SPHINX User Interface Functional Requirements & Guidelines: Vulnerability Assessment as a Service and Sandbox

The SPHINX System interacts with the user in order to develop cyber awareness concerning risks, vulnerabilities and incidents within the  IT  network and connected devices. Moreover,  it allows the user to perform vulnerability assessment and certification of devices.  In this regard,  the user interface needs to be designed according to the user’s needs and expectations to ensure the utility of SPHINX.

Continue from Part IΙI.

Vulnerability Assessment as a Service (VAaaS)

VAaaS dynamically assesses network entities against certain vulnerabilities and outputs a Common Vulnerability Scoring System (CVSS) score that will reflect the level of security of that particular entity. The VAaaS dashboard is illustrated in the snapshot below. It provides an overview of the identified vulnerabilities over time, as well as statistical data (in tabular and chart forms).

Users can visualise the above-mentioned information in more detail, as shown in the following snapshot.  This page of the dashboard displays information regarding each assessed entity (e.g., computer), including its vulnerability (CVSS) score.

Sandbox

The Sandbox (SB) provides a safe and isolated testing environment where components of the SPHINX Toolkit can be deployed without compromising any of the other services.  It creates an appropriate environment for enabling software isolation and detect malware, while offering an additional layer of protection against security threats, such as stealthy attacks and exploits that use zero-day vulnerabilities

SB accepts a docker topology, which can be deployed using the SB web UI (or via a REST API) and by sending a “yml” topology. The following snapshot shows a list of deployed topologies.

SB uses the list of submitted “yml” files to recreate the corresponding topologies (if not yet implemented) to, then, deploy a Virtual Machine to perform the cyber-security certification process.  Each of the deployed sandboxes can be accessed from a WebUI, as presented below.

More information about the Functional Requirements and Guidelines of SPHINX can be found in Deliverable 2.10 that is publicly available here.