healthcare sector. The SPHINX main building blocks are:

  • Device Verification and Certification – this block provides functionalities for the verification of the level of cyber security of software applications and devices, including assessment of vulnerabilities. It provides a safe and isolated testing environment where deployment and cyber security testing can be performed. This block also delivers a certification report concerning the compliance with SPHINX standards;
  • Automated Cyber Security Risk Assessment – this block deals with advanced and automated tools to assess the level of cyber security of a given environment (e.g., healthcare information technology operational environment). It includes tools dealing with protocol analysis, detection of anomalous behaviour, security events, intrusion detection, vulnerability assessment and honeypots. It also includes knowledge repositories and distributed threat registries;
  • Decision Support System and Interactive Dashboards – this block targets user-side functionalities related with decision support (provide recommendations on suitable courses of action following a cyber incident) and presenting information in an intuitive and actionable way, via (near) real-time interactive dashboards (e.g., multiple panels displaying high-level status, statistical data, charts and histograms);
  • Cyber Security Toolbox – this block enables users to select SPHINX services and functionalities that best match their needs. It preconfigures the services for deployment and performs associated management operations;
  • Third-party APIs – this block enables third-party healthcare solution providers to access and interact with the SPHINX Platform and its components;
  • Common Integration Platform – this block provides a data and processes integration framework and infrastructure for all SPHINX components and systems. It is built upon the basic concepts of virtualisation, containers and Virtual Machines (VMs), allowing each SPHINX component to be deployed independently. It also provides a distributed Message and Service Bus (MSB) and interoperable application programming interfaces (APIs), able to aggregate heterogeneous external services and make use of various data exchange protocols, such as RESTful web services.

SPHINX main building blocks (and comprising components) are depicted in Figure 2. The figure considers the SPHINX Platform running in a Healthcare Information Technology (IT) Operational Environment (involving users, workstations, servers, medical devices) in which the SPHINX modules are deployed as part of the SPHINX Operational Environment.  For purposes of verification and certification, an isolated environment (i.e., SPHINX Sandboxed Environment) is created.


Overall, the SPHINX System comprises the following components:

  • Vulnerability Assessment as a Service (VAaaS) led by HMU;
  • Security Protocol Analysis (SPA) led by NTUA;
  • Data Traffic Monitoring (DTM) led by SIMAVI;
  • Anomaly Detection (AD) led by SIMAVI;
  • Real-time Cyber Risk Assessment (RCRA) led by NTUA;
  • Security Information and Event Management (SIEM) led by PDMFC;
  • Artificial Intelligence (AI) Honeypot (HP) led by FINT;
  • Machine Learning-empowered Intrusion Detection (MLID) led by AIDEAS;
  • Forensic Data Collection Engine (FDCE) led by NTUA;
  • Homomorphic Encryption (HE) led by TEC;
  • Anonymisation and Privacy (AP) led by PDMFC;
  • Decision Support System (DSS) led by KT; 
  • Analytic Engine (AE) led by KT;
  • Interactive Dashboards (ID) led by SIMAVI;
  • Attack and Behaviour Simulators (ABS) led by NTUA;
  • Sandbox (SB) led by PDMFC;
  • Knowledge Base (KB) led by FINT;
  • Blockchain Based Threats Registry (BBTR) led by TECNALIA;
  • Cyber Security Toolbox (SCT) led by FINT;
  • SPHINX Application Programming Interface for Third Parties (S-API) led by EDGE;
  • Common Integration Platform (CIP) led by ICOM.