Common use of Security Manager Clause in Contracts

Security Manager. The Security Manager inside the SoftFIRE Middleware makes available to the Experimenters a set of security related functionalities that they might decide to include and use within their activities on the SoftFIRE platform. Here is the list of the available features for every type of Resource: 1. The Experimenters can deploy a Security Resource; 2. The Experimenters can statically configure the Security Resource by means of its descriptor; 3. The Experimenter can statically configure some features on her Resource; 4. The Experimenters can dynamically configure the Resource once it has been deployed; Features not available for Resource pfsense: 1. The Experimenters can enable logs collection from their Resource; 2. The Experimenters can see Resources logs in a web dashboard; 3. The Experimenters can perform searches among the Resources logs in a web dashboard; 4. The Experimenters can see statistics related to the Resources logs in a web dashboard A Security Resource is a commonly used security agent that the Experimenters can include in their experiment. They can access and configure it through a static initial configuration, included in the TOSCA description of the Experiment, or, once deployed, through the interfaces that expose its main services. These interfaces can include SSH, a dashboard, or ReST APIs. Depending on the type of Resource, Experimenters can also ask the Security Resource to send its log messages to a remote log collector, which makes them available in a simple web page reserved to them. The Experimenters could easily access it through its web browser and check the behaviour of all their security agents, and to see some related statistics. The Experimenters can get the Security Resource in two different formats:  As an agent directly installed in the VM that they want to monitor. The system will provide them a script that the Experimenters have just to run inside the VM. It will be already configured as required in the TOSCA description of the resource. The output of the script will provide to the Experimenters information on how to access the deployed resource (URLs, etc.)  As a standalone VM. The Security Resource will be deployed directly by the Security Manager in the testbed chosen by the Experimenter. The Security Manager will take care of the initial configuration of the resource. The Experimenters have to set up on their own the redirection of the network traffic that they want to control through the Security Resource VM (by means of OS configuration, or SDN capabilities provided by the SoftFIRE platform). The Security Manager provides three types of resources: • Firewall • Suricata • pfsense This sequence diagram specifies the operations performed by the Security Manager based on the inputs received by the Experimenter.

Security Manager. The Security Manager inside the SoftFIRE Middleware makes available to the Experimenters a set of security related functionalities that they might decide to include and use within their activities on the SoftFIRE platform. Here is the list of the available features for every type of Resource: 1. The Experimenters can deploy a Security Resource; 2. The Experimenters can statically configure the Security Resource by means of its descriptor; 3. The Experimenter can statically configure some features on her Resource; 4. The Experimenters can dynamically configure the Resource once it has been deployed; Features not available for Resource pfsense: 1. The Experimenters can enable logs collection from their Resource; 2. The Experimenters can see Resources logs in a web dashboard; 3. The Experimenters can perform searches among the Resources logs in a web dashboard; 4. The Experimenters can see statistics related to the Resources logs in a web dashboard A Security Resource is a commonly used security agent that the Experimenters can include in their experiment. They can access and configure it through a static initial configuration, included in the TOSCA description of the Experiment, or, once deployed, through the interfaces that expose its main services. These interfaces can include SSH, a dashboard, or ReST APIs. Depending on the type of Resource, Experimenters can also ask the Security Resource to send its log messages to a remote log collector, which makes them available in a simple web page reserved to them. The Experimenters could easily access it through its web browser and check the behaviour of all their security agents, and to see some related statistics. The Experimenters can get the Security Resource in two different formats:  • As an agent directly installed in the VM that they want to monitor. The system will provide them a script that the Experimenters have just to run inside the VM. It will be already configured as required in the TOSCA description of the resource. The output of the script will provide to the Experimenters information on how to access the deployed resource (URLs, etc.)  • As a standalone VM. The Security Resource will be deployed directly by the Security Manager in the testbed chosen by the Experimenter. The Security Manager will take care of the initial configuration of the resource. The Experimenters have to set up on their own the redirection of the network traffic that they want to control through the Security Resource VM (by means of OS configuration, or SDN capabilities provided by the SoftFIRE platform). The Security Manager provides three types of resources: • Firewall • Suricata • pfsense This sequence diagram specifies the operations performed by the Security Manager based on the inputs received by the Experimenter.